CESPPA Terms & Conditions

Who Are We?

CESPPA, Inc. and its affiliates (collectively, " CESPPA", " we", " us" or " our") provide a platform and related services (collectively, “ Services”) made available via our website located at www.cesppa.com (“ Site”). The Site and Services connect CESPPA customers (“ Customers”) who seek to identify vulnerabilities within their products, with volunteer security researchers (“ Researchers”) who identify and report vulnerabilities or bugs. Through the Site and/or Services, Researchers can access posted programs describing Customers’ products (each, a “ Program”), communicate with CESPPA, Customers and/or other Researchers about Programs, and test for vulnerabilities per Customers’ guidelines as identified within the Program. Researchers may receive awards or bug bounties for reporting valid, eligible vulnerabilities.

Terms of Use

PLEASE CAREFULLY READ THESE TERMS OF USE (“ TERMS”). BY ACCESSING OR USING THE SITE OR SERVICES, YOU INDICATE THAT YOU UNDERSTAND AND AGREE TO THE TERMS, AS WE MAY CHANGE THEM FROM TIME TO TIME. IF YOU DISAGREE, DO NOT ACCESS OR USE THE SITE OR SERVICES.

If you agree to the terms on behalf of a corporate entity, you represent and warrant that you have the authority to bind that entity and, in such event, " you" and " your" will refer and apply to that entity. If we change the Terms, we will post the changes online or electronically notify you, but you are responsible for periodically reviewing the Terms for changes. If you use the Site or Services after any such changes, that means you accept them. If you object, your only recourse is to stop using the Site and Services.

We are continuously updating and improving the Site and Services and reserve the right to change the Site, Services or Materials, in whole or in part, without notice or liability. If a Program is inactive or unattended by Customer, we may remove or disable access to Program materials or vulnerability reports if Customer does not timely respond to our written notice requiring attention.

These Terms incorporate by reference CESPPA’s Privacy Policy ( https://www.cesppa.com/#/legal/privacy-policy), which explains how we collect, use and disclose your personal information. Any other policies or terms associated with specific Services are fully incorporated into the Terms and govern to the extent they conflict with the Terms. In addition to these Terms, Customers must agree to a separate Master Services Agreement; and Researchers must agree to separate Researcher Terms ( http://cesppa.com/#/legal/researcher-agreement)

Account

To access or use certain features of the Site and Services, create Programs, or test a product, application or network and submit vulnerability reports, you must register to create a CESPPA account (" Account"). You may have only one active Account. You agree to provide current, accurate and complete Account registration information at all times. You are responsible for maintaining the confidentiality and security of your login credentials. You are responsible for any activity under your Account, whether or not you have authorized such activity. You will immediately notify us of any unauthorized use of your Account.

CESPPA License

We grant you a non-exclusive, non-transferable, revocable license to access and use our Site and Services strictly in accordance with the Terms. You may use the Site and Services, including any data, information, content, applications, tools and materials made available (collectively, “ Materials”), solely for the purposes contemplated in these Terms and any other applicable terms or agreement with CESPPA. You may not copy, reproduce, alter, modify, create derivative works from, rent, lease, loan, sell, distribute or publicly display any Materials without the prior written consent of CESPPA and any applicable Customer. Any other use of the Site, Services and/or Materials is a violation of this license and may result in termination of your Account. All rights not expressly granted to you in this Agreement are reserved.

User License

You grant us, and you represent and warrant that you have the right to grant, a royalty-free, sub-licensable, transferable, perpetual, irrevocable, non-exclusive, worldwide license to use, reproduce, modify, publish, list information regarding, edit, translate, distribute, publicly perform, publicly display, and make derivative works of any communications, images, sounds, and all data, information and materials that you upload or transmit through the Services, or that other users upload or transmit, including without limitation any comments (collectively, “ User Content”), including without limitation your name, voice, and/or likeness as contained in such User Content, in whole or in part, and in any media, technology or format, whether now known or later developed, for use in connection with the Site, Services and Materials.

