Terms of Service
Last updated: June 16, 2026
These Terms of Service ("Terms") govern your access to and use of the OOOSEC platform, including our website, services, and applications (collectively, the "Platform"). By accessing or using the Platform, you agree to be bound by these Terms. If you do not agree to these Terms, do not use the Platform.
1Definitions
- "OOOSEC" refers to OOOSEC Security LLC, a company incorporated in Delaware, United States.
- "User" refers to any individual or entity that accesses or uses the Platform.
- "Researcher" refers to a User who participates in bug bounty programs by identifying and reporting security vulnerabilities.
- "Program Owner" refers to a User who creates and manages a bug bounty program on the Platform.
- "Submission" refers to a vulnerability report submitted by a Researcher through the Platform.
- "Reward" refers to monetary or other compensation paid to Researchers for valid Submissions.
2Eligibility
To use the Platform, you must:
- Be at least 18 years of age or the age of majority in your jurisdiction
- Have the legal capacity to enter into binding agreements
- Not be located in, ordinarily resident in, or a national of any country or territory subject to comprehensive sanctions administered by the U.S. Office of Foreign Assets Control (OFAC), the European Union, the United Nations, or the United Kingdom (see Section 7 below for the current list)
- Not appear on any sanctions, denied-persons, or terrorism-related watchlist
- Complete any required identity verification (KYC) procedures
Researcher Guidelines
As a security researcher, you agree to:
- Only test against systems and assets explicitly listed in scope
- Not access, modify, or delete data belonging to other users
- Not perform denial of service attacks, social engineering, or physical attacks
- Report vulnerabilities promptly and not disclose them publicly until authorized
- Provide clear, detailed reproduction steps in your reports
- Use rate limiting (max 1 request per second) for any automated testing
- Comply with all applicable laws and regulations
Program Owner Guidelines
Organizations running bug bounty programs agree to:
- Provide clear scope definitions and reward structures
- Respond to submissions within stated timeframes
- Pay bounties as specified in their program policies
- Not retaliate against researchers acting in good faith
- Maintain accurate program and contact information
Safe Harbor
When conducting security research within scope and in accordance with these terms, participating organizations agree not to pursue legal action against researchers.
This safe harbor does not extend to activities that cause harm to users, exceed the defined scope, or violate applicable laws. See our Responsible Disclosure Policy for full details.
Payments and Rewards
Bounty payments are processed through multiple payment methods including cryptocurrency and traditional banking. Payment amounts are determined by Program Owners based on vulnerability severity and impact.
- Rewards are determined solely by Program Owners
- OOOSEC does not guarantee any specific reward amount
- You are solely responsible for applicable taxes on rewards received
- OOOSEC may report payments to tax authorities as required by law
Sanctions and Export Controls
OOOSEC complies with all applicable economic and trade sanctions, including those administered by the U.S. Office of Foreign Assets Control (OFAC), the European Union, the United Nations Security Council, and the United Kingdom's Office of Financial Sanctions Implementation (OFSI). By using the Platform you represent and warrant that you, any beneficial owner of your account, and any wallet address you use are not subject to such sanctions.
7.1 Prohibited Jurisdictions
We do not onboard, verify, or pay individuals or entities located in, ordinarily resident in, or organized under the laws of jurisdictions subject to comprehensive sanctions. This currently includes:
- Cuba, Iran, North Korea (DPRK), Syria, Belarus, and the Russian Federation (including the so-called Donetsk, Luhansk, and Crimea regions)
- Any other country or region that becomes subject to comprehensive sanctions during the term of these Terms
7.2 High-Risk Jurisdictions
Users connected to high-risk jurisdictions (including but not limited to Afghanistan, Iraq, Libya, Myanmar, Somalia, Sudan, Venezuela, and Yemen) may be subject to enhanced due diligence, additional documentation requests, payment delays, or outright refusal of service at OOOSEC's sole discretion.
7.3 Screening
OOOSEC performs sanctions screening using third-party identity verification (KYC) and blockchain analytics providers. We may, without notice and at any time:
- Verify the country of issuance and validity of the identity document you submit
- Screen any wallet address you link or receive payment to against sanctions and illicit-finance watchlists
- Block, hold, reverse, or refund a payment if a sanctions match is identified at any point in the payment lifecycle
7.4 Misrepresentation
Providing false, misleading, or incomplete information regarding your nationality, residence, location, or sanctions status — including using a VPN or third-party identity to circumvent these restrictions — is a material breach of these Terms and grounds for immediate, permanent termination of your account, forfeiture of any unpaid bounties, and reporting to relevant authorities where required by law.
8Intellectual Property
Vulnerability reports and their contents remain the intellectual property of the researcher until a bounty is paid. Upon payment, the Program Owner receives a non-exclusive license to use the report for remediation purposes.
The Platform and its contents are owned by OOOSEC or its licensors and are protected by intellectual property laws. You may not copy, modify, or distribute Platform content without our express written permission.
Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, OOOSEC SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR GOODWILL, ARISING FROM YOUR USE OF THE PLATFORM.
IN NO EVENT SHALL OOOSEC'S TOTAL LIABILITY EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID TO OOOSEC IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED SINGAPORE DOLLARS (SGD 100).
10Indemnification
You agree to indemnify, defend, and hold harmless OOOSEC and its officers, directors, employees, and agents from any claims, damages, losses, or expenses arising from: (a) your use of the Platform; (b) your violation of these Terms; (c) your violation of any third-party rights; or (d) your Submissions or content.
Dispute Resolution
Governing Law
These Terms shall be governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law principles.
Arbitration
Any dispute arising from these Terms shall be resolved by arbitration administered by the American Arbitration Association (AAA). The seat of arbitration shall be San Francisco, California, with proceedings conducted in English before a single arbitrator.
Class Action Waiver
YOU AGREE THAT ANY DISPUTE RESOLUTION WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.
12Modifications
OOOSEC reserves the right to modify these Terms at any time. We will notify you of material changes by posting the updated Terms and updating the "Last updated" date. Your continued use of the Platform after changes constitutes acceptance of the updated Terms.
13General Provisions
- Entire Agreement: These Terms, together with our Privacy Policy and Responsible Disclosure Policy, constitute the entire agreement between you and OOOSEC.
- Severability: If any provision is found unenforceable, the remaining provisions continue in full force.
- Waiver: Failure to enforce any right does not constitute a waiver of that right.
- Assignment:You may not assign these Terms without OOOSEC's written consent. OOOSEC may assign without restriction.
Contact
For questions about these Terms, contact us at: