The YOGOSHA services are a series of services offered principally via a platform provided by the company YOGOSHA SAS, registered at the Nanterre trade and companies register under number n°815 035 563, whose principal activity is securing information systems by looking for and classifying security flaws in information systems (hereafter the BugBounty), with a view to optimising security, hereafter referred to globally as the YOGOSHA Services. The User of the platform is interested in all or part of the YOGOSHA Services. These general terms and conditions of service (“GTC”) apply to all visitors (hereafter the “User”) to the website accessible at the following address: https://www.yogosha.com/gtc.php (hereafter the “Platform”). Any access to the Platform entails acceptance of these GTC. The User acknowledges that he taken note of the GTC and declares that he accepts them without reservation. He also acknowledges that he has the capacity to enter into this Agreement by accepting the GTC. These GTC govern the YOGOSHA Services and all Orders subscribed by the User. They prevail over all other general terms and conditions of purchase or any other of the Client’s contractual documents. The Agreement is made up, by declining order of importance, of these GTC, Orders and declarations, in particular concerning the identification of the User.
To access the YOGOSHA Services, each User must create a User Account. For the creation of the User Account, the User declares that he is over 18 years’ old. The User signs up on a professional basis and declares that he has the legal authority and power to commit the entity on behalf of which he is operating. The User guarantees that he provides accurate and true information and that this information will be updated in the event of any changes. Upon registration, the User must transmit a copy of valid identification documents. The User accesses the YOGOSHA platform by entering an identifier and password, which he creates at the time of registration. The identifiers used to create a User account must comply with public order regulations and third party rights. These identifiers are strictly personal and must not be communicated to third parties. The User is the keeper and is fully responsible for preserving the confidentiality and for use of these identifiers. He must take all the steps necessary to prevent the unauthorised or fraudulent use of his User Account. YOGOSHA never asks a User, for any reason whatsoever, to communicate his identifier to it and any such request must be considered as a fraudulent request. If the User would like several access rights, he must identify the persons concerned on the information sheet provided by YOGOSHA. The User may modify the information sheet at any time. YOGOSHA does not supply any means of access, any software or hardware means to the User within the framework of these GTC. The creation of a User Account does not create any obligation for YOGOSHA and does not create any right for the User. YOGOSHA may modify the conditions for access to and use of all or part of the User Account at its discretion alone. YOGOSHA will do its best to inform the User of this without this being a binding obligation. YOGOSHA cannot be held liable for damages, losses or expenses borne or incurred by the User or a third party as a result of access obtained by an unauthorised person to the areas reserved to Users if such access is not due to any fault on the part of YOGOSHA. Failure to comply with identification obligations and to provide accurate information by the User may give rise to the suspension or cancellation of the User Account, and the termination of this Agreement. The User Account is created and used under the sole responsibility of the User. YOGOSHA reserves the right, without notice or indemnity, to close a User account temporarily or permanently, in particular in the event of the User’s failure to comply with these GTC. The closure of the User Account for any reason whatsoever may result in the loss of all the data and benefits granted to the User. In these conditions, it is up to the User to take the steps necessary to safeguard his data. There are two User Account profiles:
YOGOSHA, via the Platform, provides a purely technical link-up service between Client Users and Ninja Users.
