Wazoku Bug Bounty Program Terms and Conditions

These terms and conditions for Wazoku’s Bug Bounty Program (“Terms“) apply to and govern your participation in such Wazoku Bug Bounty Program (the “Program“). These Terms are between you (“you”, “your”)and Wazoku Limited (“Wazoku,” “us” or “we“). By participating in the program in any manner and/or submitting any Vulnerabilities to us, you agree to and accept these Terms.

(1) About the Program.

(a) The Wazoku Bug Bounty Program enables eligible participants (see clause 2 below) to submit security exploitation techniques and vulnerabilities (“Vulnerabilities“) to Wazoku about Wazoku products and services (“Products“) in accordance with these terms and conditions for a chance to earn rewards. The amount of a reward is determined by Wazoku in its sole and absolute discretion (“Bounty“). The decisions made by Wazoku regarding any Bounties are determined by Wazoku in its sole and absolute discretion and are final and binding.

(b) Wazoku may change or cancel the Program at any time, for any reason. If Wazoku changes these terms of this Program, by continuing to participate in such Program you are deemed to have accepted the changes. You may opt out of the Program by contacting us at privacy@wazoku.com.

(c) Vulnerabilities submitted to Wazoku must be submitted via the Program submission page found here  www.wazoku.com/bugbounty and be a qualifying Vulnerability as determined by Wazoku. Examples of what may be a qualifying Vulnerability may be are set out at www.wazoku.com/bounty In the initial submission, the full description of the Vulnerability must be specified along with the name of the relevant Product affected and, including as much of the following information as possible:

  • Type of issue (SQL injection, cross-site scripting, buffer overflow, consistent with the NIST National Vulnerabilities Database: https://nvd.nist.gov/vuln/categories);
  • Provide all steps required to reproduce the exploit of the vulnerability;
  • Proof of concept or exploit code;
  • Saved attack logs;
  • URLs and/or applications affected; and
  • Describe the potential impact of the issue, and how an attacker could exploit it.

Incomplete information and complexity of the Vulnerability may affect the review time of the Vulnerability, whether to award a Bounty and/or the amount of a Bounty.  

(2) Participation Eligibility

(a) To be eligible to participate in the Program you must: (i) be 18 years old or older and not be considered a minor in your country under applicable law; (ii) not be subject to legal obligations that prevents you from doing so, for example, your employment contract or ethical rules; (iii) not be a sanctioned person or a citizen of a sanctioned country under applicable law; (iv) not be in violation of any applicable laws or regulations; and (iv) not be an immediate family member of a person employed by Wazoku.  Wazoku disclaims any and all liability or responsibility for disputes arising between an employee and their employer related to this matter. There may be additional restrictions on your ability to participate in the Program depending upon your local law. You may not participate if you are a sanctioned person or a citizen of a sanctioned country under applicable law.

(3) Bounty Payment

(a) In order to receive a Bounty payment, you:

  • must not be in breach of these Terms and the Vulnerability must eligible and be original and previously unreported. If Wazoku receive reports of Vulnerabilities for the same issue, the Bounty may be awarded to the first one submitted, unless a subsequent report provides additional information, for example, a functioning exploit. When determining the amount of and if to award a Bounty, Wazoku will take into account the level or risk, the complexity of the Vulnerability, the details of the submission and the impact of the Vulnerability;
  • provide additional information as may be required by us and/or meet certain requirements to receive such Bounty as may be required by applicable law and regulations. If you do not provide such additional information and/or meet such requirements, we may not provide payment;
  • may not designate someone else to receive your Bounty pay out unless you are considered a minor in your place of residence;
  • must submit a valid invoice to us using the invoice template and/or format requirements provided by us.

(b) If the requirements set out in clause (3)a are met in full and the invoice contains the correct information we require to pay you, we will use reasonable efforts to pay the accepted and undisputed invoices within 30 days of the date of the invoice.

(c) Bounties are paid in GB pounds to your nominated bank account. You will be responsible for any tax obligations and transaction fees as a result of any Bounty paid out.

(4) Your Obligations.

