END USER LICENCE AGREEMENT & TERMS AND CONDITIONS FOR THE USE OF WEBSITE

1. Definitions

   1. “Brief” means the set of instructions containing inclusions, exclusions, consideration proposed to be paid and other information and permissions provided by the Company for testing of its domain.
   2. “Bounty” means the consideration agreed to be paid by the Company to the Cyber Security Professional including the amount payable to BugBase against the services rendered.
   3. “BugBase” means BugBase Security Private Limited and shall include its officers, agents, servants duly authorised to perform a particular act.
   4. “Cyber security professional” means a user who has registered on the website for rendering services as required from time to time.
   5. “Consideration” means the total amount payable by the Company to Bugbase and the Cyber Security Professional. The BugBase shall retain a sum percentage amounting to not less than 15% of the consideration amount paid by the company and remit the sum remaining thereafter to the cyber security professional for their services.
   6. “Domain” includes domain, website, app, server, software, database, etc.
   7. “Company” means a user who has registered on the website for testing the security issues/ loopholes/ other issues etc. in the domain. The company in furtherance to this agreement acknowledges that the Cyber Security Professionals registered with Bug Base shall test vulnerabilities in their software, portals etc. to prevent data breach/thefts and to secure their servers.
   8. “User” includes and is not limited to any person whether an individual, association of persons, societies, companies, partnerships, HUFs, shops, industries, establishments, etc. who registers on the website with the intent of using it for any lawful and authorised purpose that the website permits and also includes a visitor. Singular includes plural.
   9. “Visitor” means a person who does not register on the website for rendering or receiving services but visits the website for browsing or any other purpose.
   10. “Website” includes bugbase.in, sub-domains, and any associated web-based and mobile applications.

2. Representation and Warranties

   1. By consenting to the terms contained herein, the user, at the outset, represents that:

      1. the user is competent to enter into this agreement under the laws of India; and
      2. the user is also competent to enter into this agreement under the laws of the country where the user is residing, domiciled in, registered etc.; and
      3. the user is not involved in any activity which is barred by law or constitutes an offence under the laws of any country; and
      4. the user is not an undischarged insolvent; and
      5. the user has not been convicted under any law in any country for any criminal activity; and
      6. the user is not under any disability, restriction, or prohibition, whether legal, contractual, or otherwise, which shall prevent it from performing or adhering to any of its obligations including receiving or rendering services, as the case may be, on the website, and it has not entered into and shall not enter into any agreement that may violate this Agreement;
      7. the user, if a cyber security professional as defined herein, possesses the necessary skills, expertise and experience to render the services as required by the website;
      8. no litigation, arbitration, or administrative proceedings are threatened, pending, which call into question the validity or performance of obligations including receiving or rendering of services under this Agreement;
      9. the users or their representatives, agents, servants shall not try to hack or misuse the website and in case of any breach they shall indemnify BugBase and shall be liable for prosecution.

3. Rights and obligations of the Company

   1. The Company or its representative shall be entitled to visit bugbase.in and create its account.
   2. The Company shall fill the 'create a company' form and the details would thereafter be verified by BugBase.
   3. BugBase shall verify the email and company legitimacy and thereafter grant access to Company to create a bounty program.
   4. The Company shall fill in all details (in scope websites/apps, out of scope websites/apps, program rules, bounty details, bounty amounts, etc) and upon successful creation of the Bounty program, BugBase shall make it public for other users registered in the category of cyber security professionals.
   5. After a Cyber Security Professional reports a bug to BugBase, the latter shall report it to the Company.
   6. The Company would peruse the report and ensure that the bug is resolved/handled to the satisfaction of the company, if it so wants.
   7. The Company shall acknowledge as to whether the identified bug has been fixed or not, as per requirement, and shall accordingly be liable to pay the rewards bounty to BugBase in accordance with the terms of the bounty program.
   8. The company shall provide the BugBase with a policy document defining the scope of engagement by the Cyber Security Professionals for the determination and identification of probable vulnerabilities.
   9. The Company shall pay the consideration to BugBase within a period of 3 days from having received the triaged report sent by CCP and thereafter the Company's representative and CCP having discussed with each other on the platform of BugBase.

