BUG BOUNTY PROGRAM

1. Program Overview

The OptiArms Bug Bounty Program aims to encourage security researchers to identify and report vulnerabilities in our systems. This program operates under the principles of responsible disclosure and mutual respect between OptiArms and the security research community.

2. Eligibility

To participate in the program, you must:

• Be at least 18 years of age or have parental consent
• Not be a current or former employee, contractor, or vendor of OptiArms within the last 12 months
• Not be a resident of a country subject to U.S. sanctions
• Not violate any laws while conducting security research
• Not be involved in any prior malicious or illegal activity related to OptiArms

3. Testing Guidelines

When testing for vulnerabilities, you MUST:

• Only test on the systems and applications listed in the "In Scope" section
• Avoid disrupting our services, accessing other users' data, or causing harm to our systems
• Use only your own accounts for testing purposes or create test accounts
• Delete any data you may have accessed or downloaded during your research
• Avoid automated scanning tools that might impact system availability

You MUST NOT:

• Conduct denial-of-service attacks
• Attempt physical security breaches
• Engage in social engineering attacks, including phishing
• Access, modify, or destroy data that doesn't belong to you
• Make your findings public before OptiArms has addressed the issue

4. Reward Determination

Reward amounts are determined based on:

• Severity of the vulnerability as assessed by OptiArms
• Quality and completeness of the report
• Potential impact on our users and systems
• Novelty of the finding

OptiArms reserves the right to determine final eligibility for rewards. Duplicate reports will be rewarded on a first-come, first-served basis.

5. Disclosure Policy

By participating in this program, you agree to:

• Maintain confidentiality of any vulnerabilities you discover until they are fixed
• Allow OptiArms 90 days to address reported vulnerabilities before any disclosure
• Obtain written permission from OptiArms before publicly disclosing any vulnerability
• Only disclose vulnerability details to third parties with OptiArms' explicit consent

6. Legal Safe Harbor

OptiArms will not pursue legal action against researchers who:

• Comply with these terms and guidelines
• Report vulnerabilities promptly and responsibly
• Avoid causing harm to OptiArms, its users, or systems

This safe harbor applies only to legal claims under OptiArms' control and does not bind third parties.

7. Program Changes

OptiArms reserves the right to modify these terms at any time. Significant changes will be announced on our bug bounty page. Continued participation in the program after changes constitutes acceptance of the revised terms.