You are solely responsible for all User Content. Accordingly, you represent and warrant that: (A) you own all User Content or have all rights, licenses, permissions and releases needed to grant us the rights in the User Content, as contemplated under the Terms; and (B) the User Content will not infringe, misappropriate or violate a third party’s intellectual property, publicity, privacy or other proprietary rights or violate any applicable law or regulation.

Confidentiality

We understand that we may receive Confidential Information of Customer, Customer understands that it may receive Confidential Information of CESPPA, and Researcher understands that Researcher may receive Confidential Information of a Customer or CESPPA. The receiving party agrees not to disclose to any third person any Confidential Information of another party and not to use another party’s Confidential Information for any purpose not contemplated by the Terms; provided, that, Customer or Researcher agrees that CESPPA may collect data with respect to Services and Programs and report on the aggregate response rate, aggregate awards paid and other aggregate measures (" CESPPA Aggregate Data") and the CESPPA Aggregate Data is not Confidential Information.

Acceptable Use

You agree that you will not attempt, do or enable the following

  • A. send unsolicited bulk communications (spam);
  • B. register multiple active Accounts;
  • C. transmit any data or information that is inaccurate, false, fraudulent, deceptive or misleading, that is abusive, threatening, obscene or defamatory, that infringes, misappropriates or violates any third-party Intellectual Property Rights, or that is otherwise objectionable or unlawful;
  • D. access or use the Site, Services or Materials for any unauthorized or unlawful purpose or to promote illegal activities;
  • E. harass, abuse, impersonate or otherwise harm another person or group;
  • F. access or use another user’s Account without permission;
  • G. access, tamper with or use non-public areas of the Site, Services or the systems of CESPPA or our providers;
  • H. interfere with the Site or Services;
  • I. test, probe or scan the Site or Services, or breach security or authentication measures, without the express prior consent of CESPPA and any applicable Customer or third party;
  • J. make any automated use of the Site or Services, or take any action that in our determination imposes or potentially imposes an unreasonable or disproportionately large load on our systems or networks;
  • K. bypass any robot exclusion headers or other measures that we take to restrict access to the Site or Services, or use any software, technology, or device to scrape, spider, or crawl the Site or Service or harvest or manipulate data;
  • L. use, display, mirror or frame any portion of the Site, Services or Materials without our express written consent;
  • M. use any communication systems provided by us, or contacts made on the Site or Services, for any commercial solicitation purposes;
  • N. transmit, publish or link to content or data that may harm, damage or disrupt the Site, Services, Materials, Customers or other users.

By accessing or using the Site, Services or Materials, you agree to and represent and warrant the following:

  • A. You will comply with all applicable laws, rules and regulations;
  • B. You are not a citizen or resident of, or located in, a country that is subject to sanction or embargo or in which access to or use of the Site, Services or Materials is legally prohibited; and
  • C. You are not identified on, nor employed by or associated with an entity that is identified on, the U.S. Department of Commerce’s Denied Persons or Entity List, the U.S. Department of Treasury’s Specially Designated Nationals or Blocked Persons Lists or the U.S. Department of State’s Debarred Parties List, or that is otherwise ineligible to receive items subject to U.S. export control laws and regulations.

Intellectual Property

The Site, Services and Materials are protected by intellectual property laws of the United States and foreign countries. CESPPA and our respective licensors retain ownership of the Site, Services, Materials and all associated Intellectual Property Rights. “ Intellectual Property Rights” means all patents, copyrights, trade secrets, trademarks and service marks, trade names, trade dress, goodwill and marketing rights related thereto, works of authorship, inventions, discoveries, improvements, enhancements, methods, processes, formulas, designs, techniques, derivative works, all other intellectual property or proprietary rights (registered or not) and equivalents or similar forms of protection existing worldwide, and all applications for and registrations in such rights. All service marks, trademarks, trade names, logos and any other proprietary designations of CESPPA are owned by CESPPA. Any other service marks, trademarks, trade names, logos and other proprietary designations are the property of their respective owners. You will not change, obscure or remove any notices of Intellectual Property Rights or other proprietary rights incorporated into or accompanying the Site, Services or Materials.

