Paymatrix | CoWorking Spaces

Terms And Conditions

This website https://pg.paymatrix.in and https://workspace.paymatrix.in (hereinafter referred to as “Website”) is owned and operated by Speckle Internet Solutions Private Limited, having its office at No.02, T-Hub, Catalyst Building, IIIT-H Gachibowli, Hyderabad, Telangana-500032. All the services are provided by Speckle internet solutions under its brand name “PAYMATRIX”. Hence all the rights, benefits, liabilities & obligations under the following terms & conditions shall accrue to the benefit of Speckle. (Together with its subsidiaries and other affiliates, "us", "We" or "Paymatrix"), regarding your use of online rent payment , purchasing rent agreements or such other services which may be added from time to time (all such services are individually or collectively are referred as Service or Services as they case may be). For the purpose of these terms and conditions(mentioned below), wherever the context so requires "You" or "User" shall mean any natural or legal person who has agreed to become a user on the Website by providing Registration Data while registering on the Website. Please go through the following terms and conditions (“Terms of Service” or “Agreement”) carefully before registering, accessing, browsing or using the website as they contain legal terms and conditions that you agree to when using the services by accessing the website. By using the website and/or the services, you agree to be bound by these terms and conditions set forth including any additional guidelines and future modifications. If at any point of time, you do not wish to be bound by these terms and conditions or do not agree to these terms and conditions, you may not use the website and terminate your use of the services immediately. The headings used in this agreement are included for convenience only and will not limit or otherwise affect these Terms. You shall re-visit the "Terms & Conditions" link from time to time to stay informed of any changes that the "website" may introduce.

Paymatrix can be used for payment of Rent, Rent advance, Maintenance or Bill types as specified explicitly from time to time or notified on website. Users agree to take full responsibility for the transactions made on the platform with respect to nature of transaction, beneficiary and the tax implications pertaining to the same. Paymatrix and its payment partners act as mere facilitators of authorized payments and shall not assume responsibility nor liability for any unauthorized transactions. Paymatrix further reserves the right to hold/suspend/refund and report those bill payments or transactions that are suspicious in nature to regulators of banks concerned.

The membership for availing the services provided by the website are made available through registration process by after you submit certain requested information and agree to terms of service. By agreeing to terms of service, you represent that you are atleast 18 years of age and warranty that you have the right, authority and capacity to enter into this agreement and to abide by all terms and conditions of this agreement. You shall not impersonate any person or entity, or falsely state or otherwise misrepresent identity, age or affiliation with any person or entity. You are solely responsible for protecting the confidentiality of your username and password and any activity under the account will be deemed to have been done by you.

By using this website, it is agreed that you have given your consent to receive calls, auto-dialled or pre-recorded messages/calls from us at anytime with the use of the telephone number provided by you, for the use of this website, subject to the privacy policy. This also includes your consent to receive SMSs from us at anytime and contacting you through the information received through third parties as well as contacting other parties through the information provided by you. This consent to be contacted is for purposes that include and are not limited to clarification calls and marketing and promotional calls. You may send us a mail at [email protected] in case you wish to stop contacting you for the same.

