# Terms and Conditions ### 1. Introduction Welcome to bypassec.com, a platform offered by Bypassec. By accessing and using our website, you agree to comply with and be governed by the following Terms and Conditions. These terms are governed by the laws of the British Virgin Islands. Continued use of the Platform (as defined below) constitutes tacit acceptance of these Terms. ### 2. Definitions * **Platform**: Refer to the website bypassec.com. * **User**: Any individual who accesses or utilizes the platform. * **Asset**: An application, IT system, network, technology, infrastructure, software, or other target communicated by a Company in its Hacking Competition for the purpose of having its security evaluated by Researchers. * **Ethical Hacking**: The process of attempting to breach a network or computer system and bypass system security for the purpose of identifying potential security vulnerabilities and informing the system owner of such vulnerabilities. It may also involve an attempt to exploit identified vulnerabilities to determine the extent to which unauthorized access or malicious activities are possible. Ethical hacking is considered "ethical" because the hacker has good intentions and discloses the identified vulnerabilities to the system owner so that system security can be improved. * **Company**: A client of Bypassec that utilizes the platform to create Hacking Competitions to test its Assets and discover vulnerabilities. * **Researcher**: Independent security researchers (ethical hackers) willing to participate in one or more Hacking Competitions. Researchers may act in a professional or non-professional capacity, and each may have different levels of experience and knowledge. Anyone who initiates Ethical Hacking activities within the context of a Hacking Competition is considered a Researcher. * **Hacking Competition**: A temporary program created by a Company for the purpose of authorizing Researchers to test the security of its Assets in order to discover vulnerabilities. * **Company Data**: Any information, files, personal data, or other data that becomes known to a Researcher, or to which a Researcher obtains access, in the context of their participation in a Hacking Competition. Non-limiting examples of Company Data include the description of the Company’s Hacking Competition, information about the Asset, Vulnerabilities, login credentials provided to Researchers, or any data related to the Asset or its connected environments. * **Vulnerability**: A bug, defect, weakness, design or execution error, or any other technical error that compromises the security of information or communication technologies. A Vulnerability can lead to an unexpected or undesired event and can potentially be exploited by malicious third parties to compromise the integrity, availability, or confidentiality of a system and cause damage. ### 3. Operation Bypassec created the Platform as a communication tool where Companies can connect and interact with Researchers. By creating one or more Hacking Competitions, Companies can use the Platform to have the security of their Assets evaluated by the Researcher community and receive information regarding identified Vulnerabilities. Researchers operate on the Platform independently and voluntarily, freely determining which Hacking Competitions they wish to participate in and the time they wish to dedicate. Upon identifying a Vulnerability, they must disclose it to the Company through the Platform by creating a descriptive report of the discovery. Bypassec facilitates this interaction but does not assume responsibility for the specific content of the Hacking Competition or the reports. ### 4. Independent Relationship and Scope of Service Bypassec acts solely as a communication and disclosure channel to intermediate the receipt of security reports between Researchers and Companies. Bypassec does not control, supervise, or have any authority over the Researchers. Researchers are not employees, agents, personnel, or subcontractors of Bypassec and are not authorized to act on behalf of Bypassec. The Company acknowledges and agrees that Bypassec is not responsible for and has no control over the specific individuals who choose to report vulnerabilities. Bypassec's sole function is to provide a collective intelligence channel that connects the Company to the security researcher community to incentivize the disclosure of vulnerabilities. Nothing in this Agreement is intended or should be construed to create a partnership, joint venture, or employer-employee relationship between the Researchers and Bypassec, or between the Company and any of Bypassec’s employees, agents, or contractors. ### 5. Registration and Eligibility By creating an account on the Platform and participating in a Hacking Competition, users must provide accurate, up to date information and agree to comply with these Terms and Conditions. If you do not agree with any term, you are not authorized to participate in Hacking Competitions or access Assets. Your account is strictly personal, and you must maintain the confidentiality of your account credentials. By creating an account on the Platform, users declare, confirm, and warrant that: * They have the right, power, and authority to enter into these Terms and Conditions, to become a party to them, and to fulfill their obligations hereunder. * They have reached the age of 18 (or have reached the age of 16 and have permission from their parents or guardians). * They are not subject to legislative or other measures that prohibit them or Bypassec from entering into these Terms and Conditions with each other. * They are not prohibited from performing Ethical Hacking activities by law, by their organization