Close

Other sites

Close

Terms and Conditions

Version 3.0.0 – 2019-01-29

These general terms and conditions of use (“T&Cs” or the “Contract”) for the YESWEHACK platform are intended to define contractual relations between YesWeHack and any Hunters using the Website. The Website and the Bug Bounty Services of the YESWEHACK platform are published and operated by YesWeHack, a simplified joint stock company (SAS) with share capital of €31,420.74, located at 14, Rue Charles V 75004 Paris (SIRET: 81403721400016).

YesWeHack reserves the right to make changes to the T&Cs, the Website and the Services. The Hunter shall be informed of any changes when connecting to his/her personal account. The new version of the T&Cs will also be available on the website. It shall come into effect within EIGHT (8) days of sending this email, or if applicable on any other date stated by YesWeHack. If he/she disagrees with the new requirements, the Hunter undertakes to cease to use the Website and/or Services, which shall result in the de facto termination of the Contract.

 

1. DEFINITIONS

Some of the following definitions are also specified in the FAQ. In the event of discrepancy or difficulty in interpreting these definitions, it is expressly agreed that the definitions of the T&Cs prevail.

The YESWEHACK platform: refers to the registered trademark owned by YesWeHack, a simplified joint stock company (SAS) with share capital of €31,420.74, located at 14 Rue Charles V, 75004 Paris, and used with the framework of these T&Cs. This is a platform with the function of putting Users in contact with Hunters.

eWallet: refers to the means of payment used for payment and storage of the Hunter’s cash Rewards. This is not a bank account.

Hunter: refers to a natural person participating in a Bug Bounty program. The Hunter carries out Tests on a System and as part of a Bug Bounty program. This person is an IT security researcher. The Hunter can act on a non-professional or professional basis, individually or on behalf of a company.

Login details: refers to the login/password combination allowing the Hunter to access his/her account.

Bug Bounty program: refers to Tests authorised by the User (Systems designation, type of Tests, eligibility, frequency, exclusions, rewards etc.). A Bug Bounty program may be public or private.

Services: refers to the Services provided to the Hunter on the Website, including creation of the Hunter’s personal account on the YESWEHACK platform.

Website: refers to the website accessible at the address URL https://yeswehack.com/ allowing Hunters to benefit from Services on the YESWEHACK platform.

System: refers to the User’s systems (servers, websites, applications, software, modules, interfaces etc.) on which Tests are carried out, whether hosted by the User or with a third party.

Tests: refers to the tests the User wishes to have executed and which are in keeping with the Bug Bounty program validated by YesWeHack. These Tests are reflected in particular by any action able to reach a User System, analyse the level of security in place and find Vulnerabilities.

User: refers to a natural or legal person using the Website to have tests carried out on their System in accordance with the Bug Bounty program defined.

Vulnerabilities: refers to any fault, incident or security breach that on its own or cumulatively has repercussions on the use or operation of System functionalities.

Invoicing mandate: refers to the contract under which the Hunter assigns to YesWeHack the preparation of invoices including the rewards owed to him/her at the end of the Tests.

Reward: refers to any sum of money or material good granted to the Hunter if the successfully carry out the Tests, i.e. if he/she discovers proven Vulnerabilities in the System that were previously unknown.

 

2. OBJECT

These T&Cs are intended to define the means and conditions of access and use of the Website and/or Services for Hunters.

 

3. ABOUT THE SERVICE

The YESWEHACK platform is a platform that brings Users and Hunters together in order for Users to submit all or some of their Systems to Tests, which will be carried out by the Hunters.

The stages are as follows:

  • A User publishes a Bug Bounty program on the Website;
  • Within the framework of a Private program, the User defines the list of skills or names of Hunters invited to the Bug Bounty program;
  • Hunters carry out Tests and then write a report on the Vulnerabilities found;
  • The User does or doesn’t validate the Vulnerabilities reported and their levels of criticality;
  • The Hunter who has allowed for a valid fault to be detected and who prepares a clear report with a level of criticality in keeping with the Bug Bounty program can be rewarded by the User, by allocating points in accordance with criteria defined on the YESWEHACK platform in its FAQ in particular, and/or by allocating a Reward in cash or in the form of material goods;
  • The Hunter can take part in rankings and use his/her results on all YesWeHack platforms.

 

4. REGISTRATION PROCESS

4.1. Age requirement

Use of the Website and/or Services is in principle prohibited for minors (depending on nationality and applicable law).

