Last update : Jan. 24, 2017
** This English translation is for reference purpose only. Only the Japanese version is valid and binding. **
Article 1: General Terms
- This terms of Service (hereinafter, “TOS”) stipulates the terms the user of the website “BugBounty.jp” (hereinafter, referred to as “Site” and the service provided by Sprout through the Site shall be referred to as “Service”) run by 株式会社スプラウト (hereinafter, “Sprout”) must follow as well as govern the relationship between Sprout and governs the relationships between and user.
- The user of the Service, regardless of whether they registered as a user described hereunder, shall use the Service after fully understanding and agreeing the follow the terms of this TOS, and whenever a user uses the Service, the user shall be deemed to have agreed to be bound to the this TOS.
Article 2: Definitions
The following terms shall be used with the following definitions within this TOS.
- “Member” shall mean individuals and corporation that performed the user registration procedure, and Sprout has accepted their registration.
- “Corporate Member” shall mean a Member who is a corporation or other judicial person.
- “Individual Member” shall mean a Member who is an individual. When also referring to ones who use the Site without registration, alongside Corporate Members, they shall be referred to as “Member/Users”.
- “Contents” shall mean information that a Member provides/shows to other Members.
- “Vulnerability Information” shall mean bugs and other vulnerability information related to websites, software, application, hardware product and provided by Corporate Members (hereinafter, “Corporate Member Service”) to Corporate Members.
- “Site Point” shall mean points distributed within the Site to Individual Members according to certain conditions set by Sprout.
- “Program Rules” shall mean rules set by Corporate Members when they request Individual Members to perform research on Corporate Member Services.
Article 3: Amendments to this TOS
- Sprout may change the terms and condition of this TOS by modifying this TOS when such change meet either of the following conditions, and it shall be deemed that such change was agreed upon, and no individual agreement with each Member shall be necessary.
- When the change of this TOS matches with the general interest of the Members.
- When the change of this TOS does not contradict with the purpose of the Service, and such change is reasonable in respect to the necessity of such change, the appropriateness of such change, and other situations relevant to the change.
- Whenever Sprout chooses to change the TOS in accordance to the previous paragraph, Sprout set the period of change and notify the (a) fact the the TOS will be changed, (b) the changed TOS, (3) and when the TOS will change at a designated location of the Site.
- Whenever there is a change to the TOS not in accordance with the previous 2 paragraphs, the Member must re-agree to such change at the first sign in after such change.
Article 4: User Registration
- User registration shall be performed by the one who shall be the Member themselves (In case of a corporation, its representative or other person with authority to execute agreements with third parties), and registration through agents shall is not accepted.
- The one who preforms the registration process (hereinafter, “Registration Applicant”) shall warrants that all registration information they enter is true, correct and up-to-date, and shall assume all responsibility arising out of any information being not true, incorrect or not up-to date.
- An Registration Applicant who is an individual shall qualify with all the following conditions. A Registration applicant who is a corporation shall qualify with the following conditions (III) to (V)
- be age 18 or older.
- if a minor, has received a comprehensive permission of their statutory agent.
- hold a valid email address.
- is not already a Member (unless specifically granted exception by Sprout)
- agree to and accept all terms of this TOS.
- has never belong to any organized crime group, and have to relation with such group. In case where a Registration applicant is a corporation, its major investors such as stock holders, and its officers are not a member of organized crime group.
- Sprout may reject to register a Registration Applicant as a Member if they qualify to one of the following conditions. Sprout may also suspend or cancel Membership, or cancel part or all of the rights associated with a Membership. In such case, Sprout may reject the use of the Site by that party in the future.
- Applying for membership with false or confusing content.
- The Registration Applicant has breached contractual duties in relation to deal with other users within services Sprout has provided in the past.
- Has breached laws, regulation or this TOS.
- Illicit activities in relation to the use of the Service.
- Lost qualification to become a Member after registration, or found to have not been qualified.
- Troubles with other Members (regardless whether there is intent or fault or not) and third parties exceeding the level acceptable to Sprout.
- Complaints from other Members and third parties (regardless whether there is intent or fault or not) exceeding the level acceptable to Sprout. Such complaints include complaints that Sprout employees receive from Members regarding the the service level, speed of service, and service quality.
- There was not a certain amount of sign in during a period set separately by Sprout.
