{ Know Your Customer (KYC) }

Verification of a single user is BugBounty AM's identity check for individual security researchers who want to participate in bug bounty programs. Before a researcher can submit vulnerability reports or receive bounty payments, they must verify their identity through our KYC process. This creates a trusted, accountable community where organizations can confidently engage researchers knowing that every participant is a real, verified individual bound by our Code of Conduct and Rules of Engagement.

Individual researcher verification serves multiple purposes in the bug bounty ecosystem. It protects organizations by ensuring that only real, identifiable people have access to their programs and systems — reducing the risk of malicious activity disguised as security research. For researchers, verification unlocks full platform access: the ability to submit reports, receive payments, build reputation, and get invited to exclusive private programs. Verified researchers are taken more seriously by program owners and receive faster triage on their submissions.

Verified researchers on BugBounty AM benefit from: • Full platform access — submit vulnerability reports and receive bounty payments • Reputation building — verified submissions contribute to your public trust score and leaderboard ranking • Private program invitations — top-performing verified researchers get invited to exclusive, high-reward programs • Faster triage — reports from verified researchers with strong track records receive priority review • Professional credibility — your BugBounty AM profile becomes a verifiable portfolio of your security research career • Payment processing — bounty payouts are only available to KYC-verified researchers

The KYC verification process for individual researchers involves the following steps: 1. Create your account on BugBounty.am and select the 'Researcher' account type 2. Complete your profile with accurate personal information 3. Submit a valid government-issued photo ID (passport, national ID card, or driver's license) 4. Complete a selfie verification to confirm your identity matches your submitted documents 5. Provide your payment details for bounty payouts (bank account or supported payment method) 6. Our compliance team reviews your submission — typically within 1-2 business days 7. Upon approval, you gain full access to public programs and become eligible for private program invitations

Researchers affiliated with public sector organizations — government cybersecurity teams, academic institutions, national CERTs — may submit additional documentation to reflect their institutional affiliation: • Government or institutional ID alongside personal identification • Letter of authorization from their employer confirming permission to participate in external bug bounty programs Public sector researchers with verified institutional backing may receive additional trust weighting in their reputation scores, reflecting the additional accountability that comes with institutional affiliation.

Researchers affiliated with private companies — cybersecurity firms, consultancies, or independent contractors — follow the standard individual verification process. If participating on behalf of a company: • Personal government-issued ID is still required (individual accountability) • Optional: company affiliation letter confirming the researcher is authorized to participate • Payment can be directed to either personal or company accounts Note: Researchers must disclose any potential conflicts of interest, such as current or former employment with the organization running a program they wish to participate in.

BugBounty AM handles all researcher KYC data with the same rigorous security standards applied to organizational data: • Personal identification documents are encrypted in transit and at rest using AES-256 encryption • Access is strictly limited to the compliance team — program owners and other researchers cannot view your KYC documents • Your real identity is never disclosed to program owners without your explicit consent • Data is retained only as long as required by applicable regulations • Researchers can request full deletion of their KYC data upon account closure • We never sell or share personal data with third parties for marketing or commercial purposes

Verification of a single user is BugBounty AM's identity check for individual security researchers who want to participate in bug bounty programs. Before a researcher can submit vulnerability reports or receive bounty payments, they must verify their identity through our KYC process. This creates a trusted, accountable community where organizations can confidently engage researchers knowing that every participant is a real, verified individual bound by our Code of Conduct and Rules of Engagement.

Individual researcher verification serves multiple purposes in the bug bounty ecosystem. It protects organizations by ensuring that only real, identifiable people have access to their programs and systems — reducing the risk of malicious activity disguised as security research. For researchers, verification unlocks full platform access: the ability to submit reports, receive payments, build reputation, and get invited to exclusive private programs. Verified researchers are taken more seriously by program owners and receive faster triage on their submissions.

Verified researchers on BugBounty AM benefit from: • Full platform access — submit vulnerability reports and receive bounty payments • Reputation building — verified submissions contribute to your public trust score and leaderboard ranking • Private program invitations — top-performing verified researchers get invited to exclusive, high-reward programs • Faster triage — reports from verified researchers with strong track records receive priority review • Professional credibility — your BugBounty AM profile becomes a verifiable portfolio of your security research career • Payment processing — bounty payouts are only available to KYC-verified researchers

The KYC verification process for individual researchers involves the following steps: 1. Create your account on BugBounty.am and select the 'Researcher' account type 2. Complete your profile with accurate personal information 3. Submit a valid government-issued photo ID (passport, national ID card, or driver's license) 4. Complete a selfie verification to confirm your identity matches your submitted documents 5. Provide your payment details for bounty payouts (bank account or supported payment method) 6. Our compliance team reviews your submission — typically within 1-2 business days 7. Upon approval, you gain full access to public programs and become eligible for private program invitations

Researchers affiliated with public sector organizations — government cybersecurity teams, academic institutions, national CERTs — may submit additional documentation to reflect their institutional affiliation: • Government or institutional ID alongside personal identification • Letter of authorization from their employer confirming permission to participate in external bug bounty programs Public sector researchers with verified institutional backing may receive additional trust weighting in their reputation scores, reflecting the additional accountability that comes with institutional affiliation.

Researchers affiliated with private companies — cybersecurity firms, consultancies, or independent contractors — follow the standard individual verification process. If participating on behalf of a company: • Personal government-issued ID is still required (individual accountability) • Optional: company affiliation letter confirming the researcher is authorized to participate • Payment can be directed to either personal or company accounts Note: Researchers must disclose any potential conflicts of interest, such as current or former employment with the organization running a program they wish to participate in.

BugBounty AM handles all researcher KYC data with the same rigorous security standards applied to organizational data: • Personal identification documents are encrypted in transit and at rest using AES-256 encryption • Access is strictly limited to the compliance team — program owners and other researchers cannot view your KYC documents • Your real identity is never disclosed to program owners without your explicit consent • Data is retained only as long as required by applicable regulations • Researchers can request full deletion of their KYC data upon account closure • We never sell or share personal data with third parties for marketing or commercial purposes