This agreement is entered into between BugClaim platform of Protonull Corporation Private Limited having its registered office at Center of Innovation and Incubation, NIT Warangal, Warangal, IN (hereinafter referred to as “BugClaim”) on this 09/02/2021. The parties agree to enter into the following terms and conditions, hereinafter as stipulated.
Definitions
“Brief” means the set of instructions containing inclusions, exclusions, consideration proposed to be paid, and other information and permissions provided by the Company for testing of its domain.
“Bounty” means the consideration agreed to be paid by the Company to the Cyber Security Professional, including the amount payable to BugClaim against the services rendered.
“BugClaim” means BugClaim Platform of Protonull Corporation Private Limited and shall include its officers, agents, servants duly authorized to perform a particular act.
“Cybersecurity professional” means a user who has registered on the website for rendering services as required from time to time.
“Consideration” means the total amount payable by the Company to BugClaim and the Cyber Security Professional. BugClaim shall retain a sum percentage amounting to not less than 20% of the consideration amount paid by the company and remit the sum remaining thereafter to the cybersecurity professional for their services.
“Domain” includes domain, website, app, server, software, database, etc.
“Company” means a user who has registered on the website for testing the security issues/ loopholes/ other issues etc. in the domain. The company, in furtherance of this agreement, acknowledges that the Cyber Security Professionals registered with BugClaim shall test vulnerabilities in their software, portals, etc., to prevent data breach/thefts and to secure their servers.
“User” includes and is not limited to any person, whether an individual, association of persons, societies, companies, partnerships, HUFs, shops, industries, establishments, etc. who registers on the website with the intent of using it for any lawful and authorized purpose that the website permits and also includes a visitor. Singular consists of the plural.
“Visitor” means a person who does not register on the website for
rendering or receiving services but visits the website for browsing or
any other purpose.
“Website” includes bugclaim.com, sub-domains, and any users associated with web-based and mobile applications.
Representation and Warranties By consenting to the terms contained herein, the user, at the outset, represents that: The user is competent to enter into this agreement under the laws of India; and The user is also competent to enter into this agreement under the laws of the country where the user is residing, domiciled in, registered, etc.; and The user is not involved in any activity which is barred by law or constitutes an offense under the laws of any country; and The user is not an undischarged insolvent; and The user has not been convicted under any law in any country for any criminal activity; and The user is not under any disability, restriction, or prohibition, whether legal, contractual, or otherwise, which shall prevent it from performing or adhering to any of its obligations, including receiving or rendering services, as the case may be, on the website, and it has not entered into and shall not enter into any agreement that may violate this Agreement; The user, if a cybersecurity professional as defined herein, possesses the necessary skills, expertise, and experience to render the services as required by the website; No litigation, arbitration, or administrative proceedings are threatened, pending, which call into question the validity or performance of obligations including receiving or rendering of services under this Agreement; The users or their representatives, agents, servants shall not try to hack or misuse the website, and in case of any breach, they shall indemnify BugClaim and shall be liable for prosecution.
Rights and obligations of the Company The Company or its representative shall be entitled to visit bugclaim.com and create its account. The Company shall fill the ‘create a company’ form, and BugClaim would after that verify the details. BugClaim shall verify the email and company legitimacy and thereafter grant access to Company to create a bounty program. The Company shall fill in all details (in scope websites/apps, out of scope websites/apps, program rules, bounty details, bounty amounts, etc.). Upon successful creation of the Bounty program, BugClaim shall make it public for other users registered in the category of cybersecurity professionals. After a Cyber Security Professional reports a bug to BugClaim, the latter shall report it to the Company. The Company would peruse the report and ensure that the bug is resolved/handled to the company’s satisfaction if it so wants. The Company shall acknowledge whether the identified bug has been fixed or not, as per requirement, and shall accordingly be liable to pay the rewards bounty to BugClaim following the terms of the bounty program. The company shall provide BugClaim with a policy document defining the scope of engagement by the Cyber Security Professionals for the determination and identification of potential vulnerabilities. The Company shall pay the consideration to BugClaim within three days from having received the triaged report sent by Moderator, and thereafter the Company’s representative and Moderator having discussed with each other on the platform of BugClaim. Rights and obligation of the Cyber Security Professional The User shall visit bugclaim.com and register as a Cyber Security Professional. The User shall supply any information or documents required by BugClaim, including identity details like GST details, PAN Card, registration certificate, etc., as the case may be. After that, the User shall be entitled to browse bug bounty programs. The User may join a bounty program hosted by a Company and start penetrating the website while strictly adhering to and following the rules and scope decided by the Company. Once the user finds a bug, it shall report it to BugClaim without disclosing it to anyone else. BugClaim shall check the bug validity & authenticity, and after that, mark it as "triaged," meaning a valid bug or duplicate or rejected (with reason). BugClaim would share the bug with the Company, and the Company shall look at triaged report sent by Cyber Security Professional. The Company and the Cyber Security Professional shall be permitted to chat with each other on the platform of BugClaim until the bug is resolved/ handled to the satisfaction of the company as per the bounty program. The Company shall decide whether it wants to disclose the bug to the public or not. The Company would transfer the bounty money to BugClaim, and the latter shall, after deducting 20% fee, remit the amount to the Cyber Security Professional. The said payment shall be remitted by BugClaim within ten days from receipt from the Company.