The Platform is provided “as such” without any guarantee of any sort. YOGOSHA cannot guarantee the implementation of an uninterrupted Service and /or continuous access to all the Services offered in any place whatsoever. YOGOSHA may make improvements or modifications to the Platform at any time. YOGOSHA excludes any guarantee in terms of quality, truthfulness, accuracy, suitability for a particular use, ownership or absence of infringement. No content or information supplied by the Platform can be interpreted as constituting a guarantee. YOGOSHA shall on no account be held liable, whatever the grounds for the liability claim, for direct or indirect damages (nor any damages resulting from an incorrect interpretation of a publication, misinformation or libel) resulting from or linked to the use or layout of the information recirculated by the Platform. Any use of the content available on the Platform illegally or in a way that is harmful to YOGOSHA, to the Users or any third parties, or in any way that hinders, falsifies or disrupts the smooth running of the Platform, is strictly prohibited. YOGOSHA shall use its best endeavours to correct any bugs or anomalies affecting the Service. The User undertakes to inform YOGOSHA in writing of any dysfunction in the Service and/or the Platform, which is repeatable and not due to incorrect use of said Service and/or the Platform. As a technical service provider, YOGOSHA is not responsible for updating the information and data contained in the Service, or for verifying this information. YOGOSHA reserves the right to carry out targeted and temporary surveillance operations relating to the use of the Service and to interrupt access to the Services and/or terminate the Agreement in the conditions defined therein, in the event of any breach of obligations by the User. The User undertakes, when using the Service, not to break the law, violate public order regulations or third party rights. The User undertakes to notify YOGOSHA in writing of any fact brought to his knowledge that might constitute a breach of any of the provisions of these GTC or cause any damage. Access to the Service cannot be transferred by the User. If the User is aware that a third party has accessed the service without authorisation, he must inform YOGOSHA thereof immediately in writing. YOGOSHA may notify the User in writing, in particular by e-mail, of changes to the conditions of use of the Service or its offering relating to the Service which are necessary as a result of changes in applicable regulations, technical developments or for any other reason that it considers necessary for the supply of access to the Service. Occasionally YOGOSHA may change the codes, telephone numbers, interrupt access to or the running of the Service, for maintenance operations, YOGOSHA undertaking in this case to programme such interruptions at off-peak hours, that is to say when the Service is least used or in the event of an emergency. The User is fully informed and aware that the Internet and the Web are not secure networks and that malicious acts are possible, such as but not limited to, fraudulent access to an automated data processing system or disruption to the functioning of such a system. The User cannot use the Service to resell, rent, distribute or for any other commercial activity and any reverse engineering in connection with the Service is prohibited. The User releases YOGOSHA and its partners and declares that it takes responsibility for any claims by third parties resulting from the use of the YOGOSHA Service and/the Platform. The User allows YOGOSHA and its partners to use the results of the Service anonymously for the purposes of studies and publications. In the event of any infraction of the provisions of this Agreement, or misrepresentation or suspicious declaration, YOGOSHA reserves the right to suspend the Client’s access to the YOGOSHA services without notice or prior formalities; this suspension is not a termination as the Services may be resumed, nor does it have any discharging effect.
The Client has opted for one or all the YOGOSHA Services, then entered, via an interface, all the information necessary to create a BugBounty program, hereafter the Order(s), all Orders being governed by these GTC. The Order only becomes an Order when the Client has submitted it to YOGOSHA on-line via the “Submit for review” function and once the latter has expressly accepted it, namely by putting it on-line. YOGOSHA is free to refuse any Order submitted to it. In terms of BugBounty program, the Order, such as drafted by the Client, under its responsibility alone, determines the exact scope of the service. The Client has entered one or more targets on which the BugBounty service must focus. The target must consist of a connected object, a URL, an IP address with a link to an application, a Website or another information system which the Client declares belongs to it or for which it has the rights to include said targets within the scope of its Order. The Client declares that it only uses the Service to carry out security tests and scan the IP addresses belonging to it or on domains which it owns and for which it has obtained authorisation from its host and all the service companies concerned. The Client must inform