4.2. Creating a Hunter account

When registering, before creating a personal account, the Hunter must accept these T&Cs, which are subject to signing the Invoicing mandate.

To do this, the Hunter must provide certain information by means of the registration form available on the Website.

The Hunter guarantees that the information provided is accurate, truthful and up to date, and agrees to update this information whenever necessary. If this information proves to be false, incomplete or obsolete, YesWeHack reserves the right to refuse registration and/or interrupt the provision of Services in accordance with the stipulations of Article 13 of the T&Cs.
The Hunter is solely liable for the consequences of failing to update personal information and expressly acknowledges that YesWeHack may only be held liable in the event of untruthful statements concerning the Hunter’s identity.

4.3. Creating an eWallet account

The Hunter must have opened an eWallet account on the MANGOPAY platform for payment of Rewards in cash.

The Hunter acknowledges that he/she has read and agrees to respect MANGOPAY’s terms and conditions of use.

4.4. Accepting the T&Cs

Registering for Services is done via the Website and requires acceptance of the T&Cs and confirmation of this acceptance.

The Hunter expressly acknowledges that he/she has read these T&Cs and given his/her consent. This acceptance given by double clicking is in accordance with Article 1127-2 of the French Civil Code and is accepted as signing of the contract in electronic form.

4.5. Independence of the Hunter

The YESWEHACK platform is exclusively a platform for putting Hunters in contact with Users.

The Hunter expressly acknowledges that there is no relationship of dependency or subordination, whether direct or indirect, with YesWeHack or with a User.

The Hunter acknowledges that he/she acts on an occasional and non-exclusive basis. The Hunter chooses the Bug Bounty program in which he/she wants to intervene and determines alone and autonomously the means by which he/she intends to carry out his/her Tests in accordance with the Bug Bounty program.

Due to this independence, the Hunter may only be excluded from Bug Bounty programs because of a failure to meet an obligation resulting from these T&Cs.

 

5. ACCESS TO SERVICES

Apart from cases of force majeure, YesWeHack agrees, as far as its means permit, to ensure availability and accessibility to the Website and Services. However, control and maintenance operations may be carried out at any time. YesWeHack seeks to prevent, as far as possible, such operations taking place during a period of forty-eight (48) hours before the start of the effective operation YesWeHack shall not be held liable for any consequences resulting from this for any Hunter.

All Hunters acknowledge that he/she knows and understands the Internet and its limitations, and in particular its functional characteristics and technical performances, the risks of interruption, the response times to view, question or transfer information or even the inherent risks of all data transfers. YesWeHack is not responsible for the unavailability of its networks, which are not entirely under its direct control. It is up to each Hunter to equip themselves appropriately, particularly in terms of IT and electronic communications, in order to access the Website and Services and take all appropriate measures to protect themselves and protect YesWeHack against any attacks or damage that may affect data, software or content stored on the Website. YesWeHack is not responsible for the normal wear and tear of the Hunter’s digital media.

The Hunter is responsible for all costs and authorisations necessary to connect to, access and use the Website and/or Services.

All Hunters agree not to impede the correct functioning of the Website and/or Services in any way, particularly as a result of any element that may contain a virus or malicious Bug Bounty program that could damage or affect the Website and/or Services, and, more generally, the IT system of YesWeHack and its co-contractors.

 

6. OBLIGATIONS OF THE HUNTER

The Hunter agrees to use the Services as they stand and in accordance with these T&Cs.

6.1. Legal, taxation and social security obligations

The Hunter is informed that his/her activity (carrying out Tests and Vulnerabilities reports) performed via the YESWEHACK platform may result in an obligation to obtain a certain legal status. The Hunter therefore undertakes to find out the relevant information and obtain the appropriate legal situation for his/her situation.

In addition, the Hunter is informed that income generated from his/her activity on the YESWEHACK platform must be subject to taxation or social security charges in accordance with taxation territoriality criteria. In accordance with these T&Cs, the Hunter expressly acknowledges that he/she is solely reliable for finding out about legal, taxation and social security obligations and subscribing to and complying with such obligations.

The Hunter is required to make any declarations required by the competent tax authorities and social security organisations, in accordance with his/her status and country of residence within and outside the European Union.

