Copyright (c) 2025 Bountyy Oy. All rights reserved. This software is proprietary and confidential. SOURCE-AVAILABLE LICENSE Version 2.1 - Effective February 15, 2026 By using, copying, or accessing this software, you agree to be bound by the terms of this license. If you do not agree, you may not use, copy, or access the software in any way. DEFINITIONS "Software" means the Lonkero vulnerability scanner source code, compiled binaries, documentation, and any associated files distributed by Bountyy Oy under this license. "Output" means any data, reports, findings, scan results, or other information generated by the Software. "Organization" means any company, corporation, partnership, government entity, non-profit, or other legal entity, including its subsidiaries and affiliates. "Commercial Purpose" means any activity intended for or directed toward commercial advantage or monetary compensation, whether direct or indirect. This includes but is not limited to: use in a commercial product or service, use to support paid consulting or advisory services, use in internal operations of a for-profit Organization, and use of Output in any deliverable provided to a third party for compensation. "Small Organization" means an Organization with fewer than ten (10) employees and annual gross revenue below EUR 1,000,000. "Competing Product" means any software product or service whose primary function is automated vulnerability scanning, web application security testing (DAST), static application security testing (SAST), or attack surface management, and that is offered commercially to third parties either as standalone software, a SaaS platform, or as a core component of a managed service. Internal scripts, tools, or automation used solely within an Organization's own security operations do not constitute a Competing Product. "Commercial License" means a separate written license agreement between the licensee and Bountyy Oy that grants additional rights beyond those provided in this license, including the right to use the Software for Commercial Purposes. PERMITTED USE 1. PERSONAL USE: Individuals may view, clone, study, compile, run, and modify the Software for personal, non-commercial purposes. 2. EDUCATIONAL USE: Academic institutions and students may use the Software for educational and research purposes, provided results are not used for any Commercial Purpose. 3. SMALL ORGANIZATION USE: Small Organizations may use the Software for internal security assessments of their own infrastructure, provided the Output is not sold, redistributed, or included in any service offered to third parties. 4. COMMERCIAL LICENSE USE: Organizations that have obtained a Commercial License from Bountyy Oy may use the Software and its Output in accordance with the terms of that Commercial License, including for penetration testing engagements, security assessments, consulting services, and other professional services delivered to third parties. The specific scope of permitted use is defined in each Commercial License. RESTRICTIONS The following restrictions apply to all users. Where a restriction conflicts with rights explicitly granted in a Commercial License, the Commercial License terms govern for that licensee only. 1. COMMERCIAL USE PROHIBITED: You may not use the Software or its Output for any Commercial Purpose without a Commercial License from Bountyy Oy. 2. ORGANIZATIONAL USE REQUIRES LICENSE: Any Organization that does not qualify as a Small Organization must obtain a Commercial License from Bountyy Oy before using the Software for any purpose, whether internal or external, commercial or non-commercial. This applies regardless of which individual within the Organization operates the Software. 3. SERVICE USE PROHIBITED: You may not use the Software or its Output to provide services to third parties, whether paid or unpaid, without a Commercial License from Bountyy Oy. This includes but is not limited to: managed security services, vulnerability assessments, penetration testing, consulting engagements, or any "as-a-service" offering. 4. REDISTRIBUTION: You may not redistribute the Software or derivative works, whether in source or binary form, without express written permission from Bountyy Oy. 5. PROPRIETARY NOTICES: You may not remove or alter any proprietary notices, labels, or marks on the Software. 6. INDIRECT USE OF OUTPUT: You may not use, incorporate, reference, or rely on the Output of this Software as part of any paid service, product, report, or deliverable provided to any third party without a Commercial License from Bountyy Oy. 7. REVERSE ENGINEERING: You may not reverse engineer, decompile, disassemble, or otherwise attempt to derive the internal workings, algorithms, or architecture of the compiled Software beyond what is provided in the publicly available source code. You may not use knowledge gained from studying the source code to build, improve, or contribute to any Competing Product. 8. COMPETITIVE USE PROHIBITED: You may not use the Software, its source code, its Output, its architecture, its detection logic, its scanning techniques, or any knowledge derived from it to develop, enhance, train, or improve any Competing Product. This restriction applies whether the Competing Product is commercial or non-commercial, open source or proprietary, and survives the termination of this license. For clarity: Organizations that hold a Commercial License and also develop or maintain a Competing Product are permitted to use the Software as an end-user tool under their Commercial License, but may not incorporate, replicate, or derive from the Software's source code, architecture, detection logic, or scanning techniques in their Competing Product. Use of the Software as an end-user tool does not grant any right to use the Software's internals in a Competing Product. 9. AI AND MODEL TRAINING: You may not use the Software, its source code, its documentation, or its Output as training data, fine-tuning data, or input for any machine learning model, artificial intelligence system, or automated code generation tool without express written permission from Bountyy Oy. 10. CIRCUMVENTION: You may not use technical measures to circumvent or avoid the licensing requirements of this license, including but not limited to operating the Software through intermediaries, shell entities, or automated systems designed to avoid triggering license requirements. LICENSE COMPLIANCE AND VERIFICATION Bountyy Oy reserves the right to verify compliance with this license. Upon reasonable written notice, licensees agree to provide documentation confirming their eligibility for non-commercial use, including but not limited to confirmation of Organization size and revenue where relevant. TERM AND TERMINATION This license is granted for the duration of your use of the Software. Violation of any term in this license automatically and immediately terminates your rights under it. Upon termination, you must cease all use of the Software and destroy all copies in your possession. Continued use after termination constitutes copyright infringement under applicable law. The restriction in Section 8 (Competitive Use Prohibited) survives termination of this license indefinitely. Bountyy Oy may update the terms of this license for future releases of the Software. Continued use of updated versions constitutes acceptance of the updated terms. Prior versions of the Software remain governed by the license terms in effect at the time of their release. NO WARRANTY THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL BOUNTYY OY BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. GOVERNING LAW AND JURISDICTION This license is governed by and construed in accordance with the laws of Finland, without regard to its conflict of law provisions. Any disputes arising from this license shall be resolved in the courts of Helsinki, Finland. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply. SEVERABILITY If any provision of this license is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the original intent. CONTACT For commercial licensing inquiries: info@bountyy.fi For licensing compliance questions: info@bountyy.fi Bountyy Oy Vantaa, Finland