Skip to main content

Code of Conduct

By participating in programs on HackerOne, all Finders agree to help empower our community by following the HackerOne Code of Conduct (CoC). The CoC is in addition to the General Terms and Conditions and Finder Terms and Conditions that all Finders must agree to when creating an account.

Behave professionally
Do not disclose private program details
Only contact security teams through approved channels
No unsafe testing / service degradation
No abusive language
No duplicate account abuse or reputation farming
No misuse or theft of intellectual property
Do not disclose report information, confidential information or personal data without express written authorization
No extortion or blackmail
No unauthorized impersonation / social engineering
The use of illegal or counterfit software is not allowed
Code of Conduct definitions

Enforcement Actions

The HackerOne Finder Code of Conduct is enforced in accordance with the action guidelines below.

Please note that HackerOne reserves the right to escalate the severity of enforcement and sanctions in accordance with the nature of the offense and irrespective of previous offenses. Depending upon the severity of the offense, sanctions may include, without limitation, longer temporary bans, immediate removal from HackerOne Clear and HackerOne Clear Programs and/or a permanent ban from the HackerOne Platform.

Incident First Offense Second Offense Third Offense Fourth Offense Fifth Offense
Unprofessional Behavior Warning Second Warning Final Warning Temporary Ban (2-4 weeks) Permanent Ban
Discussing Private Program Details Warning Second Warning Final Warning Temporary Ban (2-4 weeks) Permanent Ban
Discussing report Info or PII Without Approval Final Warning / Program Ban Temporary Ban (2-4 Weeks) Temporary Ban (3 months) Permanent Ban
Contacting the Security team out-of-band Final Warning / Program Ban Temporary Ban (2-4 Weeks) Temporary Ban (3 months) Permanent Ban
Service Degradation / Unsafe Testing Final Warning / Program Ban Temporary Ban (2-4 Weeks) Temporary Ban (3 months) Permanent Ban
Abusive language or harassment Final Warning / Program Ban Temporary Ban (2-4 Weeks) Temporary Ban (3 months) Permanent Ban
Reputation Farming Final Warning / Program Ban* Temporary Ban (2-4 Weeks) Permanent Ban
Extortion and Blackmail Permanent Ban
Unauthorized impersonation / Social Engineering Permanent Ban

Statutory timeline of warnings: When a warning is issued in accordance with this Code of Conduct, HackerOne considers that warning to be applicable for 12 months. Warnings which are over 12 months old expire and are not typically assessed when reviewing the severity of new warnings.

See something, say something: If you see another Finder violating these rules, please reach out to our team at “support@hackerone.com” or if you are needing help on a report of your own, you can request mediation directly in the platform on the report in question.