Each time a Hunter of French nationality receives a Reward, YesWeHack provides information relating to tax regimes and social security regulations applicable to Rewards gained from Bug Bounty operations in accordance with Article 242-I of the French General Tax Code (Article 23L(j)) no later than 15 January of the year following that in which the information is given. A document mentioning the Hunter’s login details (for natural persons: family name or common name, first names and home address), the number and total gross amount of Rewards achieved during the past year. The Hunter acknowledges that this document should be sent by email no later than 31 January of the year following that in which the information is given, the period from 15 to 31 January allowing the Hunter to rectify the document about them.

To this end, for France, it is imperative that the Hunter is aware of and implements the obligations set out below:

Non-French Hunters undertake to familiarise themselves with the tax and social security regime applicable to them and inform YesWeHack of this so that it can adjust the terms of the invoicing mandate if necessary.

YesWeHack may not under any circumstances be involved in these procedures and cannot be held liable under any circumstances and for any reason as a result of one of these legal, tax or social security obligations, as YesWeHack’s obligations are strictly limited to informing the Hunter of the tax, accounting and social security obligations for which he/she is responsible and providing a document summarising all transactions carried out on the platform. In order to help the Hunter to meet his/her obligations, YesWeHack provides in its FAQ information allowing for guidance by clicking on the following link: FAQ. The Hunter undertakes to consult this information regularly.

6.2 Security of the Website and/or Services

All YesWeHack platforms are also subject to Bug Bounty programs. The Hunter undertakes to inform YesWeHack immediately, by any means, of any error, fault or irregularity observed in use of the Website and/or Services, as soon as he/she becomes aware of it.

The Hunter undertakes not to attempt to amend the headers or try to manipulate the pages of the Website in order to conceal, hijack or amend the Website. It is also prohibited to create a work or a website deriving from all or part of the Website, as well as reselling or redistributing YesWeHack data.

6.3. Protection of login details

Login details are strictly personal and confidential. The Hunter undertakes:

  • to keep them secret;
  • not to communicate them to third parties in any form whatsoever;
  • not to allow third parties to access the Services;
  • to assume sole responsibility for the consequences of any divulging of information in breach of these T&Cs;
  • to inform YesWeHack immediately of any compromise, loss or anomaly observed.

The Hunter acknowledges that he/she is fully liable for any use of the Services.

Consequently, the Hunter acknowledges that actions carried out on his/her behalf are presumed to have been done by the Hunter and shall be attributed to the Hunter, unless he/she provides evidence to the contrary.

YesWeHack reserves the right to suspend the Hunter’s access to his/her account in the event of proven compromise or suspected compromise of his/her login details.

6.4. Tests

The Hunter is not required to first consult the User in order to carry out Tests and shall act at their own convenience for the purposes of carrying out the Tests within the limitations of the Bug Bounty program defined by the User.

The Hunter undertakes to carry out Tests in accordance with the conditions and limitations described in the User’s Bug Bounty program.

Consequently:

  • He/she undertakes to strictly limit actions to the scope defined in the User’s Bug Bounty program.
  • He/she undertakes not to repeat any Tests outside the framework strictly defined by the User’s Bug Bounty program and once the Bug Bounty program is closed. Any actions by the Hunter outside the limitations set by the User’s Bug Bounty program may result in he/she being held liable on a civil or criminal basis and exclusion from the YESWEHACK platform.
  • The Hunter undertakes to keep strictly confidential any User information to which he/she may have access during Tests, including Vulnerabilities and, if applicable, personal data to which he/she may have access. By default, the Hunter may be held liable on a civil or criminal basis.
  • Consequently:
  • He/she undertakes to use such information for purposes strictly necessary for correct execution of the Tests.
  • He/she undertakes not to communicate such information to any third party in any way and by any means whatsoever (in particular orally, on paper, digitally).
  • He/she undertakes to report any clear anomalies to YesWeHack if they observe any security shortcomings on the YESWEHACK platform, as well as the User for any clear anomalies observed during Tests.
  • He/she undertakes not to use such information for the development, production or marketing of a System that infringes on the rights of the User, their activity and/or directly or indirectly competing with them.
  • The Hunter guarantees that they shall respect all intellectual property rights of the User in particular when carrying out Tests, and mainly but not exclusively software used and operating licences.
  • The Hunter undertakes not to participate in any private Bug Bounty programs to which he/she has not been invited by a User.
  • If the Hunter is in contact with the User, he/she is solely liable for the content of any exchanges with the User.

