Pdf
Back to content

Bug Bounty Program Terms and Conditions

Bug Bounty Program, the Program – the program implemented by Paysera, which is applied to persons who have discovered a security bug at Paysera, reported it to Paysera and are eligible for a reward.

Bug Bounty Program Participant, the Participant – a person, who have discovered a bug in the Security system of Paysera, reported it to Paysera and is eligible for a reward.

Bug – an error, malfunction, or other disruption in the programs or systems of Paysera, which may affect Paysera or any other system related to Paysera, which is controlled or managed by Paysera.

Confidential information – any information related to the Paysera System or Clients of Paysera, obtained by participating or intending to participate in the Bug Bounty Program.

Client – a person who has registered and created an account in the Paysera System.

Paysera – "Paysera LT", UAB, Paysera group companies according to the residence country of the Client, also other legal persons, that are engaged by Paysera LT, UAB, in providing services and authorized to operate on behalf of Paysera LT, UAB.

Paysera System – a software solution on the web pages of Paysera, developed by Paysera and used to provide the services of Paysera.

Sanctioned persons, sanctioned countries – persons or countries subjected to sanctions (restrictions of the state) by the European Union, The Office of Foreign Assets Control (OFAC) of the USA or other relevant organizations.

1. The Bug Bounty Program Participant hereby confirms that has read and agrees to the present Bug Bounty Program terms and conditions.

2. In order to participate in the Bug Bounty Program, the Bug Bounty Program Participant shall comply with the following eligibility requirements:

2.1. the Bug Bounty Program Participant shall be at least 14 years old. If the Participant is at least 14 years old, but is considered a minor in his/her place of residence, s/he must obtain the consent from his/her parents or legal guardians prior to getting enrolled into the program. Paysera has the right to demand from the Participant to provide the written (also notarized) consent of the Participant's representatives (parents or legal guardians). If the Participant fails to provide the written consent within the set period of time, Paysera shall terminate his/her participation in the Program;

2.2. the Bug Bounty Program Participant shall adhere to regulatory legislation.

3. In case Paysera determines that the Bug Bounty Program Participant has breached at least one of the criteria set out in paragraph 2, the Participant shall be removed from the Bug Bounty Program and shall not be entitled to a reward.

4. The Bug Bounty Program Participant obligates to adhere to Confidentiality requirements – all information obtained using, participating or intending to participate in the Program belongs to Paysera and shall be deemed Confidential. Paysera reserves the right to take legal action for the use or disclosure of information related to the Program or otherwise disseminating such information.

5. The Bug Bounty Program Participant shall use only his/her own data during participation in the Program.

6. The Bug bounty program participant is prohibited from:

6.1. carrying out attacks, which may harm or otherwise influence the reliability or integrity of the data or services of Paysera;

6.2. using bug research methods that may result in customer service aggravation;

6.3. getting or using data of Paysera Clients obtained through the participation in the Program;

6.4. performing actions that would allow the Bug Bounty Program Participant or any other third person to access, store, erase or influence the data of Paysera or its Clients in other ways;

6.5. in other ways causing interruptions in the Paysera System, disrupting activity of Paysera Clients in the System, exploiting a Bug in pursuit of own benefits or violating legal requirements.

7. A reward to the Bug Bounty Program Participant is paid in proportion to the severity of a Bug.

8. Only Bugs acknowledged by Paysera are rewarded.

9. A reward is paid for a Bug, which:

9.1. is discovered for the first time and had not been reported or known before;

9.2. is discovered remotely, or provides an opportunity to escalate or get new privileges in regard to the Paysera System, or may cause a leak of confidential information of Paysera or its Clients.

10. A reward is paid in EUR currency.

11. When a Bug is reported by two or more persons within 24 hours, a reward is split between the persons.

12. A reward for reporting a Bug shall be transferred to the Participant's Paysera account (in case the Participant has one). If the Participant does not have a Paysera account, the reward is transferred to another bank account of the Participant.

13. At the request of the Bug Bounty Program Participant, a reward may be donated to Greenpeace, the Red Cross or Caritas.

14. The Bug Bounty Program Participant is responsible for paying all the taxes that may be applicable in his/her country of residence from the reward paid out for the participation in the Bug Bounty Program. If the Bug Bounty Program Participant is a citizen of the Republic of Lithuania, a reward shall be paid by deducting taxes prior to payout.

15. The Bug Bounty Program Participant agrees to provide Paysera with his/her personal and contact details (name, surname, personal identification number, citizenship, residential address, bank account number) in order for Paysera to pay a reward for his/her participation in the Bug Bounty Program in accordance with the requirements of Paysera, and perform other actions set out by legislation.

16. The Participant agrees that Paysera will process the provided data in order to pay a reward for participation in the Program. Paysera ensures the security of the data obtained through the Bug Bounty Program Participant's participation in the Program. The personal data shall be used to the extent it is required in order to implement the present Terms and Conditions. The personal data referred to in paragraph 15 of the Terms and Conditions may not be disclosed without the consent of the Participant, except in cases established by law or these Terms and Conditions.

17. The retention period for the data of the Bug Bounty Program Participant is 10 (ten) years, unless a longer retention period is required by legal acts. Upon expiration of the Participant's data retention period, Paysera shall erase the data.

18. Paysera has the right to transfer information about the Participant and his/her activities to public authorities (e.g. for tax purposes), if such obligation is determined by legislation.

19. The Bug Bounty Program Participant which is a sanctioned person or a citizen of a sanctioned country can participate in the Program on a reimbursable basis, or his/her reward may be donated to charity organizations referred to in paragraph 13 of the present Terms and Conditions.

20. Paysera reserves the right to terminate the Bug Bounty Program at any time. An integral supplement of these Bug Bounty Program terms and conditions is the Bug Reporting Rules provided on the Paysera website.