YOU EXPRESSLY UNDERSTAND AND AGREE THAT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW: THE WEBSITE AND OTHER PRODUCTS AND SERVICES ARE DELIVERED TO YOU BY PAYMATRIX ARE (EXCEPT AS EXPRESSLY STATED BY US) PROVIDED "AS IS" AND “AS AVAILABLE” FOR USE, BASIS WITHOUT WARRANTY,REPRESENTATION OR CONDITIONS OF ANY KIND,EITHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WITHOUT LIMITING THE FOREGOING, PAYMATRIX MAKES NO WARRANTY THAT: YOUR REQUIREMENTS WILL BE MET OR THAT SERVICES PROVIDED WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE; INFORMATION OBTAINED AND RESULTS OBTAINED FROM THE USE OF SERVICE WILL BE EFFECTIVE, ACCURATE OR RELIABLE; ANY ERRORS OR DEFECTS IN THE WEBSITE, SERVICES OR OTHER MATERIALS WILL BE CORRECTED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE WILL HAVE NO LIABILITY RELATED TO USER CONTENT ARISING UNDER INTELLECTUAL PROPERTY RIGHTS, LIBEL, PRIVACY, PUBLICITY, OBSCENITY OR OTHER LAWS. PAYMATRIX ALSO DISCLAIMS ALL LIABILITY WITH RESPECT TO THE MISUSE, LOSS, MODIFICATION OR UNAVAILABILITY OF ANY USER CONTENT. THE USER UNDERSTANDS AND AGREES THAT ANY MATERIAL OR DATA DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE WEBSITE IS DONE ENTIRELY AT THEIR OWN DISCRETION AND RISK AND THEY WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO THEIR COMPUTER SYSTEMS OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF SUCH MATERIAL OR DATA. WE ARE NOT RESPONSIBLE FOR ANY TYPOGRAPHICAL ERROR LEADING TO AN INVALID COUPON. PAYMATRIX ACCEPTS NO LIABILITY FOR ANY ERRORS OR OMISSIONS, WITH RESPECT TO ANY INFORMATION PROVIDED TO YOU WHETHER ON BEHALF OF ITSELF OR THIRD PARTIES. WE SHALL NOT BE LIABLE FOR ANY THIRD PARTY PRODUCT OR SERVICES.WE ARE NOT RESPONSIBLE FOR SUSPENSION OF ANY SERVICE FOR INDEFINITE PERIOD OF TIME OR CANCEL THE SERVICE AT ANY TIME, WITHOUT NOTICE TO YOU. INCORRECT INFORMATION: Paymatrix is not responsible for payments made to incorrect bank account numbers and the user will not be entitled to get refund of any kind. You shall provide current, complete and accurate account information for all purchases made at our website. You agree to promptly update your account and other information, including your email address and credit card numbers and expiration dates, so that we can complete your transactions and contact you as needed. In the case that the information provided by you are false and inaccurate or the Company has reasonable reasons to believe you have done so, we hold the rights to suspend your account and/or terminate this Agreement without being held liable for the same. MISUSE OF SERVICES: We are not responsible if the user misuses the sole purpose of the service provided by the paymatrix. In the event of misuse, for instance, a user makes dummy transactions just to transfer money between two different accounts leads to termination of services with immediate effect. Paymatrix reserves the right to refuse service to anyone for any reason at any time. ACCESS TO THIRD-PARTY TOOLS: Paymatrix may provide you with access to third-party tools for which we neither have control or input of any kind nor monitor. We shall have no liability whatsoever arising from or relating to your use of optional third party tools. We may also, offer new services and new features through the website (including the release of new tools and resources) in the future. All such new features and /or services shall also be subject to these Terms of Service. TAX LIABILITY: All the users of Paymatrix are liable to pay all kinds of statutory levies and taxes. The GST applicable for the use of services is accounted in addition to the convenience fees charged by Paymatrix. Further, the onus of paying requisite Income tax and reporting the same to the concerned tax authorities is the sole liability of the concerned parties which can be tenant, landlord or property manager in the context of the business. The user acknowledges that Paymatrix is the simply the technology facilitator in this context of the business and it cannot be held liable for any related issues or claims.

At Paymatrix, the user is at freewill to use the platform for remitting rental payments and is not bound by any contract for mandatory use. Users shall have very well understood and acknowledge that payments when made into a bank account of your registered landlord are irreversible as the same falls under the personal jurisdiction of the said person. The service here refers to remittance of rent amount from your bank account and Paymatrix will not be liable to reverse such payments. As the service once rendered is irreversible, the user shall not be entitled for any refunds in case of successfully remitted payments to landlords. There shall be NO REFUNDS or REVERSAL of any kind for successfully remitted rental payments. However, the user shall be fully refunded for any kind of debits on account of technical failure on the website. Technical failure in this context refers to a deviation from the established payment process on our website without an acknowledgement to the user on the successful remittance of the payment. In such a case, the user shall be refunded the entire amount, including the service fees (if any), without any demur into his account within 7 to 10 working days.