4. Rights and obligation of the Cyber Security Professional

   1. The User shall visit bugbase.in and register as a Cyber Security Professional.
   2. The User shall supply any information or documents required by BugBase including identity details like GST details, PAN Card, registration certificate, etc. as the case may be.
   3. Thereafter the User shall be entitled to browse bug bounty programs.
   4. The User may join a bounty program hosted by a Company and start penetrating the website while strictly adhering to and following the rules and scope decided by the Company.
   5. Once the User find a bug, it shall report it to BugBase without disclosing it to anyone else.
   6. BugBase shall check the bug validity and authenticity, and thereafter mark it as "triaged" meaning a valid bug or duplicate or rejected (with reason).
   7. BugBase would share the bug with the Company and the Company shall look at triaged report sent by Cyber Security Professional.
   8. The Company and the Cyber Security Professional shall be permitted to chat with each other on the platform of BugBase until bug is resolved/ handled to the satisfaction of the company as per the bounty program.
   9. The Company shall decide whether it wants to disclose the bug to the public or not.
   10. The Company would transfer the bounty money to BugBase and the latter shall, after deducting 15% fee, remit the amount to the Cyber Security Professional.
   11. The said payment shall be remitted by BugBase within a period of 10 days from receipt from the Company.

5. Indemnification

   1. The user hereby agrees to indemnify and keep indemnified BugBase from and against any and all loss, damages, claims arising from or out of any obligation, representation, warranty, undertaking or covenant hereby made/ agreed/ undertaken by the User under this Agreement turning out to be false, untrue, misleading, incorrect and / or breached.
   2. The user shall also indemnify BugBase for any liability that may occur due to the authorised usage of the website by the User. There shall not be any limit on such liability and the User shall also be liable to bear the legal costs and shall compensate BugBase for any other damage. Loss or injury caused to BugBase.
   3. In case BugBase is required to take any legal assistance, the same shall be at the cost and expense of the User.

6. Restrictions on the use of website

   1. The website shall be used by the users only for lawful purposes and in accordance with the conditions set by BugBase for its use from time to time and on a case to case basis.
   2. The Cyber Security Professional shall be liable to indemnify BugBase and/ or the Company User for any use of the website which is contrary to or beyond the mandate given.
   3. The Users shall not violate any intellectual property rights of BugBase.

7. Assignment

   1. The User shall not assign any of its rights and obligations under this Agreement to any third party.
   2. BugBase has the right to assign its rights and obligations under this Agreement to any third party without seeking the consent of the User.
   3. However, BugBase assures that any such assignment shall not interfere with the bona fide agreement between the Parties.

8. Limitation of Liability

   1. BugBase shall not be liable for any loss caused to the Company/ Cyber Security Professional/ Visitor on account of any default on the part of any User.
   2. BugBase shall not be liable for any defect, unavailability of services, interruptions on the website, non-functioning of the website, any delay in performance/ rendering of services, etc.
   3. The User agrees that it shall be solely responsible for any loss that may occur to it sue to usage of the website and/ or any act done by the User thereafter.
   4. The directors, employees, agents, servants, etc. shall not be responsible or liable for any liability whatsoever and of whichever kind that may arise due to the performance/ non-performance, act/ omission, etc. in relation to the brief or otherwise.

9. Collection of Data

   1. BugBase shall be entitled and within its right to receive, store and use any information provided by the User to BugBase for the purposes of rendering of services by the Cyber Security Professional.
   2. BugBase shall also be entitled and within its right to receive, store and use any information received about the User from any other source whatsoever.

10. Data Policy

    1. It is agreed by the User that protection of Data of other Users is of utmost importance and the User shall not cause any breach of privacy or of any intellectual property of the other Users and BugBase.
    2. All Users need to provide basic information in order to use the website and services offered by BugBase. Such information may include data / intellectual property belonging to the User and shall also include the access to the portal/ website/ domain of the Company in relation to the tasks to be performed.
    3. The Company shall, wherever possible and/ or required by BugBase, supply a brief/ statement of work to be done along with restrictions and limitations in respect of the services expected from the Cyber Security Professionals.
    4. BugBase and the Cyber Security Professional shall be fully entitled and within their right to use and access such data/ intellectual property of the Company which may be necessary, according to BugBase, for rendering of services and such access/ use of the data/ intellectual property shall not constitute any violation of law.
    5. The User understands that all information and data shared with BugBase may be aggregated by BugBase and its agents for analysis and such collection of data shall not constitute any breach of privacy or violation of any intellectual property right.
    6. In case the User does not want to cause any data to be shared with BugBase or other Users, it has to be expressly mentioned to BugBase in writing failing which BugBase shall not be responsible for any sharing of such data.
    7. BugBase shall be entitled to use the name and other basic information about the User for the purposes of advertising, communication, providing incidental services like audio, camera, voice, imaging, etc., troubleshooting, etc.
    8. BugBase shall not store any information in respect of the Company User which is not either publicly accessible or not within the scope of work given by the Company and expressly barred by the Company, save and except as is necessary to maintain or provide the Service, or to improve the user experience, or as necessary to comply with the law or a binding order of a governmental body.
    9. BugBase shall endeavour to protect the personal information of the User and shall place all reasonable security measures for protection thereof. However, BugBase shall not be responsible or held liable for any third-party misuse of the data.
    10. BugBase will not disclose the information provided by you to any government or third party in the usual course of its business. However, this exception shall not apply in case of any criminal investigation against the User or in case BugBase is called upon by any competent court of law to disclose such information.
    11. In case of any complaints, the User may contact BugBase at [email protected]

