Responsible Vulnerability Disclosure Program - Terms and Conditions
This page sets out the terms and conditions applicable to Dream11 Fantasy Private Limited’s ("Dream11") Responsible Vulnerability Disclosure Program ("Program") for addressing potential vulnerabilities in respect of the services offered on www.dream11.com and related mobile applications ("Dream11 Platforms").
We take the security of our users very seriously and strive to investigate and resolve all reported vulnerabilities and exploits. If you believe you have discovered a potential security vulnerability with the Dream11 Platforms, we appreciate your help in disclosing the issue to us responsibly. We strive to be as transparent as possible when it comes to our security efforts so you can stay informed and take action when needed.
Your participation in the Program is voluntary. By disclosing/reporting a vulnerability to us, you are indicating that you have read and have agreed to adhere to the terms and conditions set out on this page.
Upon receipt of your report, we shall review the same and may contact you for clarification on the same. We assure you that we will not take legal action against you or ask law enforcement to investigate you solely on account of your identification and reporting of a security vulnerability or exploit to us under this Program.
This Program is directed to online security issues and vulnerabilities with the Dream11 Platforms. If you have any service or support related queries or issues related to your individual account, then please contact us through our Helpdesk.
To be eligible to participate in the Program, you must:
- Be at least eighteen (18) years of age;
- Not be in violation of any national, state, or local law or regulation with respect to any activities directly or indirectly related to your participation in the Program.
Any information you receive or collect about us or any of our users, employees or agents in connection with your participation in the Program or in connection with your access to or use of the Dream11 Platforms ("Confidential Information") must be kept confidential and only used in connection with the Program. You agree not to use, disclose or distribute any such Confidential Information without our prior written consent.
Reporting a Vulnerability
- If you identify a vulnerability or security risk on the Dream11 Platforms, please contact us immediately at Dream11 Security.
- Please attach any supporting material such as screenshots, videos, instructions etc., that may help us understand the security risk identified and take steps to eliminate or mitigate the risk. Please provide us as many details as possible including a brief description of the security impact of the issue. In doing so, please take the utmost care to protect our users' privacy, data confidentiality, and integrity. The privacy of our users is crucial, and we very much value your assistance in preserving it. Please understand that we cannot work with or reward anyone who violates applicable laws or regulations, attempts to exploit a security issue, or access other user’s data or otherwise discloses or exploits the security issue or information received from the exploitation of the security issue for his/her personal benefit or the benefit of any third person.
- Do mention your full name, email address and phone number so that we can reach out to you if we need to contact you for any further information.
Evaluation of the Vulnerability Reported
- On receipt of your email, we will review the vulnerability identified including all supporting documents submitted and undertake an internal investigation. We may reach out to you for additional information during the course of our investigation.
- We will evaluate your suggestions on the vulnerability and keep you updated about the progress on evaluation and fixing of the vulnerabilities highlighted, if any. We will get in touch with you and inform requirements that we may have with respect to the same, in case we decide to take the same forward.
Terms of the Program
During the course of identifying a vulnerability on the Dream11 Platforms you agree that you shall not:
- Make any public disclosure of the vulnerability identified to any party without our prior written consent; or
- Disrupt the functioning of our Dream11 Platforms or disrupt the provision of our services; or
- Attempt to access or extract data from the registered accounts of the Dream11 Platforms users; or
- Share or make public any data which would violate the privacy of the Dream11 Platforms users; or
- Exploit the vulnerability for your personal gain or benefit.
We reserve the right to modify or cancel these terms or cancel the Program at any time. If you breach any of the terms specified above or if we determine that your continued participation in the Program poses a threat to the security of our Dream11 Platforms, we reserve the right to permanently bar you from the Program or take legal action against you depending on the severity of the violation