All refunds to customers shall not entail any charge-back of convenience fee and related taxes. In case of user violating any T&C of Paymatrix or of our associated payment partners, Paymatrix reserves the right to hold back any payment which it feels as suspicious or invalid unless completely validated. Paymatrix further reserves the right to hot-list any user account if the same is found to be violating transaction terms of our website or our banking partners. Further, we also reserve the right to report the said transaction to the concerned regulatory authorities of banking partners for further action, as it deems. In case of any fraudulent transactions, Paymatrix reserves the right to take appropriate action in accordance with the agreed terms of use. In case the users are unable to furnish the required documents for validation or fraudulent transactions, Paymatrix reserves the right to refund the transaction amount to the source account after due deduction of the charges incurred , which includes convenience fee, PG charges , Service tax or GST as applicable and any other related charges. (Usually in the range of 2.5% - 3%).

Rent collection is free on https://pg.paymatrix.in and https://workspace.paymatrix.in. We may choose to charge the users a small fee for use or purchase of auxiliary services. The fee may vary from time to time and may be waived off temporarily for promotional purposes. Paymatrix may at its discretion, change, amend, increase, or reduce the Service Charges without prior intimation to the Customer. We shall not be liable to you or to any third-party for any modification, price change, suspension or discontinuance of the Service. There is no subscription based pricing, However, we may charge convenience fee for use of` services offered by Paymatrix on PAY PER USE basis. This convenience fee is inclusive of service tax for availing the platform for remitting the rent payment service. You shall pay all applicable taxes relating to the use of the Service through your account, and the purchase of any other services. However, there is no setup fee for creating an account with Paymatrix. The user will be made aware of the convenience charges in INR at the time of billing and prior to making the payment. The user can proceed to make the payment only upon his agreement to the convenience fee charged for the use of the particular service. All the convenience fees paid to Paymatrix are non-refundable. In case of any error in transaction, payment failure or over charge /wrong convenience fee charge, please contact our support team through the message box provided in the website or drop an email at [email protected].

Paymatrix.in currently provides a platform for all rental property owners, landlords (collectively referred to as "Participating Affiliates") and their respective tenants, remitting payments for availing rent payment and other property management services. Paymatrix.in facilitates various electronic payment options for the use of services by the users for their monthly rents, periodic rents, security deposits, other deposits, and all other fees and charges related to leased space, fixed or variable (the “Service”).Split your rent feature provides the tenant to share rent, security deposit or any other expenses with their flatmates. You, as the tenant of a Participating Landlord, are eligible to use the Services of the website to pay your rent and any related fees. Your credit card, or other on-line electronic payments made through the Service will be remitted to your Participating Landlord in accordance to the information provided by you. You will receive a timely confirmation/notification from Paymatrix.in acknowledging the Paymatrix.in’s receipt of credit card or on-line electronic payments. Unless explicitly stated otherwise, any new features, which enhance or augment Paymatrix.in’s current service offering shall be subject to the terms and conditions of service. You must obtain access to the World Wide Web and/or Internet in order to use the Service, either directly or through other devices that access web-based content. You must also pay any service fees associated with such access. In addition, you must supply all necessary equipment to connect to the World Wide Web and/or Internet, including a computer, a modem or other access devices.

Except for the information, services clearly stated as being offered by Paymatrix, we do not control or endorse any information or services on the internet in anyway. Any form of user content posted on website must verify the truthfulness and authenticity of the particulars of the content, including the time, place and nature. Before allowing such content to be posted on the Website, Paymatrix have the right and authority to verify the accuracy of such particulars related to the content with the respective sources provided by the User posting such content, if we feel that there is a need to check such accuracy. We have the right to upload content on behalf of third parties, subsequent to collecting such information and verifying it if we deem it necessary. Notwithstanding this, we can in no way be held liable for any false or misleading information. All the information provided by you will be governed by our Privacy Policy. Please refer to our "Privacy Policy".

