Trusted by banks, fintechs and enterprises across Africa to stay secure.

Leaderboard Vulnerabilities Blog
Home / Terms of Service

Terms of Service

Please read these terms carefully before using the BountiFix platform and services.

BountiFix Limited

Effective Date: January 1, 2025

Last Updated: June 12, 2026

These Terms and Conditions ("Terms") govern the use of the website, platform and services ("Platform") operated by BountiFix Limited ("BountiFix", "we", "our" or "us"). By accessing or using the Platform, you agree to comply with these Terms and all applicable Nigerian laws. If you do not agree, do not use this Platform.

1. Introduction

  1. BountiFix Limited is a Nigerian cybersecurity company providing a platform for coordinated vulnerability disclosure between clients and security researchers.
  2. These Terms apply to all users, including clients, researchers and visitors, and outline your rights and obligations when using our Platform.
  3. By accessing or using our services, you agree to be legally bound by these Terms.

2. User Categories and Eligibility

2.1. Clients

  1. Must be a registered and verifiable business entity in Nigeria or elsewhere.
  2. Must provide accurate information including RC number, billing contact and authorised representatives.
  3. Must have authority to engage in vulnerability disclosure programs.

2.2. Researchers

  1. Must be 18 years of age or older.
  2. Must provide valid, verifiable identification.
  3. Must accept and comply with the Researcher Code of Conduct.
  4. Must act in compliance with applicable laws in their jurisdiction.

2.3. BountiFix reserves the right to accept, suspend or remove any account at its discretion.

3. Permitted Use of the Platform

3.1. Users must use the Platform solely for lawful purposes.

3.2. Users must not:

  1. Misrepresent their identity or impersonate others.
  2. Use the Platform for unauthorised or illegal activity.
  3. Upload, distribute or introduce malicious software or harmful content.

3.3. Users must comply with all usage guidelines and security practices provided by BountiFix.

4. Responsibilities of Clients and Researchers

4.1. Client responsibilities

  1. Define a clear, legal and testable program scope.
  2. Set bounty terms, communication channels and severity criteria.
  3. Pay bounty rewards and service fees promptly.
  4. Respond to submitted reports within a reasonable timeframe (typically 7–10 working days).

4.2. Researcher responsibilities

  1. Follow the program scope and do not test out-of-scope assets.
  2. Refrain from exploiting or disclosing vulnerabilities.
  3. Submit reports through official BountiFix channels.
  4. Act ethically and in good faith throughout the research process.

5. Intellectual Property

5.1. All content on the Platform, including code, branding, documentation and designs, is the property of BountiFix and is protected under Nigerian intellectual property laws.

5.2. Researchers retain attribution rights to their submissions unless otherwise limited by NDAs or private program terms.

5.3. Upon acceptance and payout, the intellectual rights to vulnerability reports are transferred to the client.

6. Confidentiality Obligations

6.1. Users agree to maintain strict confidentiality regarding all:

  1. Program details,
  2. Vulnerability data, and
  3. Target system information.

6.2. Any unauthorised disclosure or misuse may result in account suspension and legal action.

7. Payments and Fees

7.1. For researchers

  1. Bounties are awarded after a vulnerability is validated and accepted by the client.
  2. Researchers are rewarded only after a report is accepted by the client and confirmed as in-scope and impactful.
  3. Payments are processed through approved third-party platforms.
  4. BountiFix is not liable for delays or disruptions caused by third-party services.

7.2. For clients

  1. Clients are responsible for funding bounty payouts and paying service fees.
  2. Payment is due within the period stated on the applicable invoice.
  3. Non-payment may result in suspension or termination of services.

8. Legal Compliance

8.1. Users must comply with applicable laws, including but not limited to:

  1. The Cybercrimes (Prohibition, Prevention, etc.) Act, 2015,
  2. The Nigeria Data Protection Act, 2023,
  3. All relevant export control and anti-fraud statutes.

8.2. Researchers are prohibited from exploiting or disrupting systems and must obtain necessary authorisations.

9. Limitation of Liability

9.1. The Platform is provided "as is" and without warranties, express or implied.

9.2. BountiFix shall not be liable for:

  1. Any indirect, incidental or consequential losses,
  2. Delays or failures of third-party services,
  3. The actions or omissions of clients or researchers.

10. Suspension and Termination

10.1. BountiFix may suspend or terminate access to the Platform at its sole discretion, including but not limited to:

  1. Breach of these Terms,
  2. Illegal activity, or
  3. Ethical violations.

10.2. Users may request account termination by contacting support@bountifix.com.

10.3. Termination does not waive outstanding obligations.

11. Updates to These Terms

11.1. These Terms may be updated periodically.

11.2. Users will be notified of material changes via email or platform alert.

11.3. Continued use after changes constitutes acceptance of the revised Terms.

12. Governing Law and Dispute Resolution

12.1. These Terms shall be governed by the laws of the Federal Republic of Nigeria, without prejudice to the mandatory provisions of law applicable in the user's country of residence.

12.2. Disputes shall first be addressed through informal negotiation.

12.3. If unresolved, disputes shall be referred to arbitration in Lagos, in accordance with the Arbitration and Mediation Act, 2023.

13. Contact Information

For legal or general inquiries, please contact:

Governance & Compliance Department

Last updated: June 12, 2026