- An attachment, a provisional attachment, provisional disposition related to this TOS, a compulsory execution, bankruptcy, civil rehabilitation, special liquidation, corporate reorganization is filed against a Member, or a Corporate Member dissolves.
- A promissory note bounced, suspension of transaction with banks, or other reasonably equivalent financial state.
- When Sprout judges that there is a serious impediment in pursuing business.
- Whenever a Member qualifies to any of the item of the previous paragraph, Sprout may, at its reasonable discretion, suspend any payment to a Member for a reasonable period of time, or settle the account by other reasonable means and not perform the payment, or simply not perform the payment.
- Members may withdraw from membership by initiating the procedure at a designated page of the Site if they choose to do so.
Article 5: Managing ID and password
- Members shall properly manage their ID and password that they registered in the Member Registration process stipulated in Article 4 under their own responsibility and take steps to prevent the misuse of their ID and password.
- Members shall not let third parties use or lent, grant, move title, sell, etc., their ID/password.
- Members shall be fully responsible for any damages caused by mismanagement, mistaken use, third party use of the password or ID of the Site, and Sprout bears no responsibility.
- Whenever Member finds that their password or ID is stolen or used by a third party, the Member shall immediately contact Sprout and follow the instruction from Sprout.
Article 6: Obligations of Sprout
- Sprout will, within the Site, provide an online platform to match Individual Members who investigate contents provided by Corporate Members for security diagnosis, and finding vulnerabilities.
- It is confirmed that Sprout is not a party to communication and agreements performed Corporate Members and Individual Members, and Sprout is not an agent, broker or in any legal position granted authority.
Article 7: No Warranty
- Sprout does not check the contents, accuracy, legality (hereinafter, including the infringement of Intellectual property and other third party rights), usefulness, credibility of the information provided by Members (regardless of whether or not the information is public. Includes, but not limited to, Contents and Vulnerability Information. Hereinafter, “Member Produced Information”), nor has the obligation to check, and provides no warranty.
- Sprout does not provide any warranty contents, accuracy, legality (hereinafter, including the infringement of Intellectual property and other third party rights), usefulness, credibility of the material provided by Members and does not bear any responsibility.
- In addition to the previous paragraphs, Sprout does not provide any warranty to the content, quality or standard of the Service, stable availability, or any results from using the Service. Even if inaccurate, inappropriate, or unclear content, expression, or acts within provident the Site cause direct or indirect damage to Members or third parties, Sprout will take no responsibility regarding the damage unless there is intentional violation or gross negligence, or a violation of the Consumer Contract Act against an Individual Member.
Article 8: Intellectual Property
- Sprout does not claim any copyright over Member Produced Information. However, Members shall provide Sprout a non-exclusive license to use the copyright (including the rights stipulated in Article 28 and 29 of the Copyright Act) of the Member Produced Information for to use within the Service and business related to the Service. Members shall not claim any moral right over the Member Produced Information against Sprout.
- Sprout shall have the right to, at Sprout’s discretion, modify, edit, move or edit Member Produced Information without notifying the Member in advance, but shall have no obligation to do so.
- It is confirmed that copyright over information that constitute the Service, except for Member Produced Information, belongs to Sprout or the copyright holder that licensed Sprout.
- Sprout does not support, approve, endorse, confirm or agree to any of the Member Produced Information. Member Produced Information shall be provided at the responsibility of the Member relevant to the Member Produced Information. Even when a Member gets in a dispute with a third party regarding Member Produced Information because of defamation, privacy violation, etc., Sprout will bear no responsibility unless there is intentional violation or gross negligence, or a violation of the Consumer Contract Act against an Individual Member, and will provide no assistance in such dispute.
Article 9: Responsibility of Corporate Members
- Sprout does not warrant that the Vulnerability Information provided to the is complete, true or reliable. Corporate Members accept that Vulnerability Information provided by Individual Information may be inaccurate or inappropriate, or include inappropriate information such as slander towards the Corporate Member.
- Sprout shall never bear responsibility to the content of the Vulnerability Information or for any damages caused by the Vulnerability Information. Such damage includes, but is not limited to damage caused by Individual Member disclosing the Vulnerability Information.