By accessing the website, you agree not to use the website or its content:

For any unlawful purposes.
To solicit or perform any illegal activities or activities that infringe the rights of others.
For purposes other than those outlined in the Terms and Conditions or as provided by Paymatrix.
To violate any international, federal, provincial, state regulations, rules, laws, or local ordinances.
To infringe upon or violate intellectual property rights of ours or any third party, or rights of publicity or privacy.
To harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability.
To submit false or misleading information.
To interfere with the functionality or damage the operation of the services, or impair another user’s enjoyment of it, including by transmitting malicious code.
To collect or obtain personal or financial information of others, post defamatory messages, or disclose private information about individuals.
To breach this Agreement or any other Paymatrix policies.
To impersonate any person or entity, misrepresent an affiliation, or access others' accounts without permission.
To use the services in any way that could damage, disable, overburden, or impair them.
To engage in spamming, phishing, or using automated systems like robots or spiders inappropriately.
For any obscene or immoral purposes.
To interfere with, disable, or circumvent the security features of the Service or related websites.
If under the age of eighteen without a parental sponsor, or under the age of thirteen even with a parental sponsor, unless allowed by applicable law.
To reverse engineer, decompile, or disassemble the Services, except as allowed by law.
To monitor or copy the website without written permission.
To involve in selling services, information, or software derived from the website.
To modify, translate, adapt, or create derivative works from the services or website, except as permitted by law.
To forge headers or manipulate identifiers to disguise the origin of content.
To use any device, software, or routine to bypass the website’s robot exclusion headers, or to interfere with the services.
To send automated requests to the website’s systems without prior express permission from Paymatrix.

All the content and services available through our service may include materials from certain third parties. These third party links on the website may direct you to third-party websites which are not affiliated with Paymatrix. We are not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third-parties. Paymatrix is not liable for any harm or damages related to the use of services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party's policies and practices and make sure you understand them before you engage in any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party.

If any provision of the terms and conditions of service, or the application thereof, is found invalid or unenforceable, that provision will be amended to achieve as nearly as possible the same economic effect as the original provision and the remaining portion of this agreement will remain in full force.

In the event of failure of Paymatrix to enforce your compliance or exercise any right or provision to this website will not constitute any waiver or such provision.

We reserve the right to modify, update, change, add or remove any part of this Agreement (each, a “change”) at any time by posting changes through notification to the website. It is your responsibility to check the website periodically for changes. Your continued use of or access to our website or service after any change to these terms of service constitutes your acceptance to the changes made. It is your responsibility to check our website periodically for changes. Your continued use of or access to our website or the Service following the posting of any changes to these Terms of Service constitutes acceptance of those changes. For certain changes, Paymatrix may be required to give prior notice under applicable law, and will comply with such requirements if any.

Paymatrix offers reward points to specific users as part of various promotions. The reward points earned as part of these promotions are for exclusive use on Paymatrix on future transactions and are not to be redeemed in cash. In no case, Paymatrix is liable to extend cash or equivalent benefit against the rewards available in the user's account. The reward points come with an expiry date of 12 months from the date of issue and cannot be renewed or reissued in case they expire.The value of a reward point issued on Paymatrix is equivalent to Rs.1 and can be only redeemed against specific services or payments listed on the platform. Further, Paymatrix reserves the right to revoke grant of rewards or cancel the rewards issued, in case the user is found to accrue the same through fraudulent means (or) in violation of our Terms of use. The grant of rewards is a subject of discretion of Paymatrix and the company reserves the right to revise the terms of use.

These Terms of Service and any policies on this site or in respect to the Service constitute the entire agreement and understanding between you and Paymatrix and govern your use of the Service. This agreement will not be modified except in writing, signed by both parties, or by a change made by Paymatrix to this agreement in accordance with the terms of this agreement.

Only courts of Telangana alone have the exclusive jurisdiction over all the matters pertaining to the terms of use of this website, though the user accesses the website from any part of the country.

