Terms of Service
The rules governing your use of the BugRakshak platform. These Terms apply to all users — companies, researchers, and visitors. Last updated: April 1, 2026.
1. Acceptance of Terms
By accessing or using BugRakshak's platform (bugrakshak.com and associated APIs, tools, and services), you agree to be bound by these Terms of Service ('Terms'). If you disagree with any part of these Terms, you must not use the platform. These Terms apply to all users, including company accounts ('Clients'), security researchers ('Researchers'), and visitors.
2. Platform Description
BugRakshak Technologies Private Limited ('BugRakshak', 'we', 'us') operates a security research platform connecting Clients (companies running bug bounty programs) with Researchers (ethical hackers identifying vulnerabilities). BugRakshak facilitates report submission, triage, payment processing, and program management but does not itself conduct security testing.
3. User Accounts & Eligibility
3.1 Eligibility
Platform access is restricted to users 18 years or older. Researchers must successfully complete identity verification and agree to our Researcher Code of Conduct. Company accounts require a valid business registration.
3.2 Account Security
You are responsible for maintaining the security of your account credentials. BugRakshak will not be liable for losses arising from unauthorized access to your account. Enable two-factor authentication — it's strongly recommended.
3.3 Single Accounts
Each individual may maintain only one Researcher account. Creating multiple accounts to circumvent program restrictions, negative reputation scores, or bans is grounds for permanent termination.
4. Researcher Obligations
4.1 Authorized Testing Only
Researchers must only test targets explicitly listed within a program's defined scope. Testing out-of-scope targets, even if vulnerabilities are discovered, constitutes unauthorized access under the Information Technology Act, 2000.
4.2 No Harm & No Data Exfiltration
Researchers must never: (a) exfiltrate, store, or use personal data encountered during testing; (b) cause disruption to systems under test; (c) perform social engineering on employees; (d) conduct physical security attacks.
4.3 Confidentiality
All vulnerability information in private programs must remain strictly confidential. Researchers may not disclose, share, or discuss findings from private programs without explicit written permission from the Client.
4.4 Duplicate Reports
Submitting known duplicate vulnerabilities in bad faith may result in account penalties. Use your best judgment to verify the uniqueness of a finding before submission.
5. Client Obligations
5.1 Accurate Scope Definition
Clients are responsible for accurately defining their program scope. Any assets not clearly listed as in-scope are considered out of scope. BugRakshak is not liable for researcher activities on assets Clients fail to exclude.
5.2 Timely Response
Clients must respond to validated vulnerability reports within the agreed SLA. Failing to respond within 90 days of triage-validated findings may result in coordinated disclosure by researchers.
5.3 Payment Obligations
Clients must maintain sufficient funds in their bounty pool to cover potential payouts. BugRakshak may suspend program visibility if the bounty pool balance falls below the minimum reward for any active severity category.
6. Payments & Rewards
Rewards are processed by BugRakshak on behalf of Clients. BugRakshak does not take commission on researcher rewards. Platform subscription fees are non-refundable. Reward amounts are set by Clients within their program policy. Disputes are resolved by BugRakshak's triage team and their decisions are final. Payment processing may take 3–7 business days depending on your payment method.
7. Intellectual Property
Researchers retain ownership of their vulnerability research and reports. By submitting a report, Researchers grant BugRakshak and the relevant Client a license to use, reproduce, and act upon the submitted information for the purpose of remediation. Clients retain all rights over their product source code. BugRakshak retains all rights to the platform, algorithms, and aggregated data.
8. Prohibited Activities
Users must not: (a) use the platform for any illegal activity; (b) upload malware or malicious code; (c) attempt to compromise BugRakshak's own infrastructure; (d) impersonate other users or BugRakshak employees; (e) automate platform access in violation of rate limits; (f) harass, threaten, or abuse other platform users.
9. Limitation of Liability
BugRakshak's liability is limited to the greater of (a) fees paid by you in the 12 months preceding the claim, or (b) ₹10,000. BugRakshak is not liable for indirect, consequential, or punitive damages. BugRakshak does not guarantee that Researchers will find all vulnerabilities or that submitted reports will be accepted.
10. Governing Law & Dispute Resolution
These Terms are governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of courts in Bangalore, Karnataka. We encourage resolution through our internal dispute resolution process before pursuing legal action. For disputes under ₹10L, we offer binding arbitration under the Arbitration and Conciliation Act, 1996.
11. Changes to Terms
We may update these Terms at any time. Material changes will be communicated via email and platform notification with 30 days notice. Continued use of the platform after the effective date constitutes acceptance of the updated Terms.
12. Contact
For legal queries, contact our legal team at legal@bugrakshak.com or send correspondence to: BugRakshak Technologies Pvt Ltd, 4th Floor, Prestige Platina, Koramangala, Bangalore 560034, India. CIN: U72900KA2023PTC175234.
Questions About These Terms?
Contact our legal team at legal@bugrakshak.com. For general support, visit our Help Center.