​

Terms and Conditions of Use​​​

​

This Terms of Service (the “ToS” or “Agreement”) applies with respect to the usage of the services (the “Com Olho Service”) offered by Com Olho IT Private Limited (the “Company”), a company incorporated under the laws of India, and having its registered office at 1114 Sector 4 Urban Estate Gurugram Haryana 122001.

​

Your usage of the Com Olho Service is subject to your explicit acceptance of these ToS and the attached Privacy Policy (the “PP”). Your acceptance of the same will irrevocably and unconditionally bind you to comply with and abide by all the obligations and conditions stipulated herein (unless otherwise explicitly made optional). After your initial confirmation/consent, You will be assumed to continue consenting to these ToS until you explicitly withdraw your consent by notifying the Company of the same in writing. These ToS supersede all previous oral and written terms and conditions (if any) and shall act as a binding Agreement between the Company and You. Com Olho IT Private Limited can exercise IP control or ensure or guarantee the integrity of services offered. Com Olho has Trademark rights for both the company name and logo according to provisions of the The Trade Mark Act 1999 and warrants for unlawful use of both

​

1. Acceptance of Terms
By accessing or using the Com Olho Bug Bounty Platform, you agree to comply with and be bound by these stringent terms and conditions. If you do not agree with any part of these terms, you must not use the platform.

​

2. Eligibility
Only individuals who are at least 18 years old, possess the legal capacity to enter into binding contracts, and have been pre-approved by Com Olho are eligible to participate in our bug bounty program. Participants must provide verifiable identification and background information before being granted access.

​

3. Scope of Participation
Participants must:

Adhere to all applicable laws and regulations.
Respect the privacy and data protection rights of users and organizations.
Only test within the scope explicitly defined by the specific bounty program. Unauthorized access to systems, data, or environments not included in the scope is strictly prohibited and will result in immediate disqualification and potential legal action.

4. Confidentiality
Participants must treat all information related to vulnerabilities and exploits as confidential. Disclosure of any information without prior written consent from Com Olho is strictly prohibited and will result in disqualification, forfeiture of rewards, and potential legal consequences.

​

5. Responsible Disclosure
Participants are required to follow our responsible disclosure policy:

Report vulnerabilities directly to Com Olho via our designated reporting mechanism within 24 hours of discovery.
Provide comprehensive and detailed information about the vulnerability, including steps to reproduce, potential impact, and suggested remediation.
Refrain from public disclosure or sharing with third parties until Com Olho has acknowledged the report, resolved the issue, and provided written consent for disclosure.

6. Prohibited Activities
Participants must not engage in:

Any form of malicious activity, including but not limited to Denial of Service (DoS) attacks, data exfiltration, tampering with production environments, or exploitation of vulnerabilities beyond proof-of-concept.
Social engineering, phishing, or physical attacks against Com Olho employees, contractors, clients, or infrastructure.
Automated vulnerability scanning, brute force attacks, or use of any tools or techniques that generate excessive traffic or degrade system performance without prior written approval from Com Olho.

7. Intellectual Property
All intellectual property rights in and to the submitted reports, including any discovered vulnerabilities, are irrevocably assigned to Com Olho upon submission. Participants will be credited for their discoveries, but Com Olho retains exclusive ownership of the findings. Participants must not use or exploit the vulnerabilities for any purpose other than the bug bounty program.

​

8. Rewards and Payment
Rewards will be determined based on the severity, impact, and quality of the report, following our established reward guidelines. Com Olho's decision on the reward amount is final and non-negotiable.
Com Olho reserves the right to modify the reward structure at any time without prior notice.
Payments will be made via the method specified by Com Olho within 90 days of report validation and may be subject to tax withholdings or other deductions as required by law. Participants must provide accurate payment details and comply with all relevant tax obligations.

9. Limitation of Liability
Com Olho shall not be liable for any direct, indirect, incidental, special, or consequential damages arising out of or related to the participation in the bug bounty program. Participants engage in testing activities at their own risk. Com Olho's total liability for any claim arising out of or in connection with these terms or the bug bounty program shall not exceed the amount of the reward paid to the participant.

​

9.1 Additional Limitation for Program Owners and Enterprise Use: To the maximum extent permitted by applicable law, Com Olho’s aggregate liability arising out of or in connection with any Program Owner’s or organisation’s use of the Com Olho Service, whether in contract, tort (including negligence) or otherwise, shall not exceed, in the aggregate, the total fees (if any) actually paid by such Program Owner or organisation to Com Olho for access to the Com Olho Service during the twelve (12) months immediately preceding the event giving rise to such liability. In no event shall Com Olho be liable for any indirect, incidental, consequential, special, punitive or exemplary damages, including without limitation loss of profit, loss of revenue, loss of business, loss of data or loss of goodwill, even if advised of the possibility of such damages.

​

10. Termination
Com Olho reserves the right to terminate or suspend access to the bug bounty program for any participant who violates these terms or engages in activities deemed harmful to Com Olho, its clients, or its infrastructure. Such termination may occur without prior notice and at the sole discretion of Com Olho.

​

11. Governing Law
These terms and conditions shall be governed by and construed in accordance with the laws of the jurisdiction where Com Olho is headquartered, without regard to its conflict of law principles. Any disputes arising out of or related to these terms or the bug bounty program shall be resolved exclusively in the courts of that jurisdiction.

