Vulnerability Disclosure Program

Terms & Conditions

About 1touch.io

1touch.io Inc. and its affiliates (“1touch.io”, the “Company”, “we”, “our” or “us”) welcome you (“you”) to 1touch.io’s Vulnerability Disclosure Program (the “Vulnerability Disclosure Program” or “Program”). We welcome reports of potential vulnerabilities from security researchers and our user community in accordance with the terms and conditions hereunder.

Acceptance of the Terms

By submitting any Vulnerabilities (as defined below) to us or otherwise participating in the Program in any manner, you acknowledge that you have read and understood the following terms (the “Terms”) and you agree to be bound by them and to comply with all applicable laws and regulations regarding your participation in the Program.

The Program is intended only for individuals who (a) are at least sixteen (16) years old; and (b) possess the legal capacity to enter into these Terms and to form a binding agreement under any applicable law.

The Program

1touch.io is committed to maintaining the security of its systems and data. As part of this commitment, we welcome reports of potential security vulnerabilities (“Vulnerability”) from security researchers and our user community. This Program outlines the terms and conditions under which such reports should be submitted and how they will be handled by 1touch.io. The Program covers all systems, applications, services and offerings owned, operated, or maintained by 1touch.io (collectively, “Products”).

If you identify a potential Vulnerability in 1touch.io’s Products, we request that you report it to us using our dedicated form or other designated channels. When reporting a Vulnerability, please provide the following information:

• A detailed description of the Vulnerability, including steps to reproduce it.

• Any evidence, such as screenshots or logs, that demonstrate the Vulnerability.

• Your contact information, including your name and email address.

• Any additional information that may assist 1touch.io in understanding and addressing the issue.

You may not engage in any activities that could harm the privacy of our users/customers, disrupt our Products and services, or destroy data during your research. Exploitation of vulnerabilities for testing purposes should be minimal and not impact the confidentiality, integrity, or availability of our Products, systems and/or data.

Following receipt of a report of Vulnerability, we will make reasonable efforts to confirm receipt of your report. Reports will be analyzed by our security team, with priority given to issues posing significant risk. We will try to keep you informed on our progress toward resolving the issue and to notify you once the issue has been resolved. Notwithstanding the foregoing, please note that we are not obligated to address any report and that any handling of any report or Vulnerability reported to us shall be made at our sole discretion.

Product Terms

Your access to and use of any Products shall be governed by and subject to the respective terms and conditions, end-user license agreements, service level agreements, privacy policies, and any other applicable agreements or policies (collectively, “Product Terms”) associated with each Product. Nothing contained within these Terms shall be construed as altering, superseding, or derogating from the Product Terms. In the event of any conflict, discrepancy, or inconsistency between these Terms and the Product Terms for a specific Product, the provisions of the applicable Product Terms shall prevail and take precedence over these Terms.

By participating in the Program, you represent and warrant that your access to and use of 1touch.io Products will be in strict accordance with the applicable Product Terms. Any unauthorized access, use, or manipulation of 1touch.io Products, or any violation of the Product Terms, shall be deemed a breach of these Terms.

No Obligation for Compensation or Recognition

1TOUCH.IO DOES NOT OFFER A BUG BOUNTY PROGRAM UNDER THESE TERMS. 1TOUCH.IO IS NOT OFFERING AND IS NOT OBLIGATED TO PROVIDE ANY KIND OF COMPENSATION, REWARD, OR RECOGNITION FOR YOUR SUBMISSION OF VULNERABILITY REPORTS OR ANY OTHER INFORMATION AND/OR MATERIALS PROVIDED TO 1TOUCH.IO UNDER THESE TERMS. BY PARTICIPATING IN THE PROGRAM, YOU HEREBY WAIVE AND RELEASE 1TOUCH.IO AND ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, AND REPRESENTATIVES FROM ANY CLAIM, DEMAND, OR CAUSE OF ACTION SEEKING ANY REWARD, MONETARY COMPENSATION, OR OTHER FORM OF CONSIDERATION IN CONNECTION WITH YOUR SUBMISSIONS OR YOUR PARTICIPATION IN THE PROGRAM. THIS WAIVER AND RELEASE SHALL APPLY REGARDLESS OF THE VALUE, SIGNIFICANCE, OR IMPACT OF YOUR SUBMISSIONS, AND YOU ACKNOWLEDGE AND AGREE THAT 1TOUCH.IO SHALL HAVE NO LIABILITY OR OBLIGATION WHATSOEVER TO PROVIDE ANY COMPENSATION OR RECOGNITION FOR YOUR SUBMISSIONS UNDER THESE TERMS.