The Hunter acknowledges that YesWeHack is not involved in any way in the relationship with the User.

6.5. Confidentiality — Personal data protection

Within the framework of the program, when carrying out Tests, the Hunter may, if applicable, access personal data processed by the User.

The Hunter guarantees the security and confidentiality of the data accessed and undertakes to take all technical and organisational measures to prevent the destruction, alteration, disclosure or unauthorised access to the data accessed accidentally or unlawfully.

The Hunter undertakes not to use or process any personal data to which he/she may have access during Tests.

 

7. INTELLECTUAL PROPERTY RIGHTS

7.1. The Website and/or Services

The Website (including all accessible information, particularly in the form of text, photos, images, sound, data, databases and downloadable Bug Bounty programs, including software and other underlying technology) and Services are protected by intellectual property rights and/or other rights held by YesWeHack or which it is authorised to use.

The Hunter may not under any circumstances store, reproduce, represent, amend, send, publish or adapt on any medium of any kind, by any means, or use in any way, elements of the Website and/or Services without the prior written authorisation of YesWeHack.

Each is and shall remain owner of their distinctive signs, namely trademarks, company names and other, trading names, banners and domain names. The reproduction, imitation or display, in whole or in part, of trademarks, drawings and models belonging to YesWeHack is strictly prohibited without its prior written agreement.

All Hunters must respect all mentions relating to intellectual property rights on the Website and/or Services and agrees not to alter, delete, amend or infringe on them in any other way.

7.2. Right of use to Systems

Exclusively and solely within the framework of Tests, subject to any restrictions stated in the Bug Bounty program, the User grants Hunters the personal, free and non-exclusive and worldwide right to use the Systems protected by intellectual property rights and only for the duration of the Bug Bounty program as defined by the User provided that the program is not suspended before it reaches the end.

The user licence is granted for the sole and exclusive purpose of carrying out the Bug Bounty program and shall concern the rights defined below:

  • the right to reproduce the System or have it reproduced, in whole or in part, on the YESWEHACK platform only;
  • the right to extract, decompile, amend, assemble, transcribe, arrange or interface the System for the sole purposes of analysing Bugs;
  • the right to make any use and any operation for the sole purposes of System Tests.

It is expressly agreed, unless stated otherwise, that no brand licence is granted by the User to Hunters.

 

8. FINANCIAL CONDITIONS

The Hunter will receive the cash reward allocated by the User in his/her e-Wallet account, at the discretion of the User and in accordance with the Bug Bounty program concerned. Cash rewards are expressed in euros, including taxes, and the Hunter undertakes to regularly consult the FAQ concerning Rewards by clicking on the following link: FAQ. A summary of rewards is made available on the Hunter’s account. The Hunter is informed that, if applicable, and in accordance with his/her legal requirements in particular, YesWeHack may be required to give information relating to rewards to the relevant authorities if requested.

The Hunter instructs YesWeHack so that rewards granted by the User are invoiced in his/her name and on his/her behalf.

It is expressly agreed that the invoicing mandate should be duly completed and accepted by the Hunter on his/her own behalf. Otherwise, any operations initiated by the Hunter will not be able to result in payment.

 

9. GUARANTEE — LIABILITY

9.1. Guarantee — YesWeHack’s liability

YesWeHack does not give any guarantees as to the ability of the Website and/or Services to respond to the specific expectations or needs of all Hunters. Similarly, YesWeHack is not able to guarantee that no errors or other issues with operation or use will occur in the course of using the Website and/or Services.

YesWeHack accepts no responsibility with regard to use made of the Website and/or Services by any User or Hunter. YesWeHack acts only as intermediary between the User and the Hunter: it cannot be held liable in the event of damage caused by a User or Hunter to another User or Hunter, particularly within the framework of carrying out Tests and delivering incorrect or misleading information to the User.

YesWeHack is not responsible under any circumstances for any damages such as: financial damage, commercial damage, loss of clientele, any disruption to business, loss of profits, loss of brand image, loss of Bug Bounty program, suffered by the Hunter that may result from the inexecution of these T&Cs, which are deemed by express agreement to be consequential losses.

YesWeHack shall not under any circumstances be liable for damages resulting, even partially, from full or partial inexecution of obligations by the User or Hunter even if YesWeHack was aware of the possibility of such damages occurring. YesWeHack is bound by a best efforts obligation as regards the provision of Services.

