BugBase Terms for the Bounty Hunters

By signing up as a Bounty Hunter, you are agreeing to the following terms and the Terms and Conditions, which are incorporated by reference.

1. Vulnerability Disclosure Mechanism: Bounty Hunters must agree to the Vulnerability Disclosure Mechanism defined by the Company, before conducting any testing on the Customer Systems.
2. Out of scope Vulnerabilities: Bounty Hunters must not test assets that are out of scope or test for vulnerabilities that are clearly mentioned to be out of scope or the bug is out of scope as mentioned in the Program Policy of the Bounty Program, except if the Program Policy explicitly states otherwise. Please be aware that Bunties are not assured in case of reporting out of scope vulnerabilities and this is at the discretion of the Customer.
3. Interaction and Code of Conduct: Bounty Hunters must adhere to the code of conduct defined by the Company while interacting with the Customers.
4. Public Recognition: The Bounty Hunter may receive public recognition for your find if 1) you are the first person to file a New Report for a particular vulnerability, 2) the vulnerability is confirmed to be a valid security issue as per the Company’s triaging process, and 3) you have complied with the Terms and Conditions and the Vulnerability Disclosure Mechanism.
5. The Bounty Hunter agrees and understands that the Bounty is allotted at the discretion of the Customer and the Company has no control over the Bounty amounts. The Bounty Hunter will never pressure the Customer into paying more bounty that what has already been stated in the Program Policy, any Bounty Hunter who is found to engage in such manner will be banned from the Platform by the Company.
6. The Bounty Hunter agrees and understands that the Bounty is allotted at the discretion of the Customer and the Company has no control over the Bounty amounts. The Bounty Hunter will never pressure the Customer into paying more bounty that what has already been stated in the Program Policy, any Bounty Hunter who is found to engage in such manner will be banned from the Platform by the Company.

Bounty Payments to the Bounty Hunter:

The Bounty Hunter agrees and understands that not all Bounty Programs offer Bounty. It is the responsibility of the Bounty Hunter to carefully read the Program Policy and check the details of the Bounty before participating in the Bounty Program. The decision to award a Bounty and the quantum of the Bounty is completely at the discretion of the Customer and the Bounty payment is subject to the following:

• All payments will be made in Indian Rupees and will be subject to tax deductions as per applicable local laws and regulations.
• You will ensure that your employment status does not restrict you or otherwise affect your eligibility from participating on the Bounty Program and accepting Bounty.
• If you are a child, your Bounty will be paid only into the accounts of your parent or guardian and will be subject to the completion of the KYC process by them. This is because we are morally and legally restricted from collecting personal information from a child and we endevour to obtain verifiable parental consent at each stage where interaction with a child is required.

The Bounty Hunter cannot claim that they won a Bounty from the Customer for a particular Bounty Program until the Bounty has been assigned to the respective Bounty Hunter. Once the Bounty has been assigned, if the Bounty Hunter wishes to publish about their achievement, they must abide by the rules of disclosure that the Customer sets forth (hidden company name, hidden asset name, hidden bounty amount etc.).