Without derogating from the generality of the foregoing, at our sole and exclusive discretion, we may offer certain benefits (“Benefits”) or recognition for submissions that lead to improvements in our Products. Such Benefits or recognition will be subject to separate terms and conditions determined by 1touch.io on a case-by-case basis. If 1touch.io decides to offer you Benefits or recognition, we will notify you, and you may be required to provide or execute additional documentation to our full satisfaction, as a prerequisite for receiving such Benefits.

Confidentiality and Intellectual Property

All Vulnerabilities disclosed to 1touch.io shall be considered 1touch.io’s confidential information and should not be disclosed by you to any third party. Other than your submission of Vulnerability reports, we do not consider or accept unsolicited proposals or ideas, including without limitation ideas for new products, services, technologies, names and/or improvements. If you send any such unsolicited feedback to us, we make no assurances that your ideas will be treated as confidential or proprietary and you grant 1touch.io and its affiliates non-exclusive, irrevocable, perpetual, royalty free, worldwide and sub-licensable license to any rights under such feedback.

By submitting any Vulnerability or other materials and/or information to us, you grant 1touch.io and its affiliates a non-exclusive, irrevocable, perpetual, royalty-free, worldwide, sub-licensable right to use them for any business purpose. By submitting a Vulnerability report, you represent and warrant that the content of your submission is your own work, that you have not used any third party’s confidential information, resources, or intellectual property, and that you have the legal right to provide such submission to us, free and clear of any restrictions.

Restrictions

Unless otherwise explicitly permitted under these Terms or in writing by 1touch.io, you may not (and you may not permit anyone to): (a) perform any illegal, immoral, unlawful, and/or unauthorized act as part of the Program; (b) interfere with or violate any third party’s rights to privacy and other rights; (c) falsely state or otherwise misrepresent your affiliation with any person or entity, or express or imply that 1touch.io endorses you, your business, or any statement you make; (d) make physical attempts against 1touch.io’s property or data centers; (e) use social engineering tactics aimed at 1touch.io’s staff or contractors; (f) perform any denial of service (DoS) attacks; (g) conduct unapproved vulnerability or penetration testing on 1touch.io’s products and/or services; (h) sell, trade, or otherwise benefit from Vulnerabilities; (i) download, exfiltrate, copy, retain, corrupt, or modify 1touch.io’s data or its clients’ data in any unlawful manner; (j) infringe and/or violate any of these Terms; (k) access or modify data without authorization; (l) disrupt or degrade 1touch.io’s services; (m) engage in social engineering or phishing attacks against 1touch.io employees or users; or (n) violate the privacy or intellectual property rights of 1touch.io or any third party. By participating in the Program, you agree to conduct your research and reporting in compliance with all applicable laws and regulations.

Disclaimers and No Warranties

1TOUCH.IO, INCLUDING ITS VENDORS, OFFICERS, SHAREHOLDERS, SUB-CONTRACTORS, DIRECTORS, EMPLOYEES, AFFILIATES, SUBSIDIARIES, LICENSORS, AGENTS, AND SUPPLIERS (COLLECTIVELY, “1TOUCH.IO REPRESENTATIVES”), DISCLAIM ALL WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF IMPLIED WARRANTIES OF USE, OR FITNESS FOR A PARTICULAR PURPOSE, AND THOSE ARISING FROM A COURSE OF DEALING OR USAGE OF TRADE, IN CONNECTION WITH THE PROGRAM.

WE DO NOT WARRANT THAT WE WILL CORRECT ANY ERRORS OR DEFECTS IN THE PROGRAM OR MAKE ANY REPRESENTATION REGARDING YOUR PARTICIPATION, INABILITY TO PARTICIPATE, OR THE RESULTS OF YOUR PARTICIPATION IN THE PROGRAM. YOU AGREE THAT YOUR PARTICIPATION IN THE PROGRAM IS ENTIRELY AT YOUR OWN RISK. TO THE EXTENT THAT SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSIONS OR LIMITATIONS AS SET FORTH HEREIN, THE FULL EXTENT OF THE ABOVE EXCLUSIONS AND LIMITATIONS MAY NOT APPLY.