​

12. Amendments
Com Olho reserves the right to amend these terms and conditions at any time. Participants will be notified of any significant changes via email or platform notification. Continued participation in the program constitutes acceptance of the revised terms. Participants are responsible for regularly reviewing the terms to stay informed of any updates.​

​

13. Role of Com Olho; Responsibility of Clients and Participants
 

13.1 Com Olho provides a technology platform and coordination services to enable organisations (“Program Owners”) to run bug bounty, vulnerability disclosure and security research programs, and to enable security researchers (“Participants”) to submit vulnerability reports. Unless expressly agreed in a separate written agreement with a Program Owner, Com Olho does not operate, manage or control the Program Owner’s systems, infrastructure, applications or data.

​

13.2 Responsibility of Program Owners, Each Program Owner is solely responsible for:

(a) defining the scope and rules of engagement of its program;

(b) determining which systems, applications and environments are in-scope;

(c) implementing and testing any fixes or remediation actions;

(d) complying with all regulatory, sectoral and data-protection obligations applicable to its systems and data; and

(e) any communications with affected users, regulators or third parties arising from vulnerabilities or incidents in its environment.

 

13.3 Responsibility of Participants:  Participants are independent parties and are solely responsible for ensuring that their activities comply with these Terms, the specific program rules, and all applicable laws and regulations. Participants must not rely on Com Olho for legal or compliance advice in relation to their activities.

​

13.4 No Agency or Employment : Nothing in these Terms shall be construed as creating any partnership, joint venture, agency, employment or fiduciary relationship between Com Olho and any Program Owner or Participant. Neither Program Owners nor Participants are authorised to make any commitment, representation or warranty on behalf of Com Olho.

​

13.5 Client Payment Obligations for Platform Use, Over-Use, and Researcher Rewards
 

13.5.1 Commercial Nature of Platform Usage
Program Owners acknowledge that the use of the Com Olho Service, including vulnerability disclosure programs, bug bounty programs, red teaming, or any coordinated security research activities, constitutes a commercial engagement. Program Owners shall be solely responsible for payment of all applicable platform fees, usage-based charges, and researcher rewards arising from such use.
 

13.5.2 Over-Use and Excess Consumption
Any use of the Com Olho Service by a Program Owner beyond the agreed scope, limits, duration, asset coverage, submission volume, or engagement parameters (including but not limited to extended testing periods, additional in-scope assets, increased valid submissions, or continued engagement beyond contractual limits) (“Over-Use”) shall be deemed authorised and billable. The Program Owner agrees to pay all charges arising from such Over-Use at rates communicated by Com Olho or, where not specified, at prevailing commercial rates determined by Com Olho.
 

13.5.3 Mandatory Settlement of Researcher Rewards
Where a vulnerability or security finding is determined to be valid in accordance with the applicable program rules and platform policies, the Program Owner shall not withhold, delay, dispute in bad faith, or deny payment of the applicable researcher reward. Researcher rewards shall be deemed earned consideration for services rendered and shall be payable irrespective of the Program Owner’s internal approval processes, procurement delays, budgetary constraints, or post-facto business decisions.
 

13.5.4 Pending and Unpaid Amounts
Any platform fees, Over-Use charges, or researcher rewards remaining unpaid beyond the agreed payment timelines shall be treated as undisputed commercial dues. Com Olho reserves the right, without limitation, to:
(a) suspend or terminate the Program Owner’s access to the Com Olho Service and active programs;
(b) withhold further vulnerability disclosures or deliverables; and
(c) recover such unpaid amounts directly from the Program Owner, including any researcher payments made or advanced by Com Olho on the Program Owner’s behalf.
 

13.5.5 Indemnity for Researcher Payments
The Program Owner agrees to indemnify and hold harmless Com Olho against any claims, demands, losses, liabilities, damages, penalties, or costs (including reasonable legal fees) arising from or related to the Program Owner’s failure, refusal, or delay in paying researcher rewards or platform dues, including any claims initiated by researchers or regulatory authorities.
 

13.5.6 Right of Recovery and Legal Remedies
In the event of continued non-payment, Com Olho shall have the right to initiate recovery proceedings, including legal action, arbitration, or other lawful remedies, for recovery of outstanding amounts together with applicable interest, costs, and damages. Nothing in these Terms shall limit Com Olho’s right to pursue remedies available under applicable commercial, contract, or MSME laws.
 

13.5.7 No Waiver
Any temporary tolerance, continued service delivery, or delay in enforcement by Com Olho shall not constitute a waiver of its rights under this Section 13.5 or affect Com Olho’s ability to recover outstanding dues.

​

14. Indemnity
 

14.1 Indemnity by Participants and Program Owners: You agree to indemnify, defend and hold harmless Com Olho, its affiliates, and their respective directors, officers, employees and agents from and against any and all claims, demands, actions, proceedings, losses, liabilities, damages, costs and expenses (including reasonable attorney’s fees) arising out of or in connection with:

(a) Your breach of these Terms or of any applicable program-specific rules;

(b) Your violation of any applicable law or regulation in connection with Your use of the Com Olho Service;

(c) any misuse of the Com Olho Service, including any testing or activity conducted outside the authorised scope of a program; or

(d) any claim by a third party arising from Your systems, data, content, configurations or security posture.
 

 

14.2 Mitigation and Control of Defence: Com Olho shall promptly notify You of any claim for which it seeks indemnification and shall reasonably cooperate in the defence. You shall have control of the defence and settlement of such claim, provided that You shall not agree to any settlement that imposes any admission of liability or non-monetary obligations on Com Olho without Com Olho’s prior written consent.

​

1. Contact

   1. If You have any questions regarding the Platform or the Com Olho Services, please contact us at contact@comolho.com. You may also reach out to our Data Protection Officer, available at the below coordinates:
      Name: Abhinav Bangia
      Email ID: abhinav@comolho.com

​

​