Indemnification The user hereby agrees to indemnify and keep indemnified BugClaim from and against any loss, damages, claims arising from or out of any obligation, representation, warranty, undertaking, or covenant hereby made/ agreed/ undertaken by the User under this Agreement turning out to be false, untrue, misleading, incorrect and/or breached. The user shall also indemnify BugClaim for any liability that may occur due to the authorized use of the website by the User. There shall not be any limit on such liability, and the User shall also be liable to bear the legal costs and compensate BugClaim for any other damage/Loss or injury caused. In case BugClaim is required to take any legal assistance, the same shall be at the cost and expense of the User.
Restrictions on the use of the website The users shall use the website only for lawful purposes and in accordance with the conditions set by BugClaim for its use from time to time and on a case-to-case basis. The Cyber Security Professional shall be liable to indemnify BugClaim and/ or the Company User for any use of the website which is contrary to or beyond the mandate given. The Users shall not violate any intellectual property rights of BugClaim.
Assignment The User shall not assign any of its rights and obligations under this Agreement to any third party. BugClaim has the right to assign its rights and obligations under this Agreement to any third party without seeking the consent of the User. However, BugClaim assures that any such assignment shall not interfere with the bona fide agreement between the Parties.
Limitation of Liability BugClaim shall not be liable for any loss caused to the Company/ Cyber Security Professional/ Visitor on account of any default on the part of any User. BugClaim shall not be liable for any defect, unavailability of services, interruptions on the website, non-functioning of the website, delay in performance/ rendering of services, etc. The User agrees that it shall be solely responsible for any loss that May occur due to usage of the website and/ or any act done by the User thereafter. The directors, employees, agents, servants, etc. shall not be responsible for any liability whatsoever and of whichever kind that may arise due to the performance/ non-performance, act/ omission, etc. in relation to the brief or otherwise.
Collection of Data BugClaim shall be entitled and within its right to receive, store and use any information provided by the User to BugClaim for the purposes of rendering of services by the Cyber Security Professional. BugClaim shall also be entitled and within its right to receive, store and use any information received about the User from any other source whatsoever.
Data Policy The User agrees that the protection of Data of other Users is of utmost importance. The User shall not cause any breach of privacy or any intellectual property of the other Users and BugClaim. All Users need to provide basic information to use the website and services offered by BugClaim. Such information may include data / intellectual property belonging to the User and shall also include access to the portal/ website/ domain of the Company to the tasks to be performed. The Company shall, wherever possible and/or required by BugClaim, supply a brief/ statement of work to be done along with restrictions and limitations regarding collection. Such the services expected from the Cyber Security Professionals. BugClaim and the Cyber Security Professional shall be fully entitled and within their right to use and access such data/ intellectual property of the Company which may be necessary, according to BugClaim, for the rendering of services and such access/ use of the data/ intellectual property shall not constitute any violation of the law. The User understands that all information and data shared with BugClaim may be aggregated by BugClaim and its agents for analysis, and such collection of data shall not constitute any breach of privacy or violation of any intellectual property right. In case the User does not want to cause any data to be shared with BugClaim or other Users, it has to be expressly mentioned to BugClaim in writing, failing which BugClaim shall not be responsible for any sharing of such data. BugClaim shall be entitled to use the name and other basic information about the User for advertising, communication, providing incidental services like audio, camera, voice, imaging, troubleshooting, etc. BugClaim shall not store any information in respect of the User which is not either publicly accessible or not within the scope of work given by the Company and expressly barred by the Company, save and except as is necessary to maintain or provide the Service, or to improve the user experience, or as necessary to comply with the law or a binding order of a governmental body. BugClaim shall endeavor to protect the personal information of the User and shall place all reasonable security measures for protection thereof. However, BugClaim shall not be responsible or held liable for any third-party misuse of the data. BugClaim will not disclose the information provided by you to any government or third party in the usual course of its business. However, this exception shall not apply in case of any criminal investigation against the User or in case BugClaim is called upon by any competent court of law to disclose such information. In case of any complaints, the User may contact BugClaim at hello@bugclaim.com.