9.2. Guarantee — Liability of the Hunter

The Hunter is responsible for all damages he/she causes to YesWeHack or Users. The Hunter undertakes to compensate YesWeHack or Users in the event of being ordered to pay damages and interest to YesWeHack or Users as a result of failure to comply with these stipulations or damages caused to others or the itself.

Any actions outside the limitations set by the User’s Bug Bounty program may result in the Hunter being held liable on a civil or criminal basis.

The Hunter undertakes to keep strictly confidential any User information to which he/she may have access during Tests, including Vulnerabilities and, if applicable, personal data to which he/she may have access. By default, the Hunter may be held liable on a civil or criminal basis.

Furthermore, the Hunter is responsible for any divulging of Vulnerabilities at the end of a Bug Bounty program for which legitimate suspicions may be raised against him/her.

The Hunter is responsible for meeting tax and accounting obligations with regard to YesWeHack as set out in Article 6.1, particularly in terms of invoicing.

 

10. FORCE MAJEURE

YesWeHack shall not be held liable for any delays in executing his/her obligations or any failure to execute his/her obligations resulting from these General Terms and Conditions of use where the circumstances concerned relate to a force majeure event. In addition to those usually cited by French case law, the following cases are expressly regarded as force majeure or acts of God: Total or partial strike, lock-out, riot, civil disorder, insurgency, civil or foreign war, nuclear risk, embargo, confiscation or destruction by any public authority, bad weather, epidemic, blockage of means of transportation or supply for any reason whatsoever, earthquake, fire, storm, flooding, water damage, government or legal restrictions, legal or regulatory reforms to forms of marketing, malicious Bug Bounty program not recognised by a CERT, blocking of electronic communications, including electronic communications networks, as well as any calling into question of cryptographic techniques used by YesWeHack. All cases of force majeure affecting the execution of obligations resulting from these T&Cs and in particular access or use of Services by the Hunter will suspend execution of these T&Cs as soon as the event occurs.

It is expressly agreed between the Parties that the implementation of palliative means by YesWeHack during the occurrence of a force majeure event may not result in YesWeHack being held liable or paying compensation.

 

11. PROTECTION OF PERSONAL DATA

When creating an account, personal data provided by the Hunter through online forms is needed for registration and use of the Website and/or Services. This data is collected and processed by YesWeHack, as data controller, in accordance with regulations applicable to personal data protection in particular Regulation (EU) 2016/679 of 27 April 2017 (GDPR) and law N°78-17 of 6 January 1978 as amended.

11.1 Categories of data collected and processed

  • To register on the website, the personal data processed by YesWeHack is: identification data (last name, first name, user name), contact details (email address), invoicing details (nationality, postal address);
  • To create the Wallet on MANGOPAY, YesWeHack also collects the following data to be given to MANGOPAY. This data is not kept by YesWeHack. This is: date of birth, profession, income bracket, identity document with photo (KYC). This data is processed by MANGOPAY and subject to its own data protection policy, available at: https://www.mangopay.com/fr/politique-de-confidentialite/

11.2 Purpose

Within the framework of executing these T&Cs, Hunters’ personal data is processed for the purposes of:

  • administration and technical and/or commercial management of Services, including management of the invoicing mandate;
  • management of security of the Website and/or Services;
  • management of requests relating to the exercising of the followingrights;
  • measuring the Website audience (non-personal website visitor statistics).

Subject to the consent of the Hunter [tick box], the email address can be used for sending information about YesWeHack (events, news etc.) and about its services.

If applicable, within the framework of defending YesWeHack’s rights, a legitimate interest in accordance with the liberties and fundamental rights of Hunters, data may be processed for the purposes of managing disputes.

11.3 Retention period

Within the framework of the execution of these T&Cs, Hunters’ personal data is kept for the entire duration of account opening, and is deleted
at the end of the period of limitation for criminal prosecution (6 years) after closure of the account, in accordance with Article 8 of the French Code of Civil Procedure.

Personal data relating to the invoicing mandate is kept for 10 years in accordance with the time period set out by the French Commercial Code.

The Hunter may close his/her account at any time busing the “Close account” button.

For business communications, the email address is kept for a maximum of three years from last contact with the Hunter. The Hunter may withdraw his/her consent at any time.

Personal data needed for the management of disputes is kept until all remedies have been exhausted.

