WELCOME TO UPSECURIT.
PLEASE READ THESE TERMS OF SERVICE CAREFULLY AS THEY CONTAIN IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS, REMEDIES AND OBLIGATIONS.
Last Updated: January 24, 2018
The Site is an online platform connecting users or entities (hereinafter referred to as “Customers” or “Clients”) willing to have their IT environment, software, web applications and programs tested (“Security Testing Services”) by security specialists (hereinafter referred to as “Researchers” or “Hackers”).
Researchers will provide Customers with Security Testing Services and report on any found bugs, risks, issues and vulnerabilities by submitting a report (this report called “Vulnerability Report”). To this purpose, Researchers can sign up and apply to offer their Security Testing Services to Customers (the “Purpose”).
Please note that the role of UpSecurIT consists in:
I. providing an online platform where Hackers can engage in Security Testing Services on Customers Applications and get a Reward if their submitted Vulnerability Report gets validated.
II. Allowing Customers to make their Applications available for performance of Security Testing Services. (I and II jointly referred to as the “Services”)
The Platform allows Customers to receive ongoing vulnerability testing and assessment for their IT environment (“IT environment” or “Application”). Security Testing Services consist of analyzing and detecting security vulnerabilities. The act of performing such services is defined as a Security Test. Researchers may sign up as and apply to carry out one or more Security Tests for Customers. Community members are independent from the Service Provider and will be required to read and accept these terms and conditions when signing up for an account.
UpSecurIT helps Users to connect for the Purpose, however is not involved in the actual transaction or contractual relationship between Customers and Researchers. These terms and conditions (herein also refered to as “Terms”, “Agreement” or “Contract”) are binding upon the Parties.
2. Information About Us
2.1 www.upsecurit.com is owned and operated by UpSecurIT, a limited company registered in Italy, whose registered address is at Via Saragat 1, L’Aquila, VAT number IT02022340661 (hereinafter also referred to as “UpSecurIT”, “Service Provider”, “We” or “Us”).
2.2 UpSecurIT is an IT security company focused on vulnerability management. Its purpose is to increase Customers’ IT security through an innovative and effective approach.
2.3 Customers and Hackers together may be also referred to as “You” or “The Community”. The Service Provider, Customers and Hackers may be also individually referred to as “Party” or collectively as “Parties”.
These Terms, together with any and all other documents referred to herein, set out the rules under which You are allowed to use this platform and its services (the “Site” or “Platform”).
In this Contract, any term used in the singular shall include the plural and vice-versa, and any term in the masculine shall refer to the feminine and neutral forms.
3. Applicable terms
3.1 Please read these Terms before using or continuing to use the Site. Users shall not agree to the Terms unless they fully understand and accept each one of them. To the extent that anything in or associated with the Site is in conflict or inconsistent with these Terms, the Terms shall remain in full effect. Any express waiver or failure to exercise promptly any right under the Terms will not create a continuing waiver or any expectation of non-enforcement. If any provision of the Terms is held invalid by any competent court, the Parties agree that such provision will be replaced with a new provision that accomplishes the original business purpose, and the other provisions of the Terms will remain in full force and effect.
3.2 The provisions of these Terms apply only to the use of the Site and the provision of Services, except for the Security Testing Services which are also governed by the Customers and Researchers Unique Terms. By creating an account on the Platform, Researchers and Customers agree to be bound also to the Customers and Researchers Unique Terms.
3.3 Please note that if a Hacker performs a Security Test on a Customer Application through the Site, You will also need to refer to and shall be bound by the Customers and Researchers Unique Terms. A Security Testing Contract will apply to a Security Test performed on a Customer’s Application in relation to payment, liabilities, rewards and other related matters. Customers are aware and acknowledge that Hackers are independent contractors that want to participate in a Project. Therefore, nothing herein shall create or imply an employment, agency or contractor relationship between UpSecurIT and the Hackers.
3.4 If there is any inconsistency between the interpretation of the Italian version and the translated version of these terms, the meaning in the Italian version shall prevail.
4. Access to the Platform and creation of an Account
4.1 Unless otherwise agreed or specified, UpSecurIT does not charge Users any fee for accessing the Site, for listing an IT environment on the Site, for conducting a Security Test on Customers’ IT environments or submitting Vulnerability Reports.