(a) You shall:

  • only participate in the Program solely for the intended purpose of disclosing Vulnerabilities to Wazoku as described in these Terms and any related documentation.
  • participate in the Program for lawful purposes only and shall comply with all applicable laws and regulations;
  • only access, disclose or modify your own customer data and be solely responsible for the accuracy, completeness, appropriateness, and legality of any data or Vulnerabilities you upload and/or provide through your participation in the Program.
  • Keep confidential Vulnerabilities in accordance with clause 5 and keep confidential and not disclose to any third parties any other data and/or information accessed and/or obtained through or in connection with your participation in the Program or through the process of discovering Vulnerabilities below.   

(b) You shall not:

  • Use scanning, denial of service, spamming and related techniques and/or attacks, which may harm, cause degradation of or otherwise influence the integrity or reliability of the Products or data of Wazoku, its customers and/or its users of its Products;
  • Attempt to gain access to another users account and/or data;
  • access the Program for purposes of monitoring its availability, performance or functionality of Wazoku, except for the sole purpose of discovery and submission of Vulnerabilities;
  • transmit any viruses or exploits through your use of the Program, except for the sole purpose of discovery and submission of Vulnerabilities and subject to compliance with these Terms;
  • upload, input, access, store, distribute or any material, including without limitation any data you input and/or provide during the course of your participation in the Program that: (i) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; (ii) facilitates illegal activity; or (iii) is otherwise illegal (including without limitation infringement of any third party intellectual property rights or any other rights) or causes damage or injury to any person or property;
  • access all or any part of the Products and related documentation in order to build a product or service which competes in whole or part with these services and/or the documentation;
  • access and/or use the Products and/or Documentation to provide services to third parties;
  • reverse engineer, decompile, disassemble, modify, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Products and/or related documentation available to any third party;
  • attempt to obtain, or assist third parties in obtaining, access to the Products and/or related documentation; or
  • upload or input through the Products or otherwise disclose to Wazoku or its affiliates, any information which you do not have the rights to and/or which you are under an existing contractual or other legal obligation to maintain in confidence.

(c) Should your participation in the Program be found to breach legal obligations you may have with other third parties or any other rights or in the event of a breach of the obligations in this section (4), we may disable your access to the Program and you agree to defend, indemnify and hold harmless Wazoku and its Affiliates and their respective officers, directors, employees, agents, licensors, and suppliers, from and against all claims, actions or demands, liabilities, and settlements, including, without limitation, reasonable legal and accounting fees, arising in connection with such unauthorised and prohibited disclosure.

(d) We reserve the right, without liability or prejudice to our other rights, to disable your access to the Program in the event of your breach of this section (4) and/or access to any material that breaches the provisions of this section. We may further deem you to be ineligible for a Bounty payment.

(5) Our Intellectual Property Rights.

(a) You acknowledge and agree that Wazoku shall be granted a non-exclusive, irrevocable, perpetual, royalty free, worldwide, sub-licensable license to use, copy, publish, review, assess, test, adapt, modify and otherwise analyse the Vulnerabilities and/or any feedback related to the Vulnerabilities including any Intellectual Property Rights therein, submitted to Wazoku via the Program and all related software, applications, documentation, and materials. You represent and warrant that your submission of any Vulnerabilities is your own work, that you haven’t used information owned by another person or entity, and that you have the legal right to provide the Vulnerabilities to Wazoku.

(b) Except for your limited right to participate in the Program subject to and in accordance with these Terms, nothing in these Terms grants you any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licences in respect of our software, these services and related documents and/or any updates, developments or improvements thereto which are expressly reserved by us.

(c) You agree that the Vulnerability shall be deemed the Confidential Information of Wazoku and you shall not publish, discuss or disclose the Vulnerability to any third parties in order to provide Wazoku with an opportunity to fix the Vulnerability.  You may publish and discuss the Vulnerability only after receiving notice that the Vulnerability is fixed, subject to the prior written consent of Wazoku, which shall not be unreasonably withheld.

(d) Failure to comply with this clause (5) and the requirement of confidentiality may jeopardise the Bounty and also create risk of legal action, and you agree to indemnity Wazoku for any losses as a result of such breach of this clause.

(e) For the purposes of this clause (5) “Intellectual Property Rights” means: including without limitation, rights in patents, trademarks, service marks, trade names, other trade-identifying symbols and inventions, copyrights, design rights, database rights, rights in know-how, trade secrets and any other intellectual property rights arising anywhere in the world, whether registered or unregistered, and including applications for the grant of any such rights.

