Terms of Compliance Bounty
QueryPie Inc., Ltd. (hereinafter referred to as the "Company") is informed of the appropriate implementation of user protection activities and technologies in relation to corporate service use, policy and legal compliance, service stability, and content adequacy. Individuals who wish to participate in the Program and receive compensation must adhere to the following terms and conditions and are deemed to have agreed to the following terms and conditions while reporting a compliance bounty.
Article 1 (Purpose)
The purpose of this program is to provide safe and stable services to Company users (hereinafter referred to as "users") by receiving reports on Company service policies and legal compliance, service stability, and content adequacy.
Article 2 (Eligibility for Participation, Method of Participation, etc.)
- To participate in the Program, participants (“Participants”) must meet the following qualifications:
- Must be able to communicate in Korean or English.
- Must be a person who does not reside in a country subject to economic sanctions in the Republic of Korea, the United States, or other countries or regions subject to economic sanctions at the time of award payment.
- In order to participate in this program, Participants must report on the website designated by the Company.
- All necessary expenses required to participate in this program are to be borne by the participant.
- Any necessary communication regarding the operation of this program is to be done via e-mail.
Article 3 (Scope)
In regards to compliance and information protection issues in all services associated with the Company (QueryPie, Homepage, etc.), suggestions (reports) can be made in relation to the following information.
- Violation of or non-compliance with laws and guidelines related to compliance and information protection.
- Adequacy of compliance and information protection-related content and measures to improve errors.
- Personal information over-exposure and potential privacy breaches.
- Improvement and addition of existing functions to enhance the level of user (personal) information protection of QueryPie services.
- Request for planning new services (UI, UX, Content, etc.)
- Third-Party Integration Development Request, etc. (This may be excluded from the reward.)
Article 4 (Period)
- This program is always open. However, if necessary, the Company may terminate this program without prior notice.
- Once a bug bounty report is submitted in compliance with the method guided, the QueryPie Bug Bounty team goes through its internal screening process and it may require 4 weeks for its review. If an additional time is required for finalizing its result, then the team may contact and announce its delay individually.
- Pursuant to Paragraph 1, if there are reported vulnerabilities received before termination of this program, the Company will not discard but review them in accordance with the existing internal review process in Paragraph 2 and respond to the applicants with results.
Article 5 (Reporting Method)
Compliance risks must be reported only via the Compliance Bounty reporting website. Participants reporting risks via methods other than the Compliance Bounty reporting website are excluded from reward payment.
Article 6 (Reward)
- The Company, at its discretion, shall determine an award based on the severity of the risk reported and the significance of the contribution done toward the improvement of the Company's service level.
- No bounty is paid in the following cases:
- In the case of third-party integration development requests.
- In case of typographical errors, expression errors, or other similar errors.
- If the proposal is unrealistic/unlikely to elicit troubleshooting and improvements.
- If there is an existing function for the suggestion/report, or if the existing function is in the process of improvement.
- In case the e-mail received is from a non-existent address or there is no e-mail reply from the participant within 30 days of the company's request, he/she will be deemed to have waived his/her right to receive the award.
- In case of violation of the terms and conditions of this program.
- In case the Company receives duplicate reports, the reports will be considered as one.
- If multiple Participants send the same suggestion/report, the reward will be awarded only for the first report received by the Company.
- If the Company determines that the information reported by the participant is eligible for a reward, the Company will notify the participant via e-mail.
- In the event that the participant does not receive all or part of the reward (may result from a discrepancy in the information provided) despite the appropriate reward delivery procedure conducted by the Company based on the given information by the participant, pursuant to Article 4, the Company’s obligation to pay the reward ceases to exist.
- If the participant violates these terms and conditions, the Company holds the right to refuse the reward payment or may demand the return of the reward paid to the participant.
Article 7 (Prohibited Matters)
- Participants must not:
- Perform any act that infringes on others' rights or violates other laws and regulations.
- Disclose administrative vulnerabilities (such as discovered compliance violations) to any entity not associated with the Company.
- Any other act contrary to the intent and purpose of this program.
- The Company may disqualify Participants who violate the aforementioned article from participating in this program.
Article 8 (Rights)
- In the event that a participant invents, devises, or creates a design or authors a written work (hereinafter referred to as "invention") in reporting functional improvements and planning requests, all rights, including copyrights for inventions, etc., are transferred to the Company through the Participant's account upon submission, and the Company is free to exercise and dispose of its rights.
- The participant understands and acknowledges that pursuant to Article 1, the Company may develop materials similar to or identical to the submissions and waives any claims that may arise due to similarity to the submissions of the Participant.
Article 9 (Handling of Confidential Information)
Participants must treat the information learned or encountered during reporting (such as non-compliance and compliance guide) as confidential information. Even after the termination of the program, the Participants shall not disclose, leak, or publish the information to any third-party entity without the Company's clear written consent. If a participant wishes to disclose the information, the Company will perform a review of the content, and the disclosure of the information will be up to the discretion of the Company.
Article 10 (Handling of Personal Information)
- The Company strives to protect personal information as prescribed by relevant laws and regulations such as the Personal Information Protection Act.
- The Company collects personal information from participants in order to participate in the Program, which is deemed to be consented to by the participant when provided.
- Name
- Company
- The Company may use the personal information [email, name, affiliation] provided by Participants for this program to effectively conduct the program and to facilitate other necessary administrative processes.
- The Company retains the personal information received from the participant for 3 years from the date of the participant's final report or for the retention period in accordance with relevant laws and regulations.
Article 11 (Indemnification)
- Participants may participate in this program at their own risk, and the Company shall not responsible for any damages suffered by the participants as a result of their participation in this program, except for reasons attributable to the Participants.
- The Company shall not be involved in any disputes between Participants or between Participants and third parties related to this program. The Participants are solely responsible for resolving the disputes and the expenses incurred.
Article 12 (Change of Terms and Conditions)
- The Company may revise or amend the contents of the mentioned terms and conditions to the extent that it does not violate the relevant governing laws and regulations.
- If the Company revises these terms and conditions, it will notify the users in advance by specifying the date of application.
- Even if the Company has notified the revised terms in accordance with the aforementioned section if a participant does not explicitly express his/her refusal within the set period, the participant shall be deemed to have agreed to the revised terms and conditions.
- If the revised terms and conditions are announced, and the compliance bounty report is received after the effective date, the participant shall be deemed to have agreed to the revised terms and conditions.
- If the participant does not agree to the application of the amended terms, he/she shall be disqualified from the program.
Article 13 (Governing Law and Jurisdiction)
- Lawsuits filed between the Company and Participants shall be governed by the laws of the Republic of Korea.
- The court of competent jurisdiction for litigation regarding disputes between the Company and Participants is determined in accordance with the Civil Procedure Act.
- In the case of a participant who has an address or residence abroad, litigation regarding a dispute between the Company and the participant shall be governed by the Seoul Central District Court, Republic of Korea, notwithstanding the aforementioned section.
Article 14 (Program Inquiries)
All inquiries regarding this program are received at bounty@querypie.com. Inquiries by any other means are not accepted.
Terms and Conditions Revision Date: 2023-09-22
Get Started today!
Let us show you how QueryPie can transform the way you govern and share your sensitive data.