4.2 However, in the event that a Customer decides to reward a Hacker for submitting a validated Vulnerability Report, then as a result of the use of this Site and Services provided by UpSecurIT, the Service Provider will charge fees as further described in this Contract.
4.3 In order to fully use the Site and Services, Users must register and create an Account. In case of a modification of the recorded data after signing up, the User is required to change these in his Account immediately.
To register for an Account a visitor needs to access the Site and provide the requested information, including a current e-mail address which also serves for all communication between Parties. By registering, a User represents and warrants that the information provided as part of the registration process and thereafter is accurate and not misleading.
Upon successful registration, UpSecurIT will provide the User with an Account protected by a username and a password determined during the registration process. An Account is personal and cannot be transferred to any third party without UpSecurIT’s approval.
4.4 Each User is responsible for safeguarding his or her password. Users agree not to disclose their password nor any other Account details to any third party and that they will take sole responsibility for any activities or actions under their accounts, whether or not authorized by them. Users will immediately notify the Service Provider of any unauthorized use of their accounts via e-mail.
Users must be real people or business entities to open an account. Accounts registered by “bots” or other automated methods of access to the Site and to web pages contained in it are not permitted.
When creating an Account, the information Users provide must be accurate and complete. If any of their information changes at a later date, it is their responsibility to ensure that the account is kept up-to-date.
When registering an account and submitting an Application for testing, the Customer shall provide a detailed description of the Application according to the information solicited during the registration process.
4.5 The Site and its Services are intended for people who are 18 or older. For anyone under 18 an official representative of this person shall agree and be the guarantor of the activities of this person on the Site and Services. By accessing or using the Site and its Services, Users represent and warrant to be of legal age, permitting them to enter into a legally binding contract.
5. Project creation and Project parameters
5.1 A Project is created once the Customer lists an Application on the Platform and defines the scope of Security Testing Service (the “Project”). Customers are allowed to choose between an open to the public or private Project. An open to the public approach means that the Customer will be potentially engaging with all security Researchers who are part of the community. A private Project is confidential and can only be accessed through invitation.
5.2 Clients must clearly define the scope of the Security Test (“Project parameters”) before listing the IT environment and Researchers agree to perform Security Testing Services only within the Project parameters set by Clients, avoiding any out of scope Security Test.
5.3 Customers can reward Researchers for their time and resources with monetary compensation (“Reward”) when security issues and bugs are submitted to the Customer and the results are validated (“Validated Report”). If the Customer decides to reward a Hackers under the Project, the Customer must set a budget that will serve as a guarantee to Hackers for the payment of Reward Fees. The Customer will be responsible to top up his or her budget if this is not high enough to guarantee the payment of the Rewards and Services fees.
5.4 In order to get a Vulnerability Report validated, Researchers must be the first to submit one or more vulnerabilities and those must be recognized by Customers as a valid security issue.
5.4 Some listed Applications may be accessible only to verified Researchers. In that case, Hackers will have to go through a validation process, such validation consisting of verifying a Hacker’s identity.
6. Reward Fee, Service Fee and Payment
6.1 Customer may agree to recognize a Reward fee to the first Hacker who discovers a vulnerability in the Customer’s IT environment according to the Customers and Researchers Unique Terms.
Customers, not Researcher or Service Provider, are solely responsible for determining such fee (hereinafter referred to as “Reward Fee”).
6.2 In connection with their listed IT environments, Customers will be asked to provide customary billing information such as name, billing address and credit or debit card information either to UpSecurIT or its third-party payment processor(s). Customers agree to pay Hackers through UpSecurIT for any Validated Vulnerability Report submitted in accordance with these Terms by one of the methods described on the Site, e.g. by PayPal or credit/debit card, Bitcoins. Customers hereby authorize UpSecurIT and the third-party online payment processors described on the Site to proceed with the collection of such amounts on behalf of Researchers as better described under Article 7.
6.3 Customer expressly agree that, in the event that a Vulnerability Report is submitted as a result of using the Site and receiving Services and the Vulnerability Report is validated and therefore rewarded, then, in consideration of providing the Services, including support, payment facilitation, and any other online tools, UpSecurIT shall charge the Customer a service fee (hereinafter also referred to as “Service Fee”), excluding any applicable VAT or other taxes which may also be charged, and in respect of which UpSecurIT may issue or be required to issue a valid VAT invoice. The Service Fee amounts to twenty percent (20%) of the Reward Fee in relation to a listed Application.