Termination of Licence The Licence granted by BugClaim to the User is non-transferable and any delegation or unauthorized use of the website by the User shall render the license void. However, the User shall be liable to pay the balance consideration, as due or determined by BugClaim, forthwith., BugClaim shall have the sole right to terminate the right to use and registration of any User if the same is found to be in contravention of any of the terms of the Agreement, any law, the access authorized The agreement The decision of BugClaim shall be final in this regard.
Governing Law This Agreement shall be governed by and construed in accordance with the laws of India.
Jurisdiction The Parties agree that the Courts at Hyderabad shall have exclusive jurisdiction regarding any matter arising from or related to this Agreement.
Interpretation This Agreement, together with all agreements and documents executed contemporaneously with it or referred to in it, constitutes the entire agreement between the Parties concerning its subject matter and supersedes all prior agreements and understanding, whether oral or written, concerning such subject matter. No variation of this Agreement shall be effective unless reduced to writing and signed by or on behalf of a duly authorized representative of each of the Parties.
Severability If any provision of this Agreement is adjudged by a competent court to be void or unenforceable, the same shall in no way affect any other provision of this Agreement or its validity or enforceability, and the unenforceable provision shall be performed to the extent valid and enforceable.
Force Majeure BugClaim shall not be liable for failure to perform its/their obligations if the failures result from events like but not limited to an act of God, an act of Government, other authorities or statutory undertakings, fire, explosion, accident, power failure, equipment or systems failure, industrial dispute, terrorist attack, internal disturbance, change of law or any other thing or act or omission of anyone which is beyond BugClaim’s control.
Dispute Resolution Any complaints about acts/ omissions etc. should be raised within seven days from the date, such act/ omission is first noticed by the User. All such complaints may be made at hello@bugclaim.com. Any complaint received thereafter shall not be entertained, and BugClaim shall not be liable for any consequences thereof. The parties to the agreement shall, in the first instance, try to resolve all their disputes by discussion, conciliation, and mediation, in that order. If the disputes are not resolved by the aforementioned process, any claim, controversy, or dispute arising out of or in connection with this Agreement shall be referred to the arbitration of a sole arbitrator appointed by BugClaim in accordance with the provisions of the Arbitration and Conciliation Act, 1996. The arbitration proceedings shall be conducted in New Delhi.
Modifications BugClaim shall be entitled to modify the terms of this agreement without any prior notice to the users or ‘Company’ as deemed fit by BugClaim. This Agreement cannot be amended, modified, or changed in any way whatsoever, except by the express consent of BugClaim in either writing or communicated by electronic means.
Further documents In connection with this Agreement, as well as all transactions contemplated by this Agreement, each Party agrees to execute and deliver such additional documents and instruments, and to perform such additional acts, as may be necessary or appropriate, and upon which the Parties may agree, to effectuate, carry out, and perform all the terms, provisions, and conditions of this agreement, and all such transactions.
Disclaimer BugClaim is not associated in any way with any government or its agencies for its functioning. The services offered by the Cyber Security Professionals are their own and not on behalf of BugClaim. BugClaim is only providing a platform for the Company and Cyber Security professionals for receiving and rendering services.
Undertaking The User states and confirms that it has carefully read all the above-mentioned terms and accepts the same without any modifications under its free will to avail services as available on the website. The User also confirms that it shall be bound by any modifications made to the above terms by BugClaim even if they are without any consultation with or notice to the User.
This Agreement and each party's obligations shall be binding on the representatives, assigns, and successors of such party. Each party has signed this Agreement through its authorized representative.
BugClaim Date: 09/02/2021