You can write to us : Mailing address: SPECKLE INTERNET SOLUTIONS PRIVATE LIMITED T-Hub, CATALYST, IIIT-H Gachibowli, Hyderabad, Telangana-500032 Registered Address: SPECKLE INTERNET SOLUTIONS PRIVATE LIMITED 6-1-132/4,405, ROYAL ASCOT, WALKER TOWN, PADMARAO NAGAR, SECUNDERABAD - 500025, TELANGANA, INDIA Email id: [email protected] Phone number: +91 7305145146

Our Privacy Policy

This privacy policy applies to https://pg.paymatrix.in and https://workspace.paymatrix.in (hereinafter also referred to as "Website").Please read our privacy policy carefully to get a better understanding of how we use or protect any information that has been provided by you while using the website. Paymatrix is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, and then you can be assured that it will only be used in accordance with this privacy statement. Paymatrix may change this policy from time to time by updating this page. Please check this page from time to time to ensure that you are aware of the changes made.

When you visit the Paymatrix.in website, we collect your IP address and standard web log information, such as your browser type and the pages you accessed on our website. If you visit our website or open an account, we collect the following types of information from you:

Contact Information
- Your name
- Address
- Phone
- Email
- Date of birth
- Other similar information
Financial information
- The bank account numbers and credit card numbers linked to your Paymatrix account
- Information about your rent payment or other payments to be executed through Paymatrix.in
KYC Information
- PAN no
- PAN copy
- Address Proof ID no.
- Picture and Address proof copy
- Type of Address Proofs:
  - Driving license
  - Voter ID
  - Passport
  - Aadhar information in encrypted form
Demographic information
- Postcode
- Preferences
- Interests
Other information relevant to customer surveys and/or offers
Vendor payments
Contact us
- If you email us through the "Contact Us" section on the website, we ask for information such as your name and email address so we can respond to your questions and comments.
- You may choose to provide additional information as well.

Before allowing you to use our Service, we may require you to provide additional information we can use to verify your identity or address or manage risk, such as your phone number or social security number or other information. We may also obtain information about you from third parties such as credit bureaus and identity verification services. When you are using our Service, we collect information about your account transactions, and we may collect information about your computer or other access device for fraud prevention purposes.

We require this information to understand your needs and provide you with a safe, smooth, efficient and customized service on the paymatrix.in website, and in particular for the following reasons:

Internal record keeping.
We may use the information to customize, measure, and improve our products and services and the content and layout of our website.
We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax, or mail.
We may use the information to customize the website according to your interests.
Provide the services and customer support you request, as well as send you transaction-specific email correspondence.
Process transactions and send notices to you and your payees about your transactions.
Resolve disputes and troubleshoot problems.
Prevent potentially prohibited or illegal activities.
Compare information for accuracy and verify it with third parties.

To process your payments, we need to share some of your personal information with the person or company that you are paying. When you pay rent through https://pg.paymatrix.in and https://workspace.paymatrix.in, we may also provide the landlord with certain basic information to help complete your transaction. The landlord is not allowed to use this information for any other purpose unless you have agreed to it. Some of our other features, such as the ability to consolidate payments from members of a group, and if members of a group each are responsible for paying a portion of an obligation, each member will be able to see whether each other member has made their respective payment. Regardless, we will not disclose your credit card number or bank account number to anyone you have paid through our website, except with your express permission or if we are required to do so to comply with a subpoena or other legal process.

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Paymatrix and its payment partners are the transaction facilitators between landlord and tenant. At NO point in time shall any representative from Paymatrix or the card issuing Bank shall ask for your Credit/Debit card details. Please DO NOT share such details to anyone requesting for the same even if someone poses to be an authorized representative of the company to gather such information.

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

You may request details of personal information which we hold about you ,while complying with the Data Protection Act 1998 against for which a small fee will be payable. If you would like a copy of the information held on you please write to SPECKLE INTERNET SOLUTIONS PVT LTD.,No.2, T-HUB, Catalyst building, IIIT-Hyderabad, Gachibowli, Hyderabad, Telangana -500032 If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address or email us on [email protected]. We will promptly correct any information that is found to be incorrect.