7. Appointment of UpSecurIT as limited agent
7.1 Each Researcher accepts and agrees to appoint UpSecurIT as its disclosed agent or intermediary in the Researcher’s name and behalf only in relation to handling or managing the payment collection processes involving payment transactions with them. Researchers are aware and accept that UpSecurIT’s obligation to pay them is subject to and conditional upon successful receipt of the associated payments from Customers. UpSecurIT does not guarantee payments to Researchers for amounts that have not been successfully received from Customers. In accepting such appointment, UpSecurIT assumes no liability for any acts or omissions of the Community.
7.2 Customers authorise UpSecurIT to debit their payment cards and accounts in order to collect the due fees from the budget as required to guarantee all payments due to Researchers plus the applicable Service Fees. Therefore, once an Application is listed on the Platform, the Customer authorizes UpSecurIT to collect the applicable fees from the Customer’s budget and pay the Hacker once the Report gets validated.
7.3 UpSecuIT will complete the payment as fast as commercially possible and in any case within 15 days from the validation of the Vulnerability Report. The time it takes for the Hacker to receive any pay-outs may depend upon the method for receiving such pay-outs. Some methods involve the use of third-party payment processors, who may impose their own additional charges for the use of their services on the Researcher, including by deducting their charges from the pay-out amount.
8.1 The object of this Contract is the access to and use of the Site for the Purpose described in the Preamble.
UpSecurIT makes the Platform available with related technology for Users to connect, facilitate the Security Test and exchange payments using third party payment service providers. Unless expressly agreed otherwise in writing between UpSecurIT and Customers under a separate service agreement, UpSecurIT is not engaged in testing IT environments nor is it a provider of hacking methods, technologies or know-how, and therefore does not bear any liability arising from or related to any Security Testing Services. UpSecurIT’s responsibilities are limited to: (i) facilitating the availability of the Site and Services including providing Customers with a digital platform where they can have their Applications available for testing on an ongoing basis and (ii) accepting payments on behalf of Hackers as described in these Terms.
8.2 UpSecurIT creates and maintains the online Platform, however is not responsible for services and applications offered by third parties within the Site (e.g. payment processing services), that are not the object of this Contract and with whom separate contractual relationships may exist as explained in these Terms.
8.3 As independent contractors, Researchers are responsible to find out about their legal, tax, and social obligations and to comply with same.
9. Permitted use
Users recognize that the Site shall be used solely to perform the activities under Purpose, in compliance with the terms and conditions set forth in this Contract.
If We believe you are abusing the Platform in any way, the personal information you entered is not correct, or You do not respect the scope and limits of your authorizations, We may, at our sole discretion and without limiting other means, suspend or terminate your Account(s) and access to the Platform.
You must refrain from carrying out the following:
a. breach or circumvent any laws or terms and conditions governing the use of this Site;
b. violate any third-party rights, circumvent the security measures that protect our Platform;
c. transfer your Account and credential to a third party without our consent;
d. harvest or otherwise collect information about Customers or Hackers without their consent;
10. Intellectual property
10.1 Except for User Content as defined below, all content included in the Site and the copyright and other intellectual property rights subsisting in all content that UpSecurIT makes available through the Site or Services belongs to or has been licensed by Us. All content (including User Content) is protected by applicable Italian Copyright Laws and international intellectual property laws and treaties.
10.2 “UpSecurIT Trademarks” means all names, marks, brands, logos, designs, slogans and other designations UpSecurIT uses in connection with its Services. Users may not remove or alter any UpSecurIT Trademarks, or co-brand their own products or material with UpSecurIT Trademarks, without UpSecurIT’s prior written consent.
10.3 UpSecurIT Content means all content that UpSecurIT makes available through the Site or Services, including any content licensed from a third party, but excluding User Content (“UpSecurIT Content”).
Unless explicitly stated herein, nothing in these Terms shall be construed as conferring any license to UpSecurIT intellectual property rights.
Except as expressly authorized by UpSecurIT and except as otherwise provided by mandatory law, Users agree not to reproduce, modify, sell, distribute, mirror, frame, republish, download, transmit, or create derivative works of UpSecurIT Content, in whole or in part, by any means.