11. Termination of Licence

    1. The Licence granted by BugBase to User is non-transferable and any delegation or unauthorised use of the website by the User shall render the licence void. However, the User shall be liable to pay the balance consideration, as due or determined by BugBase, forthwith.
    2. BugBase shall have the sole right to terminate the right to use and registration of any User if the same is found to be in contravention of any of the terms of the Agreement, any law or public policy.
    3. The decision of BugBase shall be final in this regard.

12. Governing Law

    1. This Agreement shall be governed by and construed in accordance with the laws of India.

13. Jurisdiction

    1. The Parties agree that the Courts at New Delhi shall have exclusive jurisdiction regarding any matter arising out of or related to this Agreement.

14. Interpretation

    1. This Agreement, together with all agreements and documents executed contemporaneously with it or referred to in it, constitute the entire agreement between the Parties in relation to its subject matter and supersedes all prior agreements and understanding, whether oral or written, with respect to such subject matter, and no variation of this Agreement shall be effective unless reduced to writing and signed by or on behalf of a duly authorized representative of each of the Parties.

15. Severability

    1. If any provision of this Agreement is adjudged by a competent court to be void or unenforceable, the same shall in no way affect any other provision of this Agreement, or its validity or enforceability, and the unenforceable provision shall be performed to the extent valid and enforceable.

16. Force Majeure

    1. BugBase shall not be liable for failure to perform its/their obligations if the failures result from events like but not limited to an act of God, an act of Government, other authorities or statutory undertakings, fire, explosion, accident, power failure, equipment or systems failure, industrial dispute, terrorist attack, internal disturbance, change of law or any other thing or act or omission of anyone which is beyond BugBase’s control.

17. Dispute Resolution

    1. Any complaints in relation to acts/ omissions etc. should be raised within a period of seven days from the date such act/ omission is first noticed by the User. All such complaints may be made at [email protected]. Any complaint received thereafter shall not be entertained and BugBase shall not be liable or responsible for any consequences thereof.
    2. The parties to the agreement shall, in the first instance, try to resolve all their disputes by discussion, conciliation and mediation, in that order.
    3. If the disputes are not resolved by the aforementioned process, any claim, controversy or dispute arising out of or in connection with this Agreement shall be referred to arbitration of a sole arbitrator appointed by BugBase in accordance with the provisions of the Arbitration and Conciliation Act, 1996.
    4. The arbitration proceedings shall be conducted in New Delhi.

18. Modifications

    1. BugBase shall be entitled to modify the terms of this agreement without any prior notice to the Users as deemed fit by BugBase.
    2. This Agreement cannot be amended, modified, or changed in any way whatsoever, except by the express consent of BugBase in either writing or communicated by electronic means.

19. Further documents

    1. In connection with this Agreement, as well as all transactions contemplated by this Agreement, each Party agrees to execute and deliver such additional documents and instruments, and to perform such additional acts, as may be necessary or appropriate, and upon which the Parties may agree, to effectuate, carry out, and perform all the terms, provisions, and conditions of this Agreement, and all such transactions.

20. Disclaimer

    1. BugBase is not associated in any way with any government or its agencies for its functioning. The services offered by the Cyber Security Professionals are their own and not on behalf of BugBase. BugBase is only providing a platform for the Company and Cyber Security Professional for receiving and rendering of services.

21. Undertaking

    1. The User states and confirms that it has carefully read all the above-mentioned terms and is accepting the same without any modifications under its own free-will for the purposes of availing services as available on the website.
    2. The User also confirms that it shall be bound by any modifications made to the above terms by BugBase even if they are without any consultation with or notice to the User.