Responsible Disclosure Policy

Introduction

Paymatrix takes the security of our systems and its data very seriously. We are continuously striving to maintain and ensure that our environment is safe and secure for everyone to use. If you’ve discovered any security vulnerabilities associated with any of our Paymatrix services, we do appreciate your help in disclosing it to us in a responsible manner. Paymatrix will engage with you as external security researchers (the Researcher) when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. If a Researcher follows the rules set out in this Responsible Disclosure Policy when reporting a security vulnerability to us, unless prescribed otherwise by law or the payment scheme rules, we commit to:

Promptly acknowledging receipt of your vulnerability report and work with the researcher to understand and attempt to resolve the issue quickly;
Validating, responding and fixing such vulnerability in accordance with our commitment to security and privacy. We will notify you when the issue is fixed.
Unless prescribed by law otherwise, not pursue or take legal action against you or the person who reported such security vulnerabilities.
Not suspend or terminate access to our service/services if you are a merchant. If you are an agent, not suspend or terminate merchants access to our services to which the agent represents.
Publicly acknowledge and recognize your responsible disclosure in our Hall of Fame page.

Scope of this Policy

Any of the Paymatrix services iOS, Android or Web apps, which process, store, transfer or use in one way or personal or sensitive personal information, such as card data and authentication data.

Domains

https://pg.paymatrix.in
https://workspace.paymatrix.in

Focus Areas

Automated tools or scripts ARE STRICTLY PROHIBITED, and any POC submitted to us should have a proper step-by-step guide to reproduce the issue. Abuse of any vulnerability found shall be liable for legal penalties

Able to bypass payment flow
Price manipulation with a successful transaction (transaction id required)
SQL Injections
Remote Code Execution (RCE) vulnerabilities
Shell Upload vulnerabilities (only upload basic backend script that just prints some string, preferably try printing the hostname of the server and stop there ! **YES STOP THERE** ! )
Authentication and Authorization vulnerabilities including horizontal and vertical escalation. (Use 2 different test accounts created by you)
Domain take-over vulnerabilities
Stored XSS
Bulk user sensitive information leak
Descriptive error messages (e.g. Stack Traces, application or server errors)
Any vulnerability that can affect the Paymatrix Brand, User (Customer/Merchant) data and financial transactions

Out of Scope General

Price manipulation WITHOUT SUCCESSFUL TRANSACTION
Any services hosted by 3rd party providers and services not provided by Paymatrix
Any service that is not mentioned in the In Scope domains section
IDOR references for objects that you have permission to access
Duplicate submissions that are being remediated
Known issues
Rate limiting (Unless it implies severe threat to data, business loss)
Multiple reports for the same vulnerability type with minor differences (only one will be rewarded)
Open redirects
Clickjacking and issues only exploitable through clickjacking
Only session cookies needed http and secure flags. Apart from these, for other cookies we won’t consider as vulnerability
Issues without clearly identified security impact such as missing security headers.
Missing CAA headers
Vulnerabilities requiring physical access to the victim's unlocked device.
Formula Injection or CSV Injection
DOM Based Self-XSS and issues exploitable only through Self-XSS.

System and Infrastructure Related

Patches released within the last 30 days
Networking issues or industry standards
Password complexity
Email Related:
- SPF or DMARC records
- Gmail "+" and "." acceptance
- Email bombs
- Unsubscribing from marketing emails
Information Leakage:
- HTTP 404 codes/pages or other HTTP non-200 codes/pages
- Fingerprinting / banner disclosure on common/public services
- Disclosure of known public files or directories, (e.g. robots.txt)
- Unsubscribing from marketing emails
- Cacheable SSL pages

Login and Session Related

Forgot Password page bruteforce and account lockout not enforced
Lack of Captcha
Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality
Session Timeouts

Testing

A Researcher can test only against a merchant account if they are an account owner or an agent authorized by the account owner to conduct such testing. As a Researcher, in no event are you permitted to access, download or modify data residing in any other account or that does not belong to you or attempt to do any such activities. In the interest of the safety of our merchants, users, employees, the Internet at large and you as a Researcher, the following test types are expressly excluded from scope and testing: any findings from physical testing (office access, tailgating, open doors) or DOS or DDOS vulnerabilities. A responsible disclosure also does not include identifying any spelling mistakes, or any UI and UX bugs.