User Content includes submitted Vulnerability Reports, feedbacks, processing techniques, methods and other material uploaded or submitted by Users and related to the Purpose. With respect to User Content You (or your licensors, as appropriate) retain ownership of your User Content and all intellectual property rights subsisting therein. When you submit User Content you grant Us an irrevocable, worldwide, royalty-free, nonexclusive license to use, reproduce, modify, distribute, transmit, display, perform, adapt, resell, exploit and publish such User Content (including in digital form) in an aggregate or anonymized form in order to preserve privacy rights of all individuals involved.
11.1 You agree that you will be solely responsible for User Content. Specifically, You agree, represent and warrant that you have the right to submit the User Content and that You will not submit, communicate or otherwise do anything that:
a) promotes or assists in any form of unlawful activity;
b) infringes, or assists in the infringement of, the intellectual property rights including, but not limited to, copyright, patents, trademarks and database rights of any other party;
c) is in breach of any legal duty owed to a third party including, but not limited to, contractual duties and duties of confidence under the Customers and Researcher Unique Terms.
11.2 You agree to:
d) use the Site in a manner that is lawful and that complies with these Terms;
e) ensure that you comply fully with any and all local, national or international laws and/or regulations;
f) not use the Site to knowingly send, upload, or in any other way transmit data that contains any form of virus or other malware, or any other code designed to adversely affect computer hardware, software, or data of any kind; and
g) not use the Site in any way, or for any purpose, that is intended to harm any person or entity in any way.
11.3 You agree that you will be liable to Us and will, to the fullest extent permissible by law, indemnify Us for any breach of the warranties given by you under this article. You will be responsible for any loss or damage suffered by Us as a result of such breach.
11.4 Access to the Platform is provided “as is” and on an “as available” basis. We may alter, suspend or discontinue the use of the Platform at any time and without notice. We will not be liable in any way if our Site (or any part of it) is unavailable at any time and for any period.
11.5 Customers are responsible for reviewing and investigating each Researcher's self-reported credentials, education, and experience, as well as reviews from other Customers, if and when available on the Platform.
12. Links to Other Sites
12.1 Users may find links to other websites or resources on the Platform. Users accept that links or banners to third-party websites are provided for Users convenience only, and if Users click on a link or banner to a third-party website, they will be subject to those third-party websites terms and conditions, including any assumption of warranties, and privacy and security policies. Users acknowledge and agree that UpSecurIT is not responsible for the availability of such external sites or resources, and does not endorse and is not responsible or liable for any content, advertising, products, or other materials on or available from such sites or resources.
12.2 UpSecurIT will not be responsible or liable, directly or indirectly, for any actual or alleged damage or loss caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such site or resource. Users acknowledge sole responsibility for and assume all risk arising from his or her use of any such websites or resources or the content, products or services on or available from such websites or resources.
13. Exclusivity and non-circumvention
Users confirm they will in no way try to undercut, transact independently or otherwise dis-intermediate our Platform.
Users hereby acknowledge and recognize that a substantial portion of the compensation UpSecurIT receives for making the Site and its functionalities available to Users is the Service Fee described under Article 6 “Reward Fee, Service fee and Payment”. Users further acknowledge and agree that UpSecurIT only collects the Service Fee when Users pay and receive payments through the Site. Therefore, in consideration of the Site being made available, for the time an IT environment is listed on the Platform Users agree they will never meet offline, use other websites or applications other than the Site for carrying out Security Testing Services.
14. UpSecurIT liability
14.1 Users understand and are aware that Security Testing will be performed by independent Researchers. Therefore, the Company shall not be held responsible for any activity carried out in the execution of the Security Testing Services, neither it guarantees any result with respect to the successful testing of the IT environment. Unless expressly agreed otherwise in writing between UpSecurIT and Customers under a separate service agreement, the Company’s role is to provide Users with the Platform as a digital tool which facilitates Users to connect.
Therefore, Clients and Researchers assume full and exclusive responsibility and all risks related to the use of the Platform and all IT Testing Services.
14.2 To the fullest extent permissible by law, We accept no liability to any User for any loss or damage, whether foreseeable or otherwise, in contract, civil liability or otherwise, arising out of or in connection with the use of (or inability to use) of our Platform or the use of or reliance upon any UpSecurIT Content -Content provided by Us- or whether it is submitted by Users.