- Corporate Members are recommended to pay rewards (hereinafter, “Reward(s)” to Individual Members whenever an Individual Member provides Vulnerability Information to a Corporate User. Corporate Members agree to bear 100% of the Reward paid to Individual Members, and shall pay equivalent to 25% of the Reward (hereinafter, “Handling Fee”) to Sprout.
- Corporate Member shall pay the Reward stipulated in the previous paragraph by wiring to Sprout together with Handling Fee (hereinafter, “Fee”). Sprout shall bear the responsibility to pay the Individual Members, and Sprout will not refund any Fee paid by Corporate Member. Depending on the address of the Corporate Member or the address of the Individual Member, the Fee may be subject to national, state, or local taxes, consumption tax, VAT, property tax or other equivalent tax.
- Sprout does not wish to receive information that is not necessary in providing the Service. Whenever Sprout receives information that is not necessary to provide the Service, Sprout will not treat such information as confidential unless there is a separate agreement with the Member.
Article 10: Obligation of Individual Members
- Individual Members shall provide Vulnerability Information to Corporate Members under its own responsibility. Individual Member shall be take full responsibility for the content of the Vulnerability Information and effect they may arise from Corporate Members or other Individual Members using the Vulnerability Information.
- Individual Member express and warrants that they hold all necessary rights (including, but not limited to, copy right) to provide the Vulnerability information to Corporate Members.
- Individual Member shall use to vulnerability report form designated by Site when reporting Vulnerability Information to a Corporate Member, and reporting in any other manner will not be the subject of reward.
- Individual Members shall not disclose, publish, or leak any dealings with Corporate Members (including, but not limited to, Vulnerability Information reports) to any third party, by whatever means, except when authorized by the Corporate Member.
- Upon the vulnerability report has been validated and considered eligible for reward payment (hereinafter as “bug acknowledgement”), Individual Member shall promptly provide bank information including the full name, a current physical address and bank (wire) transfer details to Sprout. Failure to provide the bank information required within 90 days of the bug acknowledgement may result in ineligibility for receiving the reward payment.
Article 11: Damages and Lack of Warranties
- Sprout does not provide any warranty to the following matters, and all responsibilities of Sprout regarding the following matters shall be waived unless there is intentional violation or gross negligence, or a violation of the Consumer Contract Act in the part of Sprout. Even in cases where Sprout is obliged to pay damages to Corporate Members, such damages shall be limited to the amount such Corporate Member has paid Sprout within the previous year.
- Integrity, accuracy, availability, timeliness, safety and reliability of information (including Vulnerability Information) provided by Members.
- Damage caused to computer systems, loss of date and damage caused by using the Vulnerability Information.
- Deletion, failure to save, and failure to transmit Vulnerability Information and other information provided by Members.
- Inability to access the Service.
- Slander and other comments and act within the Service by third parties (including Members) who are not Sprout.
- Unauthorized access, unauthorized modification and other act to the Service by third parties.
- Members shall compensate Sprout and all damage (direct and indirect, including extended damage, attorney’s fees and other court costs) caused by misuse of information they obtained from the Service, breach of this TOS or act that uses the Service.
- Sprout shall have the authority to monitor whether Members are using the service in accordance with the TOS, and whether there a violations or fraudulence.
- The dealing between the Corporate Members and Individual Members provided by Service can only be viewed by sender and receiver of such dealing and by Sprout. Sprout may, including the surveillance stipulated in the previous paragraph, may view such dealing when necessary, to the extent necessary in providing the service, and take measures Sprout finds necessary against Members’ breach of this TOS or other fraudulent activity, as well as delete part or all of the dealings if Sprout finds it an issue in the light of this TOS.
- This TOS constitutes the complete and exclusive agreement between Sprout and Member regarding the Service (excluding separate agreements with this site added to or stipulated in this TOS), and supersedes all prior agreement regarding the Service made before this TOS is executed.
Article 12: Personal Information
Article 13: Notice
Whenever Sprout needs to notify Members, it will do so by either email or telephone. Whenever a Member needs to notify Sprout they shall do so by email or telephone. Sprout does not accept notice by visitation unless Sprout specifically approves its necessity.
Article 14: Jurisdiction
Whenever there is a conflict between between Sprout and Members, the Tokyo District Court shall have exclusive jurisdiction.
Article 15: Governing Law
This TOS shall be governed by Japanese Law.