Skip to main content
an image of three HackerOne team members working together at their laptop

Clear Rules of Engagement

Hackers participating in Clear Programs often have increased levels of internal access, credentials or additional parameters. This document describes the Rules of Engagement and Additional Terms (these “RoEs”) for being part of HackerOne Clear and participating in HackerOne Clear Programs. By being a part of HackerOne Clear, you must accept and abide by these Rules of Engagement and all terms and conditions outlined below. Additionally, by participating in any programs on HackerOne, all Finders agree to help empower our community by following the HackerOne Code of Conduct (CoC). The CoC is in addition to the General Terms and Conditions and Finder Terms and Conditions all Clear hackers agree to when creating an account.

Code of Conduct

Background Checks and ID Verification

In order to qualify as a HackerOne Clear Finder, HackerOne must confirm certain information about you. By accepting these HackerOne Clear RoEs, you agree that HackerOne may conduct such background investigations and ID Verification as these are necessary to participate in Clear Programs and you hereby consent to HackerOne conducting these investigations and verifications. You must be a legal adult to be eligible for Clear. Without limiting the foregoing, among other things, HackerOne may request reports containing information about you from third ­party agencies that may contain information relating to, among other things, your criminal record, character, identity verification and reputation and may be conducted on a recurring basis while you remain an HackerOne Clear Finder. The types of information that may be obtained include, among other things, social security number (or Federal employer identification number or taxpayer number, if applicable) verifications, criminal records checks, public court records checks, governmental sanctions and professional references checks. Again, by agreeing to these terms, you hereby consent to HackerOne obtaining these reports through the third party vendors HackerOne may utilize for such reports. You may obtain a copy or summary of the reports on written request.

Current Vendor for ID Verification: Berbix
Current Vendor for Background Checks: First Advantage

Respect Confidentiality and Disclosure Guidelines and NDAs
Respect HackerOne's Code of Conduct
Use VPN or "Tag Your Traffic"
Be Professional
Satisfactory Performance
General Provisions
Definitions

Investigation and Enforcement

If a complaint is received from a customer, team member, another Finder, or if HackerOne observes something that appears to violate the Code of Conduct and/or these RoEs HackerOne will in all cases:

  • Assume good intent: HackerOne trusts that hackers will want to do the right thing.
  • Investigate fully so HackerOne understands what did (and did not) happen. HackerOne will speak to all parties involved, where appropriate, and attempt to provide a neutral viewpoint.
  • Repercussions: If HackerOne determines the Finder has violated the Code of Conduct and/or these RoEs, there will be disciplinary actions depending on the severity and HackerOne’s assessment of intent. Repercussions could include, depending on severity, temporary bans and permanent bans from HackerOne Clear, HackerOne Clear programs and/or the platform.

In general, HackerOne will seek to enforce these rules of engagement in accordance with the action guidelines below.

Incident First Offense Second Offense Third Offense
Breaking H1 Clear Rules of Engagement Temporary Ban from Clear & Removal from all Clear programs (3 months) Temporary Ban from Clear & Removal from all Clear programs (6 months) Permanent Ban from Clear & Removal from all Clear programs

Please note, however, that HackerOne reserves the right to escalate the severity of enforcement and sanctions in accordance with the nature of the offense and irrespective of previous offenses. Depending upon the severity of the offense, sanctions may include, without limitation, longer temporary bans, immediate removal from HackerOne Clear and HackerOne Clear Programs and/or a permanent ban from the HackerOne Platform.