beforehand all the service providers likely to be concerned or affected by an Order and/or the Service. The Client may specify the types of vulnerability sought. YOGOSHA submits the Order to a community of computer security professionals who have identified themselves to YOGOSHA beforehand and who have approved this Agreement beforehand, who may be invited by YOGOSHA due to their recognised competence, hereafter the Ninjas. The Ninjas are independent from YOGOSHA and have no relationship of subordination with the latter. The Client defines in the Order a maximum price associated with each Flaw identified, which may be revised upwardly depending on the criticality of the flaw identified and confirmed. The Client pays YOGOSHA, at the time of the subscription of this Agreement or at the time of the Order, a down-payment fixed by mutual agreement and specified for each Order. Through this down-payment, YOGOSHA immediately receives technical and management expenses for the provision of the YOGOSHA Platform and the Client gives YOGOSHA, by concluding these GTC and for all Orders, an express and irrevocable mandate to pay the Ninjas immediately, upon validation by the Client of the BugBounty report submitted by the Ninja(s). The BugBounty is a Service that links up the Client and the community of Ninjas via the YOGOSHA Platform, YOGOSHA participating in no way itself in looking for and classifying security flaws. The Client does not know the identity of the Ninjas, although their identity may be provided by YOGOSHA following a request from a legal authority. The Client is fully informed and aware that any search for flaws, or even any service on an information system that is up and running, may cause disturbances and it therefore commits to taking all measures possible to exclude or limit this risk. In particular, the Client declares that it gives its fully informed consent to the potential risks linked to the Service and accepts these risks which may (in certain cases) lead to interruptions to the Service or faults which may lead to the loss or corruption of the systems being tested (which may or may not lead to loss of data), that it assumes these risks for all the damages which may result from the use of the Service. In all cases, YOGOSHA cannot be held liable for the YOGOSHA Services with respect to services rendered by the Ninjas, its liability being limited to the provision of the YOGOSHA Platform. In all cases, consequential damages such as loss of turnover are excluded and direct damages are limited and capped at the amounts received annually by YOGOSHA from the Client with respect to fees or payments received for YOGOSHA Services, after deduction of the amounts due to the Ninjas.
Each Ninja undertakes to ensure that each action carried out as part of the use of the Platform is carried out in full compliance with applicable legal provisions and with French law. In particular, this means legal compliance as regards its legal status, tax and social security obligations. The Ninja recognises that any use of the Platform and the YOGOSHA Services is made under his full and exclusive responsibility. Consequently, the Ninja, recognises that any action carried out via his User Account is deemed to be carried out by him and as such he is responsible for such action. The Ninja therefore undertakes, when operating within the framework of a BugBounty, to carry out all actions in a way that is respectful to the Client and in compliance with the applicable legal provisions. The Ninja undertakes to limit his actions to the scope defined by the Client in its Order. The Ninja is aware that any action carried out outside the scope of an Order may result in him being held criminally or civilly liable. The Ninja undertakes not to disclose, under penalty of being held liable:
The Ninja is remunerated according to the conditions fixed in the Order. Notification is sent to the Ninja within 30 days following the submission of a BugBounty report, informing him of the acceptance of his BugBounty report. In the event of acceptance of the report, the Ninja receives remuneration within 30 days of receipt of his invoice.
YOGOSHA is not responsible for any unavailability of the Services caused by electronic communications operator faults or other technical intermediaries. YOGOSHA is not responsible for any damages originating from the use of the Service in conjunction with the software or hardware used by the User. YOGOSHA has a best endeavours obligation, including in terms of any assistance services. Consequently, YOGOSHA cannot be held responsible for any operating faults in the Service due to their existence alone or the incorrect use of the Service by the User. YOGOSHA does not guarantee the continuous running of the Service, nor that it is fault-free. YOGOSHA can only be held liable in the event of serious misconduct or proven negligence in the fulfilment of its obligations and its liability will be expressly limited as indicated above, to the exclusion of all other damages of any nature whatsoever, in particular operating losses, consequential damages, loss of information, loss or theft of data and damages caused to third parties. In all cases, YOGOSHA will only indemnify the User for up to the amount of the annual price of the Service.