11.4 Recipients

Hunters’ personal data is communicated to authorised staff of YesWeHack, its partners (MANGOPAY) and its subcontractors responsible for the provision of Services.

Subject to the Hunter’s prior and express agreement, the Hunter’s personal data may be communicated to the User by YesWeHack.

11.5 Hunters’ rights

Hunters have the following rights:

  • right of access, rectification and erasure of data directly on their account and in accordance with the terms provided for by the
    regulation (Article 15 to 17 of the GDPR);
  • right withdraw their consent at any time (for sending emails);
  • right to restriction of processing in accordance with the terms provided for by the regulation (Article 18 of the GDPR);
  • right to data portability in accordance with the terms provided for by the regulation (Article 20 of the GDPR);
  • right to submit a complaint to the CNIL;
  • right to define directives allowing access to their data in the event of death (the means of exercise of this right are currently awaiting specifications by decree).

Requests concerning these rights may be exercised by email to the following address: privacy@yeswehack.com specifying the object of the request (right concerned) and attaching proof of identity and/or of the appointed representative if applicable.

Cookies are used on the YESWEHACK platform to optimise connection and customise use of the Website and Services. Website audience measurement cookies are exclusively stored and processed by YesWeHack and do not concern personal information. Refusing cookies may prevent the Hunter from accessing certain functionalities of the Website. However, the Hunter may configure their browser preferences to refuse cookies. There are no cookies or links to social media sites on the YESWEHACK platform.

DPO contact details: privacy@yeswehack.com

 

12. AGREEMENT CONCERNING EVIDENCE

YesWeHack and Hunters intend to set, within the framework of the Website and/or Services, regulations relating to admissible evidence in the event of a legal dispute and their evidential value. The stipulations below therefore constitute the agreement concerning evidence between the parties, which undertake to comply with this article.

YesWeHack and the Hunters agree that in the event of a legal dispute: data transmitted, certificates and electronic signatures are admissible in court and constitute evidence of the data and facts they contain, as well as the signatures and authentication procedures they express. They should therefore comply with the requirements of Articles 1366 and 1367 of the French Civil Code civil on evidence in writing;

  • Clicks and double clicks are admissible in court and constitute evidence of the data and facts they contain, as well as the acceptances and consents they express;
  • Timestamp tokens are electronically certified dates are admissible in court and constitute evidence of the data and facts they contain; connection data relating to actions done from the account are admissible in court and constitute evidence of the data and facts they contain;
  • Emails and delivery receipts are admissible in court and constitute evidence of the data and facts they contain; the login details used within the framework of the Website are admissible in court and constitute evidence of the data and facts they contain, as well as
    the signatures and identification procedures they express;

Evidence to the contrary may be presented in accordance with the probative mechanism of Article 1353 of the French Civil Code.

 

13. TERMINATION

YesWeHack reserves the right to interrupt temporarily all or part of the Service as well as the Hunter’s account for reasons relating to the security of the Service, the security of the Hunter or a violation or suspected violation by the Hunter of one of his/her obligations, in particular those set out in the T&CS.

YesWeHack also reserves the right to unilaterally end the contractual relationship resulting from the T&Cs if the Hunter commits any serious and/or repeated failings to meet of one of his/her obligations as stated in the T&Cs. This termination shall be in the form of a notification in accordance with Article 17. It shall be as of right, immediately and without prejudice to any damages or interest claimed by YesWeHack.

 

14. SUBCONTRACTING — ASSIGNMENT

YesWeHack reserves the right to subcontract all or some of the services covered by these T&Cs to any company of its choosing.

YesWeHack reserves the right to assign the Contract to any third party of its choice.  In any case, YesWeHack will inform Hunters by email at the address stated at the time of registering in the event of the assignment or change of subcontracting.

 

15. CONFIDENTIALITY — END OF THE CONTRACT

The Hunter is required to keep confidential all information to which he/she has access or may be provided with within the framework of the
Contract.

As a result, the Hunter undertakes not to disclose said information to any third parties for any reason whatsoever and regardless of any legal and/or financial ties between the Hunter and the third party.

This undertaking shall last for the entire duration of the Contract and continue beyond the ending of the Contract for any reason whatsoever, for the entire time that the confidential information does not fall into the public domain as a result of this information being revealed by the User.

