The Program enables users to submit vulnerabilities and exploitation techniques ("Vulnerabilities") to needl about needl’s products and services for a chance to earn rewards determined by needl in its sole discretion. The decisions made by needl regarding rewards are final and binding. needl may change or cancel this Program at any time, for any reason.
We may change these Terms at any time. Participating in the Program after the changes become effective means you agree to the new Terms. If you don't agree to the new Terms, you must not participate in the Program.
You are eligible to participate in the Program if you meet all of the following criteria:
a. You are 14 years of age or older. If you are at least 14 years old
but are considered a minor, you must obtain your parent's or legal
guardian's permission prior to participating in this Program; and
b. You are either an individual researcher participating in your own
individual capacity, or you work for an organization that permits you
to participate. You are responsible for reviewing your employer's
rules for participating in this Program.
If you believe you have identified a Vulnerability that meets the
applicable requirements set forth by needl, you may submit it to
needl, in accordance with the following process.
Each Vulnerability submitted to Needl shall be a "Submission."
Submissions must be sent to
ciso@needl.ai. In the initial
email, specify the Vulnerability details, and specific
product/software/service version you used to validate your research.
Please also include as much of the following information as possible:
a. type of issue;
b. any special configuration required to reproduce the issue;
c. step-by-step instructions to reproduce the issue on a fresh
install;
d. proof-of-concept or exploit code;
e. impact of the issue, including how an attacker could exploit the
issue
If you do not receive a confirmation email after making your
Submission, notify Needl at
ciso@needl.ai to ensure your
Submission was received.
There are no restrictions on the number of qualified Submissions you
can provide and potentially be paid a Bounty for.
needl is not claiming any ownership rights to your Submission.
However, by providing any Submission to needl, you:
a. grant needl the following non-exclusive, irrevocable, perpetual,
royalty free, worldwide, sub-licensable license to the intellectual
property in your Submission: (i) to use, review, assess, test, and
otherwise analyse your Submission; (ii) to reproduce, modify,
distribute, display and perform publicly, and commercialize and create
derivative works of your Submission and all its content, in whole or
in part; and (iii) to feature your Submission and all of its content
in connection with the marketing, sale, or promotion of this Program
or other programs (including internal and external sales meetings,
conference presentations, tradeshows, and screen shots of the
Submission in press releases) in all media (now known or later
developed);
b. agree to sign any documentation that may be required for us or our
designees to confirm the rights you granted above;
c. understand and acknowledge that needl may have developed or
commissioned materials similar or identical to your Submission, and
you waive any claims you may have resulting from any similarities to
your Submission;
d. understand that you are not guaranteed any compensation or credit
for use of your Submission; and
Protecting customers is needl's highest priority. We endeavour to
address each Vulnerability report in a timely manner. While we are
doing that, we require that the Submissions remain confidential and
cannot be disclosed to third parties or as part of paper reviews or
conference submissions.
You can make available high-level descriptions of your research and
non-reversible demonstrations after the Vulnerability is fixed. We
require that detailed proof-of-concept exploit code and details that
would make attacks easier on customers be withheld for 60 days after
the Vulnerability is fixed. needl will notify you when the
Vulnerability in your Submission is fixed.
Violations of this section could disqualify you from participating in
the program in the future.
After a Submission is sent to needl in accordance with this programme,
needl engineers will review the Submission and validate its
eligibility. The review time will vary depending on the complexity and
completeness of your Submission, as well as on the number of
Submissions we receive.
needl retains sole discretion in determining which Submissions are
qualified, according to the rules set by needl.
needl may publicly recognize individuals who have submitted vulnerability reports which helped needl to fix any probably vulnerability(ies) in the system. needl at it is discretion may recognize you on its website unless you explicitly ask us not to include your name.
By participating in the Program, you will follow these rules:
a. Don’t do anything illegal.
b. Don't engage in any activity that exploits, harms, or threatens to
harm children.
c. Don't send spam. Spam is unwanted or unsolicited bulk email,
postings, contact requests, SMS (text messages), or instant messages.
d. Don't share inappropriate content or material (involving, for
example, nudity, bestiality, pornography, graphic violence, or
criminal activity).
e. Don't engage in activity that is false or misleading.
f. Don't engage in activity that is harmful to you, the Program, or
others (e.g., transmitting viruses, stalking, posting terrorist
content, communicating hate speech, or advocating violence against
others).
g. Don't infringe upon the rights of others (e.g., unauthorized
sharing of copyrighted material) or engage in activity that violates
the privacy of others.
h. Don't help others break these rules.
If you violate these Terms, you may be prohibited from participating
in the Program in the future.
needl, and our affiliates, make no warranties, express or implied, guarantees or conditions with respect to the program. You understand that your participation in the program is at your own risk. To the extent permitted under your local law, we exclude any implied warranties in connection with the program. You may have certain rights under your local law. Nothing in these terms is intended to affect those rights, if they are applicable.
If you have any basis for recovering damages in connection with the, you agree that your exclusive remedy is to recover, from needl direct damages up to $100. You can't recover any other damages or losses, including direct, consequential, lost profits, special, indirect, incidental, or punitive. These limitations and exclusions apply even if this remedy doesn't fully compensate you for any losses or fails of its essential purpose or if we knew or should have known about the possibility of the damages. To the maximum extent permitted by law, these limitation.
Laws as are applicable in India will govern the relationship between
needl and you.