Terms and Conditions

Effective date: 23rd of September 2019

AGREEMENT TO TERMS

By signing up and using Secuna, you agree to be bound by the Terms and Conditions. 


DEFINITION OF TERMS

As used in these Terms and Conditions, the following capitalized terms shall have the following meanings.


  • Bug Bounties” means a cash reward awarded to security researchers after reporting a valid security vulnerability.
  • "Customer" means a Secuna customer with security program running in the platform to receive security vulnerability information.
  • Secuna Platform" means the crowdsourced cybersecurity testing platform offered and operated by Secuna.
  • Security Program" means the security page of a customer to receive security vulnerability information from different security researcher.
  • Security Program Policy" is a policy prepared by a customer that contains the rules and scopes governing the security program to which the security researchers must agree, and the bug bounty rates, if any, that a customer will award to security researchers who participate in the security program.
  • Security Researcher" are commonly known as hackers, white hat hackers, or bug bounty hunters who uses the Secuna platform to submit security vulnerability information to different security programs.
  • "Security Vulnerability Information" means bug reports or other security vulnerability information, in text, graphics, image, audio,  video, software, hardware, works of authorship of any kind, and information or other material that security researchers provide or otherwise made available through the Secuna platform to a Customer resulting from participation in a security program.
  • Services" means the Secuna platform and any related service made available by or through Secuna Platform.
  • Third Party Services" means an individual or entity that provides a service to a Customer through Secuna.

SERVICES OFFERED BY SECUNA


  • SECUNA PLATFORM

For Customers, Secuna allows them to access and use the Secuna Platform exclusively for their business purposes to enable them to communicate and collaborate with different Security Researchers by launching a security program and offer bug bounties to discover and receive Security Vulnerability Information. This is subject to Customer’s compliance with the Terms.

  • SECURITY PROGRAM MANAGEMENT SERVICE

If agreed by the Secuna and Customer, Secuna will provide the security program management service and allow Secuna to access the Security Vulnerability Information to provide the security program management service. To the deliver the service, Secuna will conduct a set of activities associated with the security program management service, including the reproducing and verifying of Security Vulnerability Information submitted by Security Researchers, communicating to Security Researchers, and awarding bug bounties. The Customer authorizes Secuna to decide on awarding bug bounties which will be based on the bug bounty rates set by the Customer on their security program. Secuna makes no representation or warranty regarding the security program management service and agrees to provide the security program management service on an as-is basis.

  • THIRD PARTY SERVICES

If agreed by the Secuna and Customer, the Services may include certain Third-Party Services. Notwithstanding anything to the contrary in the terms and conditions, the Third-Party Services will be provided by the third party to Customer; therefore, Secuna is not responsible for the Third-Party Services. Also, Secuna makes no warranty or representation concerning the Third-Party Services. The Customer agrees to be responsible for all payment obligations related to the Third-Party Services and to accept to and be bound by any terms and conditions presented to the Customer by the Third-Party Services provider governing the use of the applicable Third-Party Services, and unless otherwise agreed, the Customer will remit payment for the Third-Party Services directly to Secuna within twenty-two (22) business days of invoice, and Secuna will pay the Third-Party Services provider.

  • OTHER SERVICES OFFERED BY SECUNA

If agreed by the Secuna and Customer, the Services may include additional services to be provided by Secuna upon special arrangement.


PROHIBITION ON USE

The Customer and Security Researcher shall not use the Services provided by Secuna, or any portion thereof, for the benefit of any third-party or in any manner prohibited by the Terms and Conditions.


SECURITY VULNERABILITY INFORMATIONS

By submitting any Security Vulnerability Information available to a Customer, the Security Researcher agrees to the Security Program Policy of the Customer. Individual Security Program Policies supersede Secuna's Security Vulnerability Disclosure Policy in the event of a conflict. The Security Researcher confirms that neither the Security Vulnerability Information nor any use of Security Vulnerability Information by the Customer will infringe, misappropriate, or violate a third-party's intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation.


SECURITY VULNERABILITY DISCLOSURE POLICY

Secuna's Security Vulnerability Disclosure Policy (located in the following link: https://secuna.io/disclosure-policy), which describes the default policy concerning the submission and disclosing of security vulnerability. In the event of a conflict, Secuna’s Security Vulnerability Disclosure Policy are superseded by Customer’s Security Program Policy.