After their involvement in the Bug Bounty program, all information relating to use of the service within the framework of a Bug Bounty program, namely information of any kind including that of a personal nature as well as reports prepared by Hunters, shall be deleted in full from the Hunter’s databases and systems in accordance with legal requirements, such as in particular in accordance with the Law on Confidence in the Digital Economy and its limitation periods.

Subject to the express prior written agreement of the User, the Hunter may make reports public as stated in Article 3 of the T&Cs.

 

16. TITLE — PERMANENCE — NON-RENUNCIATION

Not pursuing a breach of any of the obligations resulting from the T&Cs should not be interpreted as a renunciation of the obligation in question. The nullity of a clause of the T&Cs does not affect the validity of the other causes unless the cancelled clause makes pursuing contractual relations impossible or imbalanced in relation to the initial agreements.

The titles at the head of each Article are for ease of reference only and should not under any circumstances be the pretext for any interpretation or distortion of the clauses to which they relate. In the event of difficulty in interpretation or contradiction between the contents of a clause and its title, the latter shall be deemed unwritten. It is expressly agreed between the Parties that the governing language of the T&Cs is French. In the event of any contradiction between the original version of the T&Cs and their translation, the T&Cs in French shall prevail over the translated version.

 

17. NOTIFICATION

All notifications must be in writing, by registered letter with notice of receipt, or by any other means for which receipt can be proven (hybrid registered letter, electronic registered letter, to the address stated on the Website, or at the time of registration or to any other address subsequently stated by one of the parties to the other in writing. This notification shall be regarded as received on the date of the first working day following the presentation period.

 

18. DURATION OF THE CONTRACT

The duration of the Contract is set until the account is deactivated of by the Hunter. Deactivation of the account shall constitute termination of the Contract. It is expressly agreed that Users can end their Bug Bounty programs at any time or renew them at their discretion, which the Hunter accepts.

 

19. SETTLEMENT OF DISPUTES — APPLICABLE LAW — COMPETENT COURT

In the event of any legal dispute relating to the interpretation, formation, validity or execution of these T&Cs, YesWeHack and the Hunters expressly acknowledge that only French law is applicable.

If no amicable arrangement is reached, in the event of a dispute relating to the interpretation, formation or execution of these T&Cs and if no amicable agreement or settlement is reached, YesWeHack and the Hunters shall grant express and exclusive competence to the competent courts of the Paris Appeal Court, notwithstanding multiple defendants or applications for interim measures or introduction of third parties or protective measures. If this stage is not respected, which remains the responsibility of the Hunter, YesWeHack cannot be held liable in this regard.

 

INVOICING MANDATE

FOR FRENCH HUNTERS:

In accordance with the provisions of Article 289-I of the French General Tax Code (Code Général des impôts or CGI) and the Bulletin Officiel des Finances Publiques (BOFIP) excerpt “VAT – Tax regimes and reporting and accounting obligations – Rules relating to the preparation of invoices – Issuing invoices”, BOI-TVA-DECLA-30-20-10-20140113:

By ticking the box “I have read and I accept the conditions of the invoicing mandate”, the Hunter expressly instructs YesWeHack to invoice rewards owed to it within the framework of a Bug Bounty program in its name and on its behalf.

The Hunter confirms that he/she is aware of and has complied with social security, taxation and accounting requirements in France. YesWeHack cannot be held liable in the event that the Hunter fails to make this declaration.

The agent (YesWeHack):

  • Undertakes to archive the invoicing mandate securely or ensure that it is archived securely in order to prove the existence thereof to the tax authorities if requested;
  • Undertakes to do all that is necessary for issuing and making available invoices to the Hunter in his/her personal account;
  • Undertakes to archive electronic invoices and data used to prepare the invoice securely or ensure that they are archived securely so that they can be accessed by the principal as quickly as possible;

The principal (Hunter):