Feedback

We welcome and encourage you to submit at info@cesppa.com any feedback, comments, suggestions, recommendations, enhancement requests and data regarding the Site and Services (collectively, “ Feedback”). All Feedback will be the sole and exclusive property of CESPPA. You hereby irrevocably assign to us all right, title and interest in and to Feedback, including without limitation all Intellectual Property Rights and other rights therein.

Termination

If you cause or allow any interference with the Site, Services or Materials or other violation of these Terms, you are liable for all damages and costs including reasonable attorneys' fees and collection agency commissions, fines and enforcement costs, and other relief available to CESPPA at law or in equity, as well as immediate suspension or termination of your Account and all rights or licenses in the Site, Services and Materials

Upon suspension or termination, you must stop using the Site, Services and Materials. If your Account is suspended, deactivated or terminated, CESPPA is not obligated to delete or return to you any User Content or Feedback. You may cancel your Account at any time by sending an email to info@cesppa.com.

Filing a Digital Millennium Copyright Act (“DMCA”) notice that alleges copyright infringement:

Per Title II of the DMCA, all claims that allege copyright infringement for material believed to be residing on the Services should be promptly sent as a written notice to CESPPA’s Designated Agent:

Designated Agent for DMCA Notices CESPPA, INC. 5855 Green Valley Cir. #110 Culver City, CA 90230 Email: legal@cesppa.com

Do not send other notices or communications to the Designated Agent, who is appointed only to receive DMCA notices.

A valid DMCA notice must be in writing and must include all of the following:

  • Signature of copyright owner or person authorized to act on behalf of the owner;
  • Identification of copyrighted work claimed to be infringed;
  • Identification of the material claimed to be infringing or to be the subject of infringing activity and information reasonably sufficient to permit the service provider to locate the material;
  • Information reasonably sufficient to permit the service provider to contact the complaining party (address, phone number and, if available, email address);
  • A statement that the complaining party has a good faith belief that use of the material in the manner complained is not authorized by the copyright owner, its agent, or the law; and
  • A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of the exclusive right allegedly being infringed. See 17 U.S.C. § 512(c)(3)

When CESPPA receives a valid DMCA notice, our policy is to remove or disable access to the allegedly infringing material. Please note: the law imposes substantial penalties for false claims. See 17 U.S.C. § 512(f) – sanctions for material misrepresentations of copyright infringement.

Filing a DMCA counter-notification:

If a DMCA notice alleging copyright infringement is wrongly submitted against you, you may send a counter-notification to CESPPA’s Designated Agent. Per the DMCA, a counter-notification must be in writing and must include all of the following:

  • A physical or electronic signature;
  • Identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access to it was disabled;
  • A statement under penalty of perjury that You have a good faith belief that the material was removed or disabled as a result of mistake or misidentification; and
  • Your name, address, and telephone number, and a statement that You consent to the jurisdiction of federal district court for the judicial district in which the address is located, or if Your address is outside of the U.S., for any judicial district in which the service provider may be found, and that You will accept service of process from the complainant. See 17 U.S.C. § 512(g)(3).

When CESPPA receives a valid counter-notification, our policy is to forward it to the original party who submitted the DMCA notice. Then, within the next 10 days, if that original party does not notify us that it has filed a lawsuit related to the allegedly infringing material, we will restore the removed material or stop disabling access to it.

Repeat Infringer Polic

Per Section 512 of the DMCA, our policy is to terminate the CESPPA Account of repeat copyright infringers under appropriate circumstances, in our sole determination.

The Site, Services and Materials may contain links to third party websites or resources. We provide these links only as a convenience. We are not responsible for the products, services or content available from or through such third-party websites or resources, nor does linking to them create any CESPPA affiliation, sponsorship, endorsement, guarantee, warranty or recommendation. You are solely responsible for, and assume all risk arising from, your use of any third-party websites or resources.

Warranty Disclaimer

THE SITE, SERVICES AND MATERIALS ARE PROVIDED "AS IS" AND WITH ALL FAULTS, AND CESPPA DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, IN LAW OR FROM A COURSE OF DEALING OR USAGE OF TRADE, TO THE FULLEST EXTENT PERMITTED BY LAW. WE MAKE NO WARRANTY THAT THE SITE, SERVICES OR MATERIALS WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE OR ERROR-FREE BASIS. YOU ASSUME FULL RESPONSIBILITY AND RISK OF LOSS RESULTING FROM YOUR ACCESS OR USE OF ANY CONTENT, DATA OR INFORMATION OBTAINED FROM OR THROUGH THE SITE, SERVICES OR MATERIALS.