SECURITY PROGRAMS

If agreed by the Secuna and Customer, the Customer is solely responsible for the administration and management of the their Security Programs through the Secuna Platform. Secuna reserves the right in its sole discretion to reject or dismiss a Security Program for any reason. While Secuna may assist the Customer in preparing their Security Program, the Customer is solely responsible for the their Security Program Policy. The Customer represents and warrants that they own all of the Security Program Policy or that the Customer has all rights necessary to grant Secuna the license rights in the their Security Program Policy under the Terms and Conditions. The Customer also represents and warrants that neither the Security Program Policy, nor the Customer's use and provision of the Security Program Policy to be made available through the Services, nor any use of the Security Program Policy by Secuna or a Security Researcher on or through the Services, will infringe, misappropriate or violate any third-party's intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation, including export control laws.


BUG BOUNTIES AND SECUNA FEES

The Customer agrees under the Terms and Conditions to award Bug Bounties to those Security Researchers who submitted a valid Security Vulnerability Information to customers for a specific Security Program. Secuna will process Bug Bounties that are cash payments on behalf of the Customer and will remit the Bug Bounty payments to the relevant Security Researcher within ten (10) business days after Secuna receives the Bug Bounty payment from the Customer. Secuna is not responsible for processing any Bug Bounty award that is not in the form of monetary payment, or for delays in payment beyond the reasonable control of Secuna. The Customer agrees under the Terms and Conditions to pay Secuna a payment processing fee equal to twenty percent (20%) of each Bug Bounty awarded to a Security Researcher. The Customer also agrees to pay the Secuna Fees and the relevant Bug Bounty payments directly to Secuna within thirty (30) days of the invoice date, unless otherwise stated on the Order Form. The Secuna Fees and Bug Bounty payments are non-refundable, except as expressly provided in the Terms and Conditions. With the exception of any amounts disputed in good faith, all past due amounts payable under any applicable Order Form or Terms and Conditions will incur interest at a rate of 1.5% per month or the maximum rate allowed by law, whichever is lower. The Customer shall reimburse Secuna for all reasonable costs and expenses incurred in the collection of any overdue amounts, including reasonable attorneys' charges.


SECURITY RESEARCHER’S BUG BOUNTY PAYMENTS

A Bug Bounty may be awarded to the Security Researcher for submitting a Security Vulnerability Information to a customer for a particular security program if the submitted Security Vulnerability Information meets the demands of the customer as defined in their Security Program Policy. Secuna will process Bug Bounties which are financial payments on behalf of the Customer and will send the Bug Bounty payments to the relevant Security Researcher within ten (10) business days after receiving the Bug Bounty payment from the Customer. Secuna is not responsible for any payment delays outside the reasonable control of Secuna. Using a pseudonym, the security researcher may stay anonymous. However, in order to be qualified and eligible to receive a bug bounty, the security researcher needs to provide accurate, complete and up-to-date information, including mailing addresses, government-issued IDs (if applicable), and any other data that Secuna would reasonably request to allow Secuna to legally send any bug bounty payments and file tax forms. If Secuna is not provided with this data by the Security Researcher, any Bug Bounty payments that would otherwise be paid to the Security Researcher will be given to Secuna's selected charity. Some security teams may offer bug bounties for the valid submission of security vulnerability. The decision to award bug bounties is entirely at the discretion of the security team, and it is essential to note that not all security programs offer bug bounties. The amount of each bug bounty payment will be determined by the Security Team and describe in their security program policy. Bug Bounty payments are subject to the following eligibility requirements:


  • We are not able to pay bug bounties to residents or those who report security vulnerabilities from a country against which the Philippines and the United States of America has trade restrictions or export sanctions.
  • Secuna welcomes minors to participate in our platform. However, the Children's Online Privacy Protection Act also known as COPPA restricts our ability to collect personal information from children, so you will need to claim your bug bounties with the help of your parent or guardian.
  • Some payments will be made in U.S. dollars (USD) or Bitcoins (BTC) and will comply with local laws and regulations, and rules of ethics. As determined by your country's laws, you are responsible for the tax consequences of any bug bounty you receive.
  • It is your primary responsibility to comply with any policies your employer may have that may affect your eligibility to participate in our platform.

NO ADVOCACY OF SECURITY RESEARCHERS

Secuna does not endorse any Security Researcher. Secuna is not responsible for any damage or harm resulting from the communications or interactions between the Customer and Security Researcher or other customers, either through the Services or otherwise. Secuna does not intend any ranking in the leaderboard or description of any Security Researcher in their profile accounts as an endorsement of any type. Any selection or use of any Security Researcher is at the Customer's own risk. Any use or reliance of Security Vulnerability Informations that the Customer receives is at the their own risk. Secuna does not endorse, represent or guarantee any Security Vulnerability Information that is complete, truthful, accurate or reliable. Under no conditions shall Secuna be responsible in any manner for any Security Vulnerability Information, including, but not limited to, any mistakes or omissions in any Security Vulnerability Information, or any loss or harm of any kind caused as a consequence of using any Security Vulnerability Information.