Limitation of Liability

TO THE MAXIMUM EXTENT LEGALLY PERMISSIBLE, IN NO EVENT SHALL 1TOUCH.IO OR 1TOUCH.IO REPRESENTATIVES BE LIABLE FOR ANY DAMAGES WHATSOEVER, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL, PUNITIVE, EXEMPLARY, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, CONTRACT, NEGLIGENCE, TORT, OR STRICT LIABILITY), ARISING HEREUNDER, RESULTING FROM OR ARISING OUT OF THE PROGRAM, ANY OTHER ACT OR OMISSION OF 1TOUCH.IO OR 1TOUCH.IO REPRESENTATIVES, OR BY ANY OTHER CAUSE WHATSOEVER, REGARDLESS OF WHETHER 1TOUCH.IO OR 1TOUCH.IO REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN ANY CASE, WITHOUT LIMITING THE GENERALITY OF THE FOREGOING AND TO THE MAXIMUM EXTENT LEGALLY PERMISSIBLE, IF 1TOUCH.IO OR ITS REPRESENTATIVES ARE FOUND LIABLE BY A COURT OF COMPETENT JURISDICTION FOR ANY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM, THE TOTAL AGGREGATE LIABILITY OF 1TOUCH.IO AND ITS REPRESENTATIVES SHALL NOT EXCEED ONE UNITED STATES DOLLAR (USD 1.00). TO THE EXTENT THAT SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSIONS OR LIMITATIONS AS SET FORTH HEREIN, THE FULL EXTENT OF THE ABOVE EXCLUSIONS AND LIMITATIONS MAY NOT APPLY.

Termination; Changes to the Terms and the Program

1touch.io reserves the right to modify, correct, amend, make any other changes to, or discontinue the Program at any time, without notice, and at its sole discretion. 1touch.io may also change these Terms from time to time, and your continued participation in the Program after the “Last Revised” date constitutes acceptance of and agreement to be bound by those changes. In the event of your failure to comply with these Terms, 1touch.io may immediately limit, suspend, or terminate your participation in the Program. Certain provisions of these Terms that, by their nature and content, must survive termination to achieve the fundamental purposes of these Terms shall so survive.

Safe Harbor

When conducting vulnerability research, according to this policy, we consider this research conducted under this policy to be:

-Authorized concerning any applicable anti-hacking laws, and we will not initiate or support legal action against you for accidental, good-faith violations of this policy;

-Authorized concerning any relevant anti-circumvention laws, and we will not bring a claim against you for circumvention of technology controls;

-Exempt from restrictions in our Terms of Service (TOS) and/or Acceptable Usage Policy (AUP) that would interfere with conducting security research, and we waive those restrictions on a limited basis; and

-Lawful, helpful to the overall security of the Internet, and conducted in good faith.

-By submitting this form, you certify that you are at least 16 years of age.

You are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

General

(a) These Terms constitute the entire terms and conditions between you and 1touch.io relating to the subject matter herein and supersedes any and all prior written or oral agreements or understandings between you and 1touch.io, (b) any claim relating to the Program will be governed by and interpreted in accordance with the laws of the State of New-York, USA without reference to its conflict-of-laws principles and the United Nations Convention Relating to a Uniform Law on the International Sale of Goods may not be applied, (c) any dispute arising out of or related to the Program will be brought in, and you hereby consent to exclusive jurisdiction and venue in, the competent courts located in the city of New York City, NY. You agree to waive all defenses of lack of personal jurisdiction and forum non-convenience and agree that process may be served in a manner authorized by applicable law or court rule. Notwithstanding the foregoing, 1touch.io.io may seek injunctive relief in any court of competent jurisdiction, (d) these Terms do not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the parties hereto, (e) no waiver by either party of any breach or default hereunder will be deemed to be a waiver of any preceding or subsequent breach or default. Any heading, caption or section title contained herein is inserted only as a matter of convenience, and in no way defines or explains any section or provision hereof, (f) YOU ACKNOWLEDGE AND AGREE THAT ANY CAUSE OF ACTION THAT YOU MAY HAVE ARISING OUT OF, OR RELATED TO, THE PROGRAM MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED, (g) if any provision hereof is adjudged by any court of competent jurisdiction to be unenforceable, that provision shall be limited or eliminated to the minimum extent necessary so that these Terms shall otherwise remain in full force and effect while most nearly adhering to the intent expressed herein, (h) you may not assign or transfer these Terms (including all rights and obligations hereunder) without our prior written consent and any attempt to do so in violation of the foregoing shall be void. We may assign these Terms without restriction or notification, (i) no amendment hereof will be binding unless in writing and signed by 1touch.io, and (j) the parties agree that all correspondence relating to these Terms shall be written in the English language.