Confidentiality and Responsible Disclosure Agreement

This Confidentiality and Responsible Disclosure Agreement (“Agreement”) is entered into as of [Date] by and between:

Vimo, inc. dba GetInsured (“Company”)
and
[Full Name of Individual] (“Researcher”)

  1. Purpose

The purpose of this Agreement is to document the responsible disclosure of a potential security vulnerability identified by the Researcher and to ensure that all related information is handled in a secure, controlled, and compliant manner.

  1. Definition of Confidential Information

“Confidential Information” means all proprietary, non-public information relating to the Company, including, but not limited to:

  • Details of the identified vulnerability or security issue
  • Any data, screenshots, logs, or documentation related to the vulnerability
  • System architecture, configurations, or internal processes
  • Remediation steps, fixes, or patches applied
  • Any communications between the Researcher and the Company regarding this matter

Confidential Information does not include information that:

  • Is or becomes publicly available through no fault of the Researcher
  • Was lawfully known prior to disclosure
  • Is independently developed without use of, or reference to, Confidential Information
  1. Confidentiality Obligations

The Researcher agrees to:

  • Maintain strict confidentiality of all Confidential Information
  • Not disclose, publish, or share any details of the vulnerability or related findings with any third party without prior written consent from the Company
  • Not use the Confidential Information for any purpose other than responsible disclosure to the Company
  • Not retain or store any sensitive data obtained during the discovery process beyond what is necessary for documentation
  1. Responsible Disclosure Commitment

The Researcher agrees that:

  • No further testing, access attempts, or validation activities will be performed on Company systems without explicit written authorization
  • The vulnerability has not been and will not be exploited beyond what was necessary to identify and validate the issue
  • Any data accessed during the discovery process has not been misused, shared, or retained beyond minimal proof-of-concept evidence
  • All copies of sensitive data (if any) will be securely deleted upon request
  1. Company Commitments

The Company agrees to:

  • Acknowledge the Researcher’s responsible disclosure
  • Review and remediate the reported issue in accordance with internal security processes
  • Provide a formal letter of recognition documenting the Researcher’s contribution
  • Provide a goodwill gesture (e.g., gift card) as a token of appreciation, at the Company’s discretion
  1. No Admission of Liability

Nothing in this Agreement constitutes an admission of fault, liability, or wrongdoing by the Company. The vulnerability and its impact remain subject to internal validation and assessment.

  1. No Expectation of Compensation

The Researcher acknowledges that:

  • The Company does not operate a formal bug bounty program unless explicitly stated otherwise
  • Any goodwill gesture provided is discretionary and does not constitute payment, compensation, or contractual obligation
  1. Release of Claims

To the extent permitted by law, the Researcher agrees to release and hold harmless the Company, its officers, directors and employees from any and all claims, demands, or causes of action arising from or related to the discovery and disclosure of the vulnerability, provided the Company has acted in good faith in addressing the matter.

Researcher acknowledges that they have read section 1542 of the Civil Code of the State of California, which states in full:

A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR OR RELEASING PARTY DOES NOT KNOW OR SUSPECT TO EXIST IN HIS OR HER FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH, IF KNOWN BY HIM OR HER, WOULD HAVE MATERIALLY AFFECTED HIS OR HER SETTLEMENT WITH DEBT OR RELEASING PARTY.

Research waives any rights that Researcher has or may have under section 1542 of the Civil Code of the State of California to the full extent that Researcher may lawfully waive such rights pertaining to this general release of claims, and affirms that Researcher is releasing all known and unknown claims that Researcher has or may have against the parties listed above.

  1. Compliance with Laws and Regulations

Both parties agree to comply with all applicable laws and regulations, including those related to data protection, privacy, and cybersecurity.

Nothing in this Agreement prevents either party from complying with lawful obligations to regulatory authorities; however, the Researcher agrees to notify the Company prior to any such disclosure, where legally permissible.

  1. Terms

The confidentiality obligations under this Agreement shall remain in effect for a period of 5 years from the Effective Date, or longer if required by applicable law.

  1. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of California, without regard to conflict of law principles.

  1. Entire Agreement

This Agreement constitutes the entire understanding between the parties regarding the subject matter and supersedes all prior communications.

  1. Report Issue Discovered & Signatures