(6) Your Information. You will provide us with all information as we may reasonable require for you to participate in the Program and, where relevant, receive a Bounty award. Except for our obligations under our privacy policy and applicable data protection laws with respect to our processing of any personal data you may provide us through your participation in Program, we disclaim all liability of any kind in respect of (i) any information, data or materials you upload and/or provided through your participation in the Program, (ii) third party information,  (iii) any other material or services which may be accessed when participating in the Program, and/or (v)for any fraud committed in connection with the Program. Please see our privacy policy found here  https://www.wazoku.com/privacy-policy/ for information on our processing of such data.

(7) No Warranties. THE PROGRAM IS PROVIDED “AS IS”.  TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE EXPRESSLY DISCLAIM ALL REPRESENTATIONS AND WARRANTIES IN CONNECTION WITH THE PROGRAM, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT OF INTELLECTUAL PROPERTY, ACCURACY, COMPLETENESS, FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES ARISING BY STATUTE OR OTHERWISE IN LAW OR FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR USE OF TRADE WHICH ARE HEREBY EXCLUDED AND YOU UNDERSTAND YOUR PARTICIPATION IN THE PROGRAM IS AT YOUR OWN RISK.

(8) Limitation of Liability and Disclaimer.  THE PROGRAM MAY CONTAIN LINKS TO WEBSITES OR SERVICES OPERATED BY THIRD PARTIES AND THESE LINKS ARE FOR CONVENIENCE ONLY. WE ARE NOT RESPONSIBLE FOR AND DISCLAIM ANY AND ALL LIABILITY FOR SUCH WEBSITES AND SERVICES CONTENT AND PRIVACY POLICIES AND DO NOT ENDORSE ANY LINKED MATERIAL. TO THE MAXIMUM EXTENT PERMITTED BY LAW (A) WE SHALL NOT BE LIABLE TO YOU FOR ANY DAMAGES, CLAIMS, EXPENSES OR OTHER COSTS (INCLUDING, WITHOUT LIMITATION, ATTORNEYS’ FEES) YOU SUFFER OR INCUR AS A RESULT OF THIRD-PARTY CLAIMS RELATING TO YOUR USE OF THE PROGRAM, (B) UNDER NO CIRCUMSTANCES WILL WE BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, AND (C) OUR MAXIMUM AGGREGATE LIABILITY TO YOU ARISING OUT OF OR IN CONNECTION WITH THESE TERMS SHALL BE LIMITED TO £100, REGARDLESS OF THE CAUSE. WE DO NOT EXCLUDE OR LIMIT OUR LIABILITY FOR DEATH OR PERSONAL INJURY CAUSED BY OUR NEGLIGENCE, FOR FRAUD OR FOR ANY OTHER LIABILITY WHICH CANNOT BE LIMITED OR EXCLUDED BY APPLICABLE LAW.   

(9)  Issues. If you encounter any issues with your participation in the Program or wish to remove your login details, please contact us at support@wazoku.com.

(10) Applicability of Terms of Use. These Terms shall apply for as long as you are permitted access to use the Program pursuant to these Terms. Cancellation of the Program and/or termination of these Terms and/or where you opt out of the Program shall not affect Wazoku’s rights and your obligations under these Terms prior to such cancellation or termination, which shall continue to apply, unless otherwise agreed in writing.

(11) General. These Terms shall be governed by and interpreted in accordance with the laws of England and Wales (excluding any rules governing choice of laws) and the parties agree to submit to the exclusive jurisdiction of the English Courts. These Terms will be binding on and will inure to the benefit of the legal representatives, successors and assigns of the parties hereto. These Terms (and any policies referenced herein and incorporated by reference) constitute the entire agreement between you and us with respect to the subject matter hereof, and you have not relied upon any promises or representations by us with respect to the subject matter except as set forth herein. You shall not assign these Terms or assign any rights or delegate any obligations hereunder, in whole or in part, whether voluntarily or by operation of law. The governing language of these Terms is English. A person who is not a party to these Terms of Use has no rights under the Contracts (Rights of Third Parties) Act 1999 (the “Act”) to enforce, or to enjoy the benefit of, any term of these Terms, but this does not affect any right or remedy of a third party which exists or is available apart from the Act.