Terms and conditions

The Bugbounty platform provides these terms and conditions in order to familiarize you with the legal procedures and practices followed by us, which govern this platform and all related services, so please read and review these terms and conditions carefully before using this platform and your use of them is your express, unconditional and irrevocable consent that You adhere to these terms and conditions.

Definitions and Explanations

Bug Bounty Service

Platform
Based on the terms and conditions stated, the Bug Bounty platform will allow the client to access and use the Bug Bounty service only for the purposes for which he was allocated by making use of the expertise and skills of researchers in discovering the Gaps.
Client
The client can submit his requests to discover the Gaps for any of his sites or software through the platform in order to benefit from researchers and offer rewards for the Gaps’s reports.
Researcher
Researchers can review the requests submitted on the platform by clients and provide reports on security Gaps according to the specific requirements and conditions specified by the platform in coordination with the requester client.

Independent Transactions

Any contract or other dealings outside the requests approved in the platform between the client and the researcher, the platform is not considered a party to such contracts or transactions and does not bear any responsibility arising from or related to it.

Responsibilities

Client
If you use the platform services on behalf of a company, client or legal entity, you acknowledge that you have full authority to take advantage of the platform services.

Liability Limits

Platform
  • The Bug Bounty Platform is not responsible for any damage or problems arising from the client's communications or activities with the researcher or other clients, either through services or other independent transactions.
  • The platform ensures that all reports submitted by the researcher are checked, verifies their completeness, accuracy, and conformity with the client's criteria and evaluates them based on the list of rewards and Gaps. In the case that the researcher violates this, the platform has the right to make the appropriate decision regarding the report.
  • The platform is responsible for examining the programs that the client raises them, before they are presented to the researcher, and in the case of any deficiency, inaccuracy or reliability of any of the programs, the platform notifies the client of them to modify or enable the platform to modify them to ensure the protection of all parties from any damage that may occur as a result the use.
  • The platform takes a preliminary procedure regarding examining the Gaps’s report submitted by the researcher within (5) to (10) working days, unless this cannot be caused due to a violation of the will of those responsible for it.
Status
Definition
Needs more info
It means that there is an inquiry and a request from the evaluation team on the platform, and the researcher must provide the required information within 7 days, and if there is no response within the specified period, the report will be closed and considered null and the researcher does not deserve any reward.
Triage Review
It means that the report is awaiting triage review and the triage team is obligated to respond within 5 working days, after that it will be move to company review status.
Company Review
It means that the report is awaiting client review, and the client is obligated to respond within 14 working days, and this case will be approved. After the verification process of the vulnerability and before the evaluation of the report in the event that there is any question of the evaluation team.
Resolved
Means that the report has been approved by the client. The client shall pay the reward to the researcher (if a reward is specified in the request).
Not Applicable
It means that the report does not comply with the policies of the client's request, or that it violated one of its conditions, or that it does not apply to this request.
Duplicated
Means that the report is redundant and this vulnerability was previously reported.
Irrelevant severity
It means that the report is less than the risk specified in the client's request, and the report will not be displayed to the client until the level of risk specified by him is modified.
Out of scope
Means that the report is outside the range specified by the client.
Spam
It means that the report is not desirable, and this will negatively affect the researcher's evaluation, and his account will be suspended if this is repeated.
Researcher
  • Researchers are independent third parties, who are not employees, contractors, or agents for the Gaps Bonus platform, who wish to participate in programs and communicate with the client through the platform services.
  • You acknowledge and agree that the platform does not bear any claims or compensation for damages that have arisen due to a client or other third parties in relation to the service provided to the client, including Gaps’s reports.

Disclaimers of Warranties

Platform
  • The services are provided by the platform 'as is' without any guarantee whatsoever, whether express or implied.
  • The platform publicly disclaims its responsibility to guarantee any business presented through the platform and its role is limited to enabling the client and the researcher to use the services without ensuring the platform to the quality of the services, either implicitly or explicitly.
  • The platform does not bear any direct or indirect damages (including damages resulting from loss of income, work, or profits), negligence, or otherwise.
Client
After determining the foregoing, and after determining the damages mentioned above, is an essential element of the service between you and the platform, you acknowledge and agree that you use our email address at your own risk.

Rewards and Fees

Platform
  • The platform agrees to process the rewards which are cash payments on behalf of the client. The platform also disclaims the platform for processing rewards that are not cash payments, or for delaying payment out of control.
  • The platform deducts the sums of bonuses to discover the gaps provided by clients to researchers on the platform from the client’s balance due to the completion of the client's requirements within ten (10) working days from the date according to its absolute discretion and evaluation of the work provided by researchers without the client having the right to object to that.
Client
  • The client must provide a balance in his account with the platform to the extent determined by the platform, and the client account or any of his requests will not be activated until the minimum required by the platform is provided.
  • The client agreed and delegated the platform irreversibly to pay the rewards from the client’s balance to researchers who report reports that they discover the gaps for the client’s requests, if they meet the conditions and requirements specified by the client, according to the platform’s own appreciation.
  • The client agrees to deduct twenty percent (20%) of the client’s balance in favor of the platform from each cash reward paid to the researcher, as it is a financial consideration due to the platform for its services.
  • The rewards paid are not refundable, except as specifically stated in the terms of the order submitted by the client (if any).
  • In the case that the client consider suspending the account on the platform, communication with the platform to stop the account and recover the remaining amounts in the client's balance without the right to recover the value of the subscription to the packages or any financial compensation due to the platform.
  • In the case that the client’s subscription period ends, the client has the option to renew the subscription or recover the remaining amounts in his balance, after communicating with the platform.
  • If the client’s balance is nearing end, the client will be notified to re-support the balance to cover any requests to the client regarding the vulnerability discovery, and no request will be placed on the platform unless there is sufficient balance to cover the costs related to that request.