YOU ARE SOLELY RESPONSIBLE FOR YOUR COMMUNICATIONS AND INTERACTIONS WITH USERS, RESEARCHERS, CUSTOMERS AND OTHER PERSONS IN CONNECTION WITH YOUR ACCESS TO OR USE OF THE SITE, SERVICES OR MATERIALS; AND YOU AGREE TO TAKE REASONABLE PRECAUTIONS IN ALL SUCH COMMUNICATIONS AND INTERACTIONS. YOU UNDERSTAND THAT CESPPA DOES NOT VERIFY THE STATEMENTS OF USERS, NOR DOES CESPPA VISIT OR REVIEW CUSTOMER PROGRAMS OR RESEARCHER VULNERABILITY REPORTS.

Limitation of Liability

CESPPA, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS AND PARTNERS WILL NOT BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION LOSS OF BUSINESS, REVENUES, CUSTOMERS, CONTRACTS, PROFITS OR GOODWILL, LOST OR DAMAGED DATA OR USER CONTENT, BUSINESS INTERRUPTION OR REPLACEMENT SERVICES, COMPUTER DAMAGE OR SYSTEM FAILURE HOWEVER CAUSED AND REGARDLESS OF THEORY OF LIABILITY, WHETHER OR NOT SUCH PARTY KNEW OR HAD REASON TO KNOW OF THE POSSIBILITY OF SUCH DAMAGES AND WHETHER OR NOT THE REMEDIES PROVIDED HEREIN FAIL OF THEIR ESSENTIAL PURPOSE. CESPPA WILL NOT BE LIABLE FOR ANY DAMAGES RESULTING FROM ANY DELAY IN PERFORMANCE DUE TO CAUSES BEYOND OUR CONTROL, INCLUDING WITHOUT LIMITATION ACTS OF GOD OR GOVERNMENT, CIVIL DISORDER, TERRORISM, WAR, CASUALTY, LABOR DISPUTE, MALICIOUS ATTACK, FAILURE OF ANY TECHNOLOGY OR CONNECTION OR OTHER FORCE MAJEURE EVENT.

CESPPA’S AGGREGATE LIABILITY IN CONNECTION WITH THIS AGREEMENT IS LIMITED TO THE LESSER OF (A) DIRECT DAMAGES PROVEN BY YOU OR (B) THE AMOUNT OF FEES OR CHARGES PAID BY YOU TO CESPPA DURING THE 12 MONTH PERIOD BEFORE THE DATE ON WHICH THE CLAIM AROSE. YOU MAY NOT BRING ANY SUCH CLAIM OR ACTION MORE THAN ONE YEAR AFTER THE DATE ON WHICH IT AROSE.

BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR LIMITATIONS OF LIABILITY, SOME OF THESE EXCLUSIONS OR LIMITATIONS MAY NOT APPLY TO YOU. IF YOU ARE A CALIFORNIA RESIDENT, YOU WAIVE CALIFORNIA CIVIL CODE SECTION 1542, WHICH PROVIDES:

"A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR DOES NOT KNOW OR SUSPECT TO EXIST IN HIS FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH IF KNOWN BY HIM MUST HAVE MATERIALLY AFFECTED HIS SETTLEMENT WITH THE DEBTOR."

Indemnification

You will defend and indemnify CESPPA, its affiliates, officers, directors, employees and agents (each, a “ CESPPA Indemnitee”) from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses including without limitation reasonable attorneys’ and accounting fees (collectively, “ Losses”) arising from or related to (A) your access to or use of the Site, Services or Materials, (B) your violation of these Terms, (C) your User Content or (D) your interaction with any other user of the Site or Services.

In addition to the general indemnification obligations set forth above, if you are a Customer you will defend and indemnify the CESPPA Indemnitees from and against any Losses arising from or related to (i) your Program materials or (ii) your use of vulnerability reports.