Each of the parties undertakes to keep confidential, except as expressly agreed beforehand by the other party or in the event of force majeure, all the information relating to the Service or the activities or organisation of the parties. Each party undertakes to take, with respect to its personnel and more generally with regard to all external persons authorised to have access to the Service, all the measures necessary to safeguard the confidentiality of the means of access to the Service, including all codes and identifiers transmitted. Strict compliance with this obligation is required of all the Parties’ associates, including the Ninjas. This confidentiality obligation will survive the end of this Agreement, whatever the reason for the termination, for a period of five (5) years.
In accordance with the provisions of the French law n°2004-575 of June 21, 2004, YOGOSHA, as a technical intermediary, is not subject to any general obligation to monitor the information on the Platform. Any person wishing to bring to YOGOSHA’s attention the diffusion of clearly illegal content must provide all the information necessary to locate the content in question on the Platform and establish its illegality. For this purpose, a registered letter with acknowledgement of receipt should be sent to the following address: Yogosha SAS 47 rue Marcel Dassault, 92514 Boulogne Billancourt, France. YOGOSHA will assess the illegality of the content reported and, if necessary, act promptly to remove the content concerned or make access to it impossible. In accordance with the provisions of article 6-I-4 of the French law of n°2004-575 dated June 21, 2004, any person who reports an illegal content or activity to YOGOSHA with the purpose of having it removed or no longer displayed, while knowing that this information is inaccurate, may face one year’s imprisonment and a fine of 15,000 euros. In the event of receipt of notification reporting content which constitutes an infraction such as the vindication of crimes against humanity, inciting racial hatred or which involve child pornography, YOGOSHA will inform the competent public authorities.
YOGOSHA seeks to protect the privacy of its Users by complying with the applicable regulations in this respect. The personal data concerning the Users are collected and processed by YOGOSHA for the purposes of:
The Platform and its constituent elements are protected by industrial design rights, copyright, trademark law and by the regulations applicable to unfair competition and may not be copied or imitated in full or in part. Unless otherwise authorised by YOGOSHA, no logo, graphic element, sound or image from the Platform may be copied or circulated. YOGOSHA is a registered trademark. All rights not expressly granted are reserved.
The User recognises that he can save and print out these GTC by using the standard browser functions. YOGOSHA reserves the right to modify the GTC applicable to the Platform at any time. These GTC are binding throughout the duration of use of the Platform and until new GTC replace the current ones. Any use of the Platform by the User after the modification of the GTC entails acceptance by the latter of the new GTC. The GTC available on-line prevail over any previous printed version. In the event of disputes concerning the use of the Service, the parties agree that the recordings made by the YOGOSHA servers of the use of the Service will constitute valid proof between the parties. YOGOSHA may use any subcontractor of its choice for the performance of all or part of the service on condition that the service provided by the subcontractor corresponds to the terms of the GTC and that YOGOSHA remains liable for the service. Should any of the provisions of the GTC be invalidated by a legal decision, the parties agree to guide the judge so that his assessment takes into account the common intention of the parties shown by these GTC, the other provisions remaining valid and continuing to apply between the parties. The article headings are for reference purposes only. The User authorises YOGOSHA to cite its name as a commercial reference. The relations between YOGOSHA and the Users are governed by French law. Before turning to the courts for any reason whatsoever, the parties undertake to seek an amicable solution to any disagreement. This Agreement is entered into for an unlimited period of time and may be terminated at any time by either Party in writing, subject to serving a minimum of one month’s notice, it being agreed that any Order must be executed until its expiration, even if this goes beyond the end of this Agreement. In the event of any difficulty concerning the interpretation and/or execution of these GTC, the Parties agree to try and settle any disagreement amicably before terminating the Agreement for fault and/or before referring the case to the courts. The first party to act must notify the other party in of any grievances and invite it to attend a conciliation meeting to be held within a minimum of eight days and a maximum of twenty-one days, at a neutral location and within a maximum radius of ten kilometres from the YOGOSHA registered office. If conciliation fails, the first party to act may refer the matter to the courts of Paris applying French law, which have sole jurisdiction to hear any dispute.