Rules

We require that all Researchers must:

Make every effort to avoid privacy violations, degradation of user or merchant experience, disruption to production systems, and destruction of data during security testing.
Not attempt to gain access to any other person's account, data, or personal information.
Use their real email address to signup and report any vulnerability information to us.
Keep information about any vulnerabilities you’ve discovered confidential between yourself and Paymatrix. Paymatrix will take a reasonable time to remedy such vulnerability (approximately 1 month as a minimum but this is dependent on the nature of the security vulnerability and regulatory compliance by Paymatrix). The Researcher shall not publicly disclose the bug or vulnerability on any online or physical platform before it is fixed and prior written approval to publicly disclose from Paymatrix.
Not perform any attack that could harm the reliability, integrity and capacity of our Services. DDoS/spam attacks are STRICTLY not allowed.
Not use scanners or automated tools to find vulnerabilities (noisy and we may automatically suspend your account and ban your IP address).
As a Researcher, you represent and warrant that you have the right, title, and interest to disclose any vulnerability found and to submit any information, including documents, codes, among others, in connection therewith. Once you inform a vulnerability, you grant Paymatrix, its subsidiaries, and affiliates an irrevocable, worldwide, royalty-free, transferable, sublicensable right to use in any way Paymatrix deems appropriate for any purpose, such as: reproduction, modification, distribution, adaptation among other uses, the information related with the vulnerabilities. Further, you hereby waive all other claims of any nature, including express contract, implied-in-fact contract, or quasi-contract, arising out of any disclosure accepted by Paymatrix.

Remember that you must never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure. Please include the following information with your report:

Detailed description of the steps required to help us reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us)
Your email address.
If you’d like to encrypt the information, please write to [email protected] or use our PGP key from the link below: https://keybase.io/paymatrix/key.asc

Report Template

The identified bug shall have to be reported to our security team by sending us a mail from their registered email address to [email protected] (Subject: Suspected Vulnerability on Paymatrix) (without changing the subject line else the mail shall be ignored and not eligible for bounty). The mail should strictly follow the format below: Individual Details: Full Name: Mobile Number: Any Publicly Identifiable profile(LinkedIn, Github etc.): Bug Details: Name of the Vulnerability: Areas affected: Impact: Detailed steps to reproduce (transaction id’s can also be provided here):

Recognition – Hall of Fame Page

By helping Paymatrix continuously keep our data secure, once the security vulnerability is verified and fixed as a result of report, we would like to put your name on our Hall of Fame page (We are in process of bringing hall of page soon.Meanwhile, please write to [email protected]) Of course, we will need to know if you want the recognition, in which case you will be required to give us your name and Twitter handle, LinkedIn Profile as you wish it to be displayed on our Hall of Fame page. We currently do not offer any monetary compensation. However, we may send out Paymatrix swag or goodies in some cases. Requests or demands for monetary compensation in connection with any identified or alleged vulnerability are non-compliant with this Responsible Disclosure Policy. Visit our Hall of Fame.
Consequences of Complying with This Policy
We will not pursue civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy. We consider activities conducted consistent with this policy to constitute “authorized” conduct under the Computer Fraud and Abuse Act. We will not bring a DMCA claim against you for circumventing the technological measures we have used to protect the applications in scope. If legal action is initiated by a third party against you and you have complied with Paymatrix’s VDP, Paymatrix will take steps to make it known that your actions were conducted in compliance with this policy.

Public Disclosure Policy:

By default, this program is in “PUBLIC NONDISCLOSURE” mode which means:"THIS PROGRAM DOES NOT ALLOW PUBLIC DISCLOSURE. ONE SHOULD NOT RELEASE THE INFORMATION ABOUT VULNERABILITIES FOUND IN THIS PROGRAM TO PUBLIC, FAILING WHICH SHALL BE LIABLE FOR LEGAL PENALTIES!”
The Fine Print
We may modify the terms of this program or terminate this program at any time. We won’t apply any changes we make to these program terms retroactively. Paymatrix employees and their family members are not eligible for bounties.