In addition to the general indemnification obligations set forth above, if you are a Researcher you will defend and indemnify CESPPA Indemnitees from and against any Losses arising from (x) your reliance on Program materials, including without limitation any testing of a product, network, system or its content or (y) your vulnerability reports.

Arbitration of Disputes, Class Action Waiver

Any claim or dispute relating to the Terms, Site, Services or Materials (“Claim”) will be exclusively resolved by binding arbitration rather than in court, except that qualifying claims may be asserted in small claims court. The Federal Arbitration Act and federal arbitration law will apply to Claims. In arbitration, there is no judge or jury, and court review of an award may be limited; but an arbitrator may award the same damages and relief as a court and must follow the Terms just as a court would. You and CESPPA agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated or representative action.

Arbitration will be conducted in Los Angeles, California unless you choose to have it conducted by telephone, based on written submissions, or the parties mutually agree to another location. The arbitration will be conducted under JAMS’ Comprehensive Arbitration Rules and Procedures, per the Expedited Procedures in those Rules. See http://www.jamsadr.com/rules-comprehensive-arbitration/ or call 1-800-352-5267. The JAMS rules will govern payment of filing, administration and arbitrator fees. The arbitrator will award to the prevailing party its costs and reasonable attorneys' fees, or an appropriate percentage thereof if the arbitrator determines the prevailing party won some but not all Claims. Judgment on an arbitration award may be entered in any court with competent jurisdiction.

You and CESPPA agree that either party may sue in court to enjoin infringement or other misuse of Intellectual Property Rights. If such a claim proceeds in court, you and CESPPA waive any right to a jury trial, the exclusive jurisdiction and venue of that action will be the state or federal courts in Los Angeles, California and the parties consent to the mandatory jurisdiction and venue of these respective courts.

Publicity

CESPPA may use Customer's and/or Researcher’s name, logo, and Account profile picture in any publicity, testimonial or advertising describing the relationship between the parties

Miscellaneous

These Terms, and any other written agreement with CESPPA regarding the Site, Services and Materials, are the entire agreement between CESPPA and you regarding such subject matter and supersede any other agreement or understanding. The Terms are governed by California state law, without regard to conflict of laws principles. If any provision of the Terms is held unenforceable or contrary to law, it will be replaced with an enforceable provision that best accomplishes the original goals, without invalidating the other terms. No failure or delay to enforce CESPPA’s rights will be deemed a waiver of any rights. CESPPA may assign the Terms, in whole or part, to an affiliate or in connection with a Change of Control. “ Change of Control” means one or more transactions whereby (a) control of an entity is transferred, (b) all or substantially all of the entity’s assets or securities are acquired or (c) the entity is merged or consolidated with or into another entity; provided, that such entity’s equity owners of record immediately before the transaction(s) will, immediately after the transaction(s), hold less than 50% of the voting power of the acquiring, succeeding or surviving entity. You may not assign or transfer the Terms, in whole or part, without CESPPA’s prior written consent and any attempt to do so is null and void. The Terms will be binding on your permitted successors and assigns. There are no third-party beneficiaries to the Terms, other than CESPPA’s third-party information providers. The Terms do not establish a partnership, joint venture, association or agency relationship or other co-operative entity between CESPPA and you. Section headings are just for reference. “ Including” means “including but not limited to.” Terms with well-known technical or industry meanings are construed as such. You agree that the Uniform Computer Information Transactions Act and the United Nations Convention on Contracts for the International Sale of Goods will not apply to these Terms. Unless otherwise expressly stated, to the extent permitted by applicable law, the rights and remedies provided for hereunder are cumulative and in addition to any other rights and remedies at law or equity. If these Terms are terminated, the proprietary rights, warranty disclaimer, your representations and warranties, indemnification, limitations of liability and miscellaneous provisions will survive.

Contact Us

All notices to CESPPA regarding the Terms must be in writing, delivered by certified mail return receipt requested, by registered mail, or by a reputable private courier or mail service to: CESPPA, Inc., c/o Legal Department, 5855 Green Valley Cir. #110, Culver City, CA 90230.

For any other questions, please contact us through the Site or Services, or email us at legal@cesppa.com.

CESPPA