NO EMPLOYMENT/AGENCY RELATIONSHIP

Security Researchers are not Secuna employees, contractors, nor agents, but are independent third parties who wish to participate in Security Programs and connect, communicate, or collaborate with the Customer. Nothing in the Terms is meant to make Secuna and Security Researcher as joint venturers, partners, or employer and employee. Under no circumstances shall Secuna be considered as a Security Researcher's employer, nor shall the Security Researcher have any right as Secuna's employee. Likewise, Customers are not employees, contractors, nor agents of Secuna, but are independent third parties who want to run their Security Programs and connect with Security Researchers through our Platform. Security Researchers agree that they will not attempt to impose liability on Secuna or seek any legal remedy from Secuna regarding Customer's actions or omissions.


SEPARATE ARRANGEMENTS

Any contract or interaction, including concerns with any security program policy, between a Customer and a Security Researcher will be exclusive to the Customer and the Security Researcher. Secuna does not participate in such agreements and disclaims all liability resulting from such operations or transactions. The Customer agrees that any legal remedy that the Customer seeks to obtain for actions or omissions of the Security Researcher or other third parties regarding the Customer's Security Program, including Security Vulnerability Information, will be limited to claims against the particular the Security Researcher or other third parties who caused harm to Customer, and the Customer agrees not to impose liability on Secuna or seek any legal remedy from Secuna regarding such actions or omissions.


TERMINATION AND SEVERANCE

Secuna may terminate the access and use of the Secuna Platform at any time and without notice to the Customer or Security Researcher at Secuna's sole discretion. A Customer or Security Researcher may, at any moment by sending an email to [email protected], cancel the account of such Customer or Security Researcher. The following conditions of the Terms shall survive upon termination, discontinuation or cancelation of the Services, the Secuna Platform or the account of a Customer or Security Researcher: No Endorsement, Independent Parties, Ownership, Warranty Disclaimers, Liability Limitation, and Dispute Resolution.


OWNERSHIP RIGHTS

Secuna does not claim any ownership rights in any Security Program Material or Security Vulnerability Information. Nothing in the Terms shall be considered to restrict any privileges that the Customer and Security Researcher may have to use and utilize the Security Program Material and Security Vulnerability Information. The Customer and Security Researcher acknowledges and agrees that Secuna may gather, collect, and use such information internally at Secuna, which will not identify particular Customers or Security Researchers. Subject to the rights of the Customer and Security Researcher in any Security Program Material or Security Vulnerability Information, Secuna and its licensors are the sole proprietors of all rights, titles and interests in the Services and content contained therein, including all associated intellectual property rights. The Customer and Security Researcher acknowledges that copyright, trademark, and other regulations of the Republic of the Philippines and overseas nations protect the Services and Secuna content.


LICENSE

By making any security program material or security vulnerability information available through the Services, the Customer and Security Researcher hereby grants Secuna a perpetual, irrevocable, non-exclusive, non-transferable, non-sublicensable, global, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit and distribute copies of the security program material of the Customer and the security vulnerability information of the security researcher for the sole purpose of providing the Services. Subject to compliance by the Customer and Security Researcher with the Terms, Secuna hereby grants the Customer and Security Researcher a non-exclusive, non-transferable, non-sublicensable, global, royalty-free license to access and view the content made available on the Services by Secuna exclusively in connection with the use of the Services authorized by the Customer and Security Researcher.


RULES ON CONFIDENTIALITY

Secuna understands that it may receive Confidential Information from the Customer; likewise, Customer understands that it may receive Confidential Information from Secuna; and Security Researcher understands that it may receive Confidential Information of a Customer or Secuna. The receiving party agrees not to disclose any third party's Confidential Information and not to use any other party's Confidential Information for any purpose not specified in the Terms, provided Customer or Security Researcher agrees that Secuna may collect or gather data with respect to Services and Security Programs for reporting on the aggregate response rate, total Bug Bounties paid and other aggregate measures (labeled as "Secuna Aggregate Data") and the Secuna Aggregate Data is not Confidential Information.


PRIVACY

The Privacy Policy of Secuna (located on the following link: https://secuna.io/privacy), explains how Secuna collects, uses, and discloses information from Secuna’s Customers and Security Researchers, and will apply to the Services.


LINKS TO THIRD-PARTY WEBSITES

The Services provided by Secuna may contain links websites or resources of third-parties. Secuna provides these links as a convenience only and is not responsible for the content, products or services on or available from those websites or resources or links displayed on such websites. Customer or Security Researcher acknowledge sole responsibility and assumes all risk resulting from using any third-party websites or resources.