or employer, by any agreement they have entered into, or otherwise. ### 6. Creation and Participation in Hacking Competitions #### 6.1 Creation of Hacking Competitions Companies may create Hacking Competitions by specifying the scope, duration, and rewards offered. Bypassec reserves the right to review and approve all competitions before they are published on the platform. #### 6.2 Participation of Researchers Researchers may participate in active Hacking Competitions and submit vulnerability reports within the defined scope. By submitting a report, the researcher agrees that the information provided is accurate and is their own original discovery. ### 7. Report Submissions To ensure clarity, security, and efficiency in the process of identifying and validating vulnerabilities reported on the Bypassec platform, the user agrees to adhere to the following items: **Vulnerability Reporting**: * All identified vulnerabilities must be reported exclusively through the Bypassec platform. * Vulnerabilities may only be reported during the specified competition period. **Submission of Evidence**: * All evidence related to vulnerabilities must be submitted solely using the upload functionalities available on the Bypassec platform. * The use of third-party upload services not included in the Bypassec platform is strictly prohibited, unless prior authorization is granted by Bypassec. **Vulnerability Classification**: * The classification of the severity of each vulnerability will be performed following the processes described on the [Reward Model](https://docs.bypassec.com/the-platform/rewards-model) page. * Incomplete reports or those that do not contain a clear description and reproduction steps will be automatically invalidated and will not be eligible for a reward. * Vulnerabilities that do not demonstrate a relevant impact on the organization will also be considered invalid. **Validation Process**: * During the validation process, Bypassec may contact the researcher via email or Discord if the report requires more information. * The researcher will have a period of 48 hours to respond to Bypassec’s contact. Otherwise, the vulnerability will be considered invalid. ### 8. Payouts #### 8.1 Eligibility The eligibility of vulnerabilities and the rewards to be distributed will follow the calculations and classifications defined in the Reward Model section. Bypassec is responsible for strictly adhering to these calculations to ensure a fair and transparent distribution of rewards for the Hacking Competition. Researchers contracted by Bypassec are also permitted to perform testing and participate in Hacking Competitions. However, to ensure fair participation, researchers contracted by Bypassec will be rewarded only for unique vulnerabilities, meaning those that have not been identified by any other researcher. #### 8.2 Payment Process and Methods Bypassec processes reward payments through authorized third party payment providers. The available payment methods may vary depending on the Researcher’s location. All payments are subject to the final validation of the reported vulnerability and the conclusion of the respective Hacking Competition. #### 8. 3 KYC and Verification Requirements To be eligible for payouts, Researchers must successfully complete a mandatory Know Your Customer (KYC) and identity verification process. This includes providing accurate and up to date information regarding: * Valid government issued identification. * Proof of tax residency. * Complete and accurate banking or electronic payment information. * Any additional documentation required by Bypassec or its payment processors to comply with international financial regulations. Bypassec is not responsible for payment delays, failures, or losses resulting from incorrect or incomplete information provided by the User. The destination account must be held in the same name as the registered and verified identity of the Researcher. #### 8.4 Tax Responsibility All rewards displayed on the platform are gross amounts. As an independent contractor, the Researcher is solely responsible for identifying, reporting, and paying any taxes, duties, or social contributions required by the laws of their country of residence. Bypassec does not perform tax withholding for international payouts, except where strictly required by British Virgin Islands law or specific international treaties. #### 8.5 Geographic Restrictions and Prohibited Jurisdictions Bypassec only operates in and processes payments to jurisdictions where it can ensure safe and compliant financial transactions. Currently, Permitted Jurisdictions include Brazil, the European Union, the United Kingdom, the United States, Canada, and Australia. Bypassec strictly prohibits the participation of Users and does not process payments to individuals located in sanctioned or high risk jurisdictions. These Prohibited Jurisdictions include but are not limited to Russia, Iran, North Korea, Cuba, Syria, and the regions of Crimea, Donetsk, and Luhansk. Any attempt to bypass these restrictions using VPNs or other methods will result in immediate account termination and forfeiture of any pending rewards. ### 9. User Conduct Users agree to use the platform in an ethical and legal manner, respecting all applicable regulations, the testing policy, and the scope defined by Bypassec for the Hacking Competition. Prohibited activities include, but are not limited to: * Conducting tests on Assets that are outside the permitted scope of the competition. * Using techniques such as (distributed) denial of service attacks (DoS or DDoS), physical and/or social engineering, and/or techniques mentioned in the out of scope section of the Hacking Competition. * Unauthorized