  • Undertakes to archive the invoicing mandate securely or ensure that it is archived securely in order to prove the existence thereof to the tax authorities if requested;
  • Undertakes to archive electronic invoices and data used to prepare the invoice securely or ensure that they are archived securely;
  • Undertakes to inform YesWeHack of any mentions concerning its identification and those relating to the contents of invoices issued in its name and on its behalf and undertakes to send supporting evidence as soon as possible by electronic means;
  • Undertakes to bring to the agent’s attention, in the event that an invoice is disputed, the information needed to amend the invoice as quickly as possible;
  • Undertakes to pay the French state treasury the tax mentioned on the invoices prepared in its name and on its behalf;
  • Undertakes to request a copy of an invoice as soon as possible if it has not been received;
  • Undertakes to accept any invoice issued by YesWeHack in its name and on its behalf. This acceptance is given by clicking on the invoice when it is read. For the purpose of proof, YesWeHack shall keep evidence of clicking and ensure it is reliably timestamped during the invoice archiving period. The Hunter acknowledges that he/she has fourteen (14) days from reading the invoice to amend the contents. Otherwise, the Hunter acknowledges that he/she fully accepts the invoice;
  • Takes full responsibility for obligations and consequences with regard to invoicing in relation to VAT;
  • Acknowledges that he/she will not be able to argue that YesWeHack has failed or been late to prepare invoices in order to avoid the obligation to declare tax collected at the time payment becomes due;
  • Acknowledges that he/she remains liable for VAT owed if applicable in accordance with Article 283-3 of the French General Tax Code where this is wrongly invoiced.

The Invoice prepared by YesWeHack expressly states:

  • That it is issued by YesWeHack in the name of and on behalf of the Hunter expressly identified;
  • Compulsory invoicing information such as the identity of the Hunter, identity of the User, invoice number, invoice date, date of the Bug Bounty service provided, identifications in relation to value added tax (VAT), the legally applicable rate of VAT, precise designation of the Bug Bounty, payment date or period, if applicable, for Hunters not subject to VAT the mention “VAT not applicable – Article 293 B of the French General Tax Code”;

FOR NON-FRENCH HUNTERS:

By ticking the box “I have read and I accept the conditions of the invoicing mandate”, the Hunter expressly instructs YesWeHack to invoice rewards owed to it within the framework of a Bug Bounty program in its name and on its behalf.

The Hunter confirms that he/she is aware of and has complied with applicable social security, taxation and accounting requirements. YesWeHack cannot be held liable in the event that the Hunter fails to make this declaration.

The agent (YesWeHack):

  • Undertakes to archive the invoicing mandate securely or ensure that it is archived securely in order to prove the existence thereof to the tax authorities if requested;
  • Undertakes to do all that is necessary for issuing and making available invoices to the Hunter in his/her personal account;
  • Undertakes to archive electronic invoices and data used to prepare the invoice securely or ensure that they are archived securely so that they can be accessed by the principal as quickly as possible;

The principal (Hunter):

  • Undertakes to archive the invoicing mandate securely or ensure that it is archived securely in order to prove the existence thereof to the tax authorities if requested;
  • Undertakes to archive electronic invoices and data used to prepare the invoice securely or ensure that they are archived securely;
  • Undertakes to inform YesWeHack of any mentions concerning its identification and those relating to the contents of invoices issued in its name and on its behalf and undertakes to send supporting evidence as soon as possible by electronic means;
  • Undertakes to bring to the agent’s attention, in the event that an invoice is disputed, the information needed to amend the invoice as quickly as possible;
  • Undertakes to pay the relevant tax authority the sums owed in respect of the invoice;
  • Undertakes to request a copy of an invoice as soon as possible if it has not been received;
  • Undertakes to accept any invoice issued by YesWeHack in its name and on its behalf. This acceptance is given by clicking on the invoice when it is read. For the purpose of proof, YesWeHack shall keep evidence of clicking and ensure it is reliably timestamped during the invoice archiving period. The Hunter acknowledges that he/she has fourteen (14) days from reading the invoice to amend the contents. Otherwise, the Hunter acknowledges that he/she fully accepts the invoice;
  • Takes full responsibility for obligations and consequences with regard to invoicing in relation to sums owned to the relevant tax authority;
  • Acknowledges that he/she will not be able to argue that YesWeHack has failed or been late to prepare invoices in order to avoid the obligation to declare sums owed to the relevant tax authority at the time payment becomes due;
  • Acknowledges that he/she remains liable for sums owed to the relevant tax authority.

The Invoice prepared by YesWeHack expressly states:

  • That it is issued by YesWeHack in the name of and on behalf of the Hunter expressly identified;
  • Information such as the identity of the Hunter, identity of the User, invoice number, invoice date, date of the Bug Bounty service provided, identifications and rate of sums owed to the relevant tax authority, precise designation of the Bug Bounty, payment date or period, if applicable, for Hunters not subject to VAT, information required by the relevant tax authority.