AUTHORIZATION

If the Customer is using the Services on behalf of a company, organization, or other legal entity, Customer represents that they have the authority to bind that company or other legal entity to the Terms. If the Security Researcher is a minor (under the age of 18 in accordance with Philippine laws), the parents of Security Researcher must agree on their behalf to the Terms.


INDEMNIFICATION AND LIABILITIES

Customer shall indemnify, defend and hold harmless Secuna, including its officers, directors, managers, employees, and agents, against any claims, disputes, claims, liabilities, damages, losses and costs and expenses, including, without limitation, reasonable legal and accounting fees arising from or in any way connected with Customer's Security Program Material, use of a Security Vulnerability Information, or Customer's violation of the Terms. Security Researcher shall indemnify, defend and hold harmless Secuna, including its officers, directors, managers, employees, and agents, against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising from or in any way connected with Security Researcher's access to or use of the Services, Security Researcher's reliance of Security Program Material, Security Researcher's Vulnerability Information, or Security Researcher's violation of the Terms.


DISCLAIMER

Secuna provides the Services "as is" without any warranty. Secuna makes no warranty that the Services will, as applicable, meet the requirements of the Customer or Security Researcher or be available on an uninterrupted, secure, or error-free basis. Without restricting the preceding, Secuna explicitly disclaims any warranties for a particular purpose and any warranties arising from dealing or usage of trade.


LIMITS OF LIABILITY

Neither party shall be responsible for any loss of revenues, loss of information or goodwill, incidental, special, exemplary or consequential damages, disruption of service, computer damage or system failure, or costs of replacement services resulting out of or in association with the Terms or inability to use the Services, whether based on warranty, contract, tort (including negligence), or any other legal theory, and whether or not such party was notified of the potential for such damage. For consequential or incidental damages, some jurisdictions do not allow the exclusion or limitation of liability, so the above limitation may not apply. Except for obligations under Confidentiality and Indemnification sections, each party’s maximum liability under this terms will not exceed the amounts paid or payable by the Customer to Secuna for the use of the services during the twelve (2) month period before the date when the claim or liability first arose.

PROMOTION

In any promotion or advertisement describing the connection between the parties, Secuna may use the name of the Customer and/or Security Researcher.


CHANGES TO SECUNA PLATFORM OR SECUNA SITE

Secuna may change all or any portion of the Secuna Platform or Secuna Website, as it is in accordance with the terms contained herein. Furthermore, if any Security Program is inactive or unattended by a Customer, Secuna shall have the right to remove or disable access to any appropriate Security Program Material or Security Vulnerability Information if the Customer has not replied to Secuna's written notice via email within three (3) business days of such written notice.


AMENDMENTS

Secuna may, upon notification to the Customer or Security Researcher, change the Terms at any moment. If Customer or Security Researcher continues to use the Services after Secuna has changed the terms and conditions, the Customer and Security Researcher will be considered to have agreed to be bound by the changed terms and conditions.


NOTICE TO SECUNA

Anyone can submit feedback by sending an email to Secuna at [email protected]. By submitting any Feedback, sender grants Secuna a royalty-free, worldwide, irrevocable, perpetual, non-exclusive, sub-licensable, transferable, fully-paid license under any intellectual property rights owned or controlled by the sender to use, copy, modify, create derivative works based on and otherwise use the feedback for any purpose.


SECUNA INFORMATION

If there are any questions about the Terms or the Services, please contact Secuna at [email protected], or Secuna Software Technologies, Inc., Level 10-01, One Global Place, 5th Avenue cor 25th Street Bonifacio Global City, Taguig City.


OTHER TERMS AND CONDITIONS

The Terms and any relevant executed order form that refers to the Terms represent the entire and exclusive agreement between Secuna and Customer or Security Researcher and supersede and replace any prior verbal or written contract or agreement between Secuna and Customer or Security Researcher on the Services. If any provision of the Terms is held by the legal authority of the competent jurisdiction to be invalid, forbidden, or otherwise unenforceable, the other provisions of the Terms shall remain enforceable and the invalid or unenforceable provision shall be deemed modified to the extent allowed by law to be valid and enforceable. Secuna will assign the Terms and bind and inure to the benefit of the parties, their successors and assigns. The Customer or Security Researcher may not assign the Terms to be unreasonably withheld without the prior written permission of Secuna. Any notices or other communications provided by Secuna under the Terms, including amendments to the Terms, will be provided by email or by posting to the Secuna Site. The failure of Secuna to enforce any right or provision of the Terms shall not be considered as a waiver of such right or provision. Any such waiver will only be effective if it is signed in writing by a duly authorized Secuna representative.