14.3 However, circumstances may arise where, because of a breach of Contract on our part or other liability in relation to or in connection with this Contract, a User may be entitled to recover damages from Us. Regardless of the basis on which a User is entitled to claim damages from UpSecurIT and except as expressly required by law without the possibility of contractual waiver, Our entire liability to pay damages as a direct result of a breach of Contract or other liability shall be limited only to actual loss incurred by the User which was directly and solely caused by UpSecurIT in connection with or arising from the Contract. In any event, UpSecurIT’s entire and aggregate liability to each User shall in no circumstances exceed an amount equal to or greater of Euro 10,000 (ten thousand/00).
14.4 Except as expressly required by law without the possibility of contractual waiver, under no circumstances is UpSecurIT liable for any of the following even if informed of their possibility:
a) loss of, or damage to data;
b) indirect or punitive damages or for any economic consequential damages; or
c) lost profits, business, revenue.
Nothing in these Terms excludes or restricts Our liability for fraud or from gross negligence, or for any other forms of liability which cannot be excluded or restricted by mandatory provisions of law.
15. Changes to terms and conditions
The Service Provider reserves the right, at its sole discretion, to modify the Site or these Terms, at any time and without prior notice for technical or commercial reasons. If UpSecurIT modifies these Terms, it will post the modification(s) on the Site or provide Users with notice of the modification(s). UpSecurIT will also update the “Last Updated Date” at the top of these Terms. By continuing to access or use the Site after UpSecurIT posted a modification or has provided Users with notice of a modification, Users fully agree to be bound by the modified Terms. If the modified Terms are not acceptable to the Users, the only recourse is to cease using the Site. Users must review these Terms on a regular basis to keep themselves informed of any changes.
16. Suspension, Termination and Account deactivation
16.1 In the event of a material breach by Users of these Terms including but not limited to fraud, and except as otherwise provided by mandatory law, UpSecurIT reserves the right, in its discretion and without liability to Users, to: (a) terminate Users’ access to the Service; (b) deactivate any of Users’ Accounts and access to all related information and files in such Accounts as well as Users’ Content; and (c) bar Users’ access to any of such files or Services. In addition, UpSecurIT reserves the right at any time and without any prior notice to disable access to any Application listing on the Site which in UpSecurIT’s sole discretion considers to be objectionable, in violation or breach of these Terms, or otherwise harmful to the Site and/or Services. Upon such listing disabling, Customers may not claim any fees or payments in relation to any Vulnerability Report already submitted and rewarded for such listing. Users may deactivate their Accounts at any time via their profile page or by sending an email to UpSecurIT at [email protected]
16.2 In particular, UpSecurIT reserves the right to suspend or terminate a User’s account and its access to the Site:
(1) If a User creates more than one (1) Account;
(2) If Users are below the legal age needed to enter into this Contract.
(3) If any information provided by a User during the registration process or thereafter proves to be inaccurate, out-dated or incomplete; or
(4) If a User posts (a) false, outdated or misleading information; (b) information that in UpSecurIT’ sole discretion is deemed inappropriate to other Users (including, but not limited to obscene, libellous, slanderous or similarly inappropriate postings) or (c) information in breach of these Terms;
(5) At UpSecurIT’s sole discretion, if UpSecurIT believes at any point that the Site has not been used properly or that Users’ conduct may cause damage to other Users, Service Provider or the Platform itself.
17. Notices and Change to Service
UpSecurIT may provide notice to Users via email, regular mail, or post notices or links to notices on the Site. UpSecurIT reserves the right at any time to modify, suspend or terminate the Services (or any part thereof), and/or access to them, with or without notice. UpSecurIT may also delete, or bar access to or use of, all related information and files. UpSecurIT will not be liable to Users or any third-party for any modification, suspension, or termination of Service, or loss of related information.
18. Further Correspondence
18.2 UpSecurIT may send Users emails at other times to inform them about or confirm changes they have made to their UpSecurIT Account or profile or other areas of the Site.
19. Governing Law
This Contract and all matters arising out of or relating to it (including non-contractual disputes or claims and their interpretation) shall be governed by the laws of Italy. Any claim or dispute arising out of or relating to this Contract (including non-contractual disputes or claims and their interpretation) shall be subject to the jurisdiction of the L’Aquila courts, Italy.