Subscription Package

During the registration process, the client must choose the appropriate package for him and proceed to the subscription payments. On the other hand, the platform shall provide all the specific features of the package chosen by the client during the subscription period.

Confidential Information's

Passwords and Security

Client and Researcher
  • When you set up your account, you must provide us with accurate and complete information. This means that you cannot set up an account with a name or contact information that does not apply to you.
  • You must provide accurate and up-to-date information on all registration forms that are part of the platform's email address.
  • You can only set up one account.
  • Take full responsibility for your account and everything that happens on your account.
  • Report any suspicious account activity immediately.
  • You may not replace your account with another person.
  • You bear full responsibility as we are not responsible for any damages or losses caused by someone using your account without your permission.

Programs and Software Materials

Except as agreed by the two parties
Platform
  • The platform reserves the right to reject any request from the client for any reason whatsoever at its own discretion.
Client
  • The client is solely responsible for managing his requests (software or website) through the services.
  • The client acknowledges and undertakes that he owns all the materials specified in his request submitted through the platform and that he has all the rights necessary to grant the platform the rights to discover gaps in these materials under the conditions.
  • The client acknowledges and undertakes not to violate the materials of the current platform or that will be provided later through the services and not to use it, misuse or violate the intellectual property rights of the third party, publicity or privacy rights, or what leads to violating any applicable system or regulation.

Ownership and Licenses

The platform gives you a non-exclusive, non-transferable, and revocable license to access and use our email address according to our legal terms. Your use of our website is only for the purposes stipulated in our legal terms; any other use that is in violation of this license will result in your membership being canceled.

Modifications or Conditions of The Platform

Platform
  • When any request of the client is inactive or not monitored by the client, the platform has the right to remove or disable access to any of the relevant program or vulnerability reports in the case of that the client does not respond to the written vulnerability platform notice (via email) within 3 working days of this notice.
  • The Gaps Rewards platform reserves the right to suspend or discontinue the availability of the site or any service or remove any software at any time at its sole discretion and without prior notice.
Client and Researcher
  • The client or researcher is responsible for reviewing and getting acquainted with any of the amendments on any of the conditions, provisions or policies announced on the site.
  • Use of any service provided by the platform signifies your acceptance of the revised terms. In addition, when using certain features of the services, you are subject to any published guidelines, and the terms of the rules applicable to these services.
  • Your access to the platform and your use of the site may be interrupted, from time to time as a result of its maintenance, or for any other reason, inside or outside our control.
  • The platform may also impose new restrictions on services or features offered by the platform that restrict your access to all or part of the services without prior notice.

Intellectual Property

Our website may contain trademarks related to the platform or Trustline, as well as the marks of our subsidiaries or other companies, in the form of words, graphics and logos.
Client and Researcher
  • Your use of our website does not represent any right or license for you to use any marks, services or trademarks, without obtaining prior written permission from the owner of the service mark / trademark owner.
  • Your use of our website does not grant you property rights of any kind on our website.

Legal Content and Requirements

When you join the platform and complete the registration process, you agree to use only the legitimate purposes for which it was designated, and you acknowledge that you know our legal conditions and adhere to and adhere to them completely, and therefore you agree to:
Client and Researcher
  • Not to misuse the platform in any way unauthorized.
  • Not to represent others or claim that there is any relationship, representation or representation for any company or legal entity except with a legal agency or a statutory mandate.
  • Do not change or delete any content from the contents of the platform.
  • Not to prejudice or publish any material that violates intellectual property rights or any other rights.

User Behavior

Client and Researcher
As a condition of use, you acknowledge that: Not to use the service provided by the platform for any purpose that is unlawful or prohibited under these client terms, or for any other purpose that the platform does not intend. By way of example, and not as a limitation, you agree not to use the service provided for:
  • Abusing, harassing, threatening, impersonating or intimidating anyone.
  • Posting, transmitting, or causing publication and transmission, any defamatory, pornographic, or offensive content that violates any copyright or other right of any person.
  • Communication with company representatives, researchers, and other clients in an abusive manner.
  • Posting, sending, or causing the publication or transmission of any contact designed or intended to obtain a password, account or private information from any user of the Vulnerability Bonus Platform with a view to harming them.
  • Use of client vulnerability reports to violate third party intellectual property rights, publicity or privacy rights, or in violation of any law or legal regulation.
The researcher also adheres to all the policies stipulated in the platform, and this includes the policies of loopholes for clients ’programs, and the researcher acknowledges that if he violates any of these policies, he completely waives his right to claim the rewards of the reports he provides. In the case that his violation results in any direct or indirect harm to the client or the platform, he bears full responsibility, and legal systems and regulations for information crimes will be applied.

Regulations and Legislation's

This platform is subject to all laws and regulations in force in the Kingdom of Saudi Arabia, and the courts of the city of Riyadh alone are competent to separate all disputes that may arise from the use of this platform.

Effective Date and Modifications

Terms of use and modifications apply from the date of publication, and the platform reserves the right to amend the terms, conditions and policies every now and then , and the site user is responsible for reviewing the terms of use every now and then to ensure that it adheres.

Legal Compliance and Disclosure

The platform does not disclose your personal information with other people or other parties except to provide some content or services for the purposes for which it was intended, and based on your agreement to this policy, or under the following circumstances:
  • What requires disclosure by force of order or by judicial order.
  • What requires disclosure to the executive authorities according to a reasoned decision.
  • To protect our property, services and statutory rights; or to enforce our terms of use.
  • To comply with any applicable regulations.
  • Disclosure to the platform’s partners, affiliates, or contractors to provide services for the platform.x

General Terms

By using the platform, you agree to fully comply with and comply with our legal requirements.

Online Payment