SuperPe Marketplace Private Limited (SuperPe) Bug Bounty Program
Welcome to Superpe! This Bug Bounty Program outlines the terms and conditions for participation in our program. By participating in Superpe's Bug Bounty Program, you agree to this policy, which is part of our Terms of Service.
- Program Overview
1.1. Superpe values the security of our users and the integrity of our platform. Our Bug Bounty Program is designed to reward security researchers for identifying vulnerabilities in our services and applications.
1.2. This program is open to individuals who adhere to the guidelines and rules outlined in this policy.
- Scope
2.1. The scope of the Bug Bounty Program includes Superpe's main website, mobile applications, and any other services explicitly mentioned on the Bug Bounty Program page.
2.2. Exclusions from the scope include vulnerabilities in third-party services or platforms that Superpe does not control.
- Eligibility
3.1. Participants must be at least 18 years old or have reached the age of majority in their jurisdiction.
3.2. Employees, contractors, or individuals with current or past access to Superpe's internal systems are not eligible to participate.
- Reporting Guidelines
4.1. Reports should be submitted through the designated reporting form available on the Bug Bounty Program page.
4.2. Reports must include a clear and detailed description of the vulnerability, steps to reproduce it, and, if applicable, proof-of-concept code or screenshots.
4.3. Reports should be made in good faith, avoiding any activities that could disrupt Superpe's services or compromise user data.
- Rewards
5.1. Rewards are determined based on the severity and impact of the vulnerability, as assessed by Superpe's security team. The following reward tiers apply:
-
P0 (Critical): 5000 Rupees
-
P1 (High): 2000 Rupees
-
P2 (Medium): 1000 Rupees
-
Anything else: Might receive a treat
5.2. Superpe reserves the right to adjust the reward amount or decline a reward for reports that do not meet the guidelines or are deemed to be of low impact.
- Disclosure Policy
6.1. Participants must not publicly disclose any information about the vulnerability until Superpe has confirmed that it has been fixed.
6.2. Violation of this non-disclosure agreement may result in disqualification from the Bug Bounty Program and forfeiture of any rewards.
6.3. Participants must delete any data obtained through the vulnerability immediately after reporting it to Superpe. Failure to do so may result in disqualification from the Bug Bounty Program.
- Legal Considerations
7.1. Participants are responsible for ensuring that their testing activities comply with all applicable laws and regulations.
7.2. Superpe will not pursue legal action against participants who act in good faith and follow the program's guidelines.
7.3. This program does not authorize participants to conduct any testing that could cause harm to Superpe's users, services, or infrastructure.
- Program Changes
8.1. Superpe reserves the right to modify or terminate the Bug Bounty Program at any time without prior notice.
8.2. Continued participation in the program following any changes indicates acceptance of those changes. Participants are encouraged to review the Bug Bounty Program policy periodically.
This Bug Bounty Program policy is subject to change without notice. The use of Superpe's services following any changes indicates your acceptance of those changes. We encourage you to review this Bug Bounty Program policy periodically.