disclosure of confidential information. * Using malicious methods that could cause damage to the tested system. * Altering or removing any data or parameters, unless it involves your own data within your own test accounts. * Installing or distributing malware, viruses, or any other technology that could harm the interests or property of the Company or third parties. * Sharing or disclosing information with third parties without the Company’s permission or misusing information or data acquired in the context of a Hacking Competition. * Utilizing credentials that are not in the possession of the user, whether for research purposes, vulnerability discovery, or malicious intent. ### 10. Confidentiality All information and communications received or accessed through the Platform are considered strictly confidential. You must not disclose such information to third parties. Any communication regarding Vulnerabilities must be made exclusively to the Company and Bypassec through the Platform. You must comply with all privacy and personal data processing obligations in accordance with applicable laws, including the BVI Data Protection Act (2021), the General Data Protection Regulation (GDPR), and the General Data Protection Law (LGPD). Any personal data or Company Data accessed must be processed according to the instructions provided by the Company and managed with appropriate technical and organizational security measures. ### 11. Intellectual Property Rights Researchers maintain ownership of the intellectual property rights in their reports. By reporting a Vulnerability, the Researcher grants the Company a non-exclusive license to use, copy, and distribute the content of the report as necessary to evaluate the Vulnerability and improve the security of its systems. Bypassec may also use your reports to operate and manage the Platform. ### 12. Relationship between Company, Researcher, and Bypassec Hacking Competitions and Hacking Competition Conditions are published by or on behalf of the Companies. Bypassec acts as a facilitator and does not assume responsibility for the actions or communications of the Companies or Researchers. Participation in Hacking Competitions is voluntary and independent, without any employment relationship with the Company or Bypassec. ### 13. Communication between Company and Bypassec Submissions and communications within the context of a Hacking Competition may be accessed by both Bypassec and the Company. Bypassec may act as an intermediary in the communication between the parties, but it does not assume responsibility for the content of those communications. ### 14. Responsibility of Researchers Researchers are responsible for ensuring that all their actions comply with the guidelines and practices defined by Bypassec, and they commit to fully following the Terms and Conditions, as well as all policies present in the "Legal Information" section of this documentation. Researchers must act with due diligence and care, ensuring that their activities do not violate intellectual property rights, privacy, or any other rights of third parties. Additionally, it is the responsibility of Researchers to avoid any action that could cause damage to the Assets or other systems related to the platform. Non-compliance with any of these guidelines, Terms, or policies may result in liability for damages, in addition to other sanctions applicable by Bypassec. ### 15. Our Responsibility Bypassec uses reasonable efforts to maintain the Platform securely and functioning correctly, but it does not guarantee continuous operation or access to the Platform. The Platform is provided on an "AS IS" and "AS AVAILABLE" basis. Bypassec is not responsible for the actions or omissions of Companies or Researchers. The aggregate liability of Bypassec is limited to a maximum amount of $ 5,000.00 per claim. Nothing in this agreement is intended to exclude or limit any liability that cannot be excluded or limited by law, and the relevant clauses shall be interpreted accordingly. ### 16. Limitation of Liability Bypassec shall not be held liable for any direct, indirect, incidental, or consequential damage resulting from the use of the platform, including but not limited to the loss of data or service interruption. ### 17. Modifications to the Terms We may revise these Terms and Conditions periodically. Any changes will be communicated to users through the platform. Continued use of the platform after the publication of the changes constitutes acceptance of the new terms. ### 18. Termination Bypassec may, without prejudice to any other rights it may have, at its sole discretion, at any time and with immediate effect, suspend or permanently disable access to your account and the Platform or any part thereof, and terminate any licenses provided to you. Bypassec may do so if it suspects that you are abusing the Platform, not operating in good faith, or have provided false identity information. This also applies if you do not respect the Researcher Terms and Conditions, the scope of any Hacking Competition, or if you violate the Code of Conduct. If your account or access to the Platform is suspended or terminated, you are prohibited from participating in or creating Hacking Competitions and are no longer permitted to access any Asset. ### 19. General Disputes arising from these Terms shall be governed by the laws of the British Virgin Islands and submitted to the competent courts of the British Virgin Islands. The invalidity of any provision shall not affect the validity of the remaining provisions. The failure to claim a right or apply a sanction shall not be considered a waiver of rights. ### 20. Contact For any questions or requests, please contact us at .