BugBase Terms for the Customers

By signing up as a Customer, you are agreeing to the following terms and the Terms and Conditions, which are incorporated by reference.

1. No Endorsement: The Company does not endorse any individual Bounty Hunter. Provided the Company may recognise some Bounty Hunters as a part of their Apollo Community.
2. No Employment: The Bounty Hunters are not employees of the Company, they are Users who have registered on the Platform to participate in Bounty Programs. Any claims that you wish to initiate or legal remedy you wish to avail against the Bounty Hunter will be limited to a claim against the particular Bounty Hunter or other third parties who caused harm to Customer, and Customer agrees not to attempt to impose liability on the Company or seek any legal remedy from the Company with respect to such actions or omissions.
3. Bounty Programs: Customer represents and warrants that Customer owns all of Program Policy or that Customer has all rights necessary to grant the Company the license rights to all of the Program Policy under the Terms and Conditions. Customer also represents and warrants that neither the Program Policy, nor Company’s or Bounty Hunter’s use and provision of the Program Policy, will infringe, misappropriate or violate a third party's intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation, including export control laws.
4. Permissions: The Customer agrees and understands that once they have created a Bounty Program, they have automatically granted their permission to the Bounty Hunter to access Customer Systems and conduct Testing Services. Customer agrees that any “shrinkwrap”, “clickwrap” or “click-through” agreement, “terms of use,” or similar documents or terms (whether in hard-copy, electronic, web-based or other form and whether existing prior to or after the date of this Agreement), that are included on or with the Customer Systems, or acceptance of which may be required in order to access to the Customer Systems, which may prevent the Bounty Hunter from rendering the Test Services will be deemed inoperative to the extent necessary to give effect to the Services rendered under these Terms and Conditions.
5. Selection of Bounty Hunter: The Customer cannot choose their Bounty Hunter for any particular Bounty Program, except if such Bounty Program is a part of a Private Program. The Customer shall at all times have the right to report and remove a Bounty Hunter from their Bounty Program, in the event that the Customer takes such action against the Bounty Hunter due to any issues of misconduct or fraud, it is requested that the Customer reaches out to the Company to report the same.
6. Bounty Program Removal: Customer must address each vulnerability within 3 months from when the New Report is triaged by the Customer (in case of unmanaged Vulnerability Disclosure Programs) or triaged by the Company (in case of managed Vulnerability Programs, Bug Bounty Programs and Private Bounty Programs). The Company holds the ability to suspend the Bounty Program. The Customer should put their best effort to fix the bug and ensure that the issue is resolved completely.
7. Relationship between the Bounty Hunter and the Customer: The Customer must at all times transact in good faith with the Bounty Hunter. Any concerns or issues pertaining to any specific Bounty Hunter will first be notified to the Company. The Customer will endevour to cordially resolve any issues and refrain from taking any legal recourse without an attempt and amicable resolution.

8. Additional conditions for specific Service offerings:

   • For Private Bounty Programs, the Company will source Bounty Hunters on their own and assign them to the respective Private Bounty Program based on past experience with similar kind of programs. New joining Bounty Hunters may also be given opportunities to be a part of the Bounty Program on a random basis. The Company endevours to ensure all Bounty Hunters on our platform get opportunities to be part of Private Bounty Programs. The Customer may also extend invite to any cyber security professionals that they wish to include in the selection pool.

   • For unmanaged Vulnerability Disclosure Programs:

     • The Company merely provides a Platform with SaaS tooling to communicate with the Bounty Hunters and ensure better visibility for the Bounty Program, akin to a marketplace. The Company does not take any responsibility for creating Triaged Reports or managing/sending swags/gifts to the Bounty Hunter.
     • The Customer and the Bounty Hunter are permitted to interact with each other. The Customer is solely responsible for ensuring they are responding to Bounty Hunters and addressing vulnerabilities. If the Customer does not respond to Bounty Hunter for 3 months the New Report is triaged by the Customer, the Company may suspend the respective Bounty Program indefinitely.
     • The Customer agrees and confirms that they are not circumventing the Platform and exchanging any consideration monetary or otherwise with the Bounty Hunter through any third-party platform/channels.

9. Fees and Payments:

   Subscription Fees:

   The Services offered to the Customer on the Platform will be charged as per the fees and pricing plans available at https://bugbase.ai/plans (“Plan”) or under an order form executed by the Parties.

   In the event that the Customer is paying the Subscription Fees, you choose to avail our Services, you will be billed on a periodic basis (“Billing Cycle”). You agree to Pay to us any fees for the Services availed by you, in accordance with the pricing charges and the payment terms as presented to you on the Platform (“Subscription Fees”). Payment against fees can be made online through credit Card/internet banking/UPI gateway etc. or any mode of payment which is made available to the User in the Platform. The Subscription Fees paid by you is non-refundable, except as provided in these Terms and Conditions.

   We reserve the right to alter/modify/suspend/discontinue any terms and conditions associated with the Plan including but not limited to the period, rate, services included in the Plan. Further, we shall give you notice of any change made to the features of the Plan prior to the expiry of your applicable Billing Cycle. We may change the fees charged to you for the Services at any time, provided that, for Services billed on a subscription basis, the change will become effective only at the end of the then-current billing cycle of your Subscription. We will provide you with advance notice of any change in fees.

   Bounty Fee:

   The Customer may pre-pay the Bounty as lump-sum and the Company will make payments to the Bounty Hunters for each Bounty Program (“Bounty Bin”), at the rates stated in the Program Policy or in case the Customer wishes to alter these rates, at such amounts as communicated by the Customer.

   The Company will notify you each time your Bounty Bin balance falls below 15% of the first deposited amount. In order to continue with the Bounty Programs, you will be required to top-up this amount and refill your Bounty Bin. The Company will send you reminders regarding this when your Bounty Bin hits 50% and 25% of its capacity. In case the Bounty Bin is not replenished within 7 days of reaching its 15% limit, the Company will have no choice but to suspend your Bounty Program.

   The Company will in addition to the Bounty deduct 10% of the Bounty value or such percentage as set out in the order form executed between the Customer and the Company for each Bounty Program as the bounty facilitation fees and to account for tax and bank transaction fees while paying the Bounty Hunter.

   Proof of payment of Bounty for each Bounty Program to each Bounty Hunter as per the directions in the Program Policy will be shared with the Customer within 7 days of the payment to the Bounty Hunter.

   The Bounty applicable to a given Bounty Program must be clearly specified in the Program Policy.

   PenTest Program Fees:

   If you are aviling the PenTest Program Services The commercials for VAPT vary depending on the size and number of the applications to be tested Please write to us at [email protected] or fill out the form on https://bugbase.ai/demo for a quote.