HackerOne Privacy Shield Notice

Effective: April 29th, 2018

HackerOne ("We" or "Our") has certified our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, cementing our commitment to a safe and transparent environment for our users. As part of this compliance, we adhere to the Privacy Shield Principles of notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability for personal data submitted by our customers in participating European countries through the Services.

For more information about the Privacy Shield, see the U.S. Department of Commerce's Privacy Shield website. To review our certification on the Privacy Shield list, see the U.S. Department of Commerce's Privacy Shield self-certification list.

Our collection of personal data

HackerOne is responsible and remains liable for the processing of personal data it receives, under the Privacy Shield Frameworks, and subsequently transfers to a third party acting as an agent on its behalf. HackerOne complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred under the Privacy Shield Frameworks, HackerOne is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Purpose of data collection and processing

For the purposes of using our Services, we collect some information from you when you create an account. We also collect some information to ensure HackerOne works properly and to improve the user experience. This may include using Your Information for analytical purposes. For more details on all of the information we collect and use, see our Privacy Policy.

The type of third parties to which we disclose personal information

Under certain circumstances we may disclose personal information collected in connection with the Services. These are explained more fully in our Privacy Policy but can include:

  • If we employ other companies and people to perform tasks on our behalf, we may share Your Information with them as needed to provide the Services to you. Unless we tell you differently, our agents do not have any right to use any personal information we share with them beyond what is necessary to assist us.

  • We may share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling, and other similar purposes.

  • In the event of a business change or transaction including a sale or merger Your Information, may be disclosed or transferred in connection with the transaction subject to our Privacy Policy.

  • We will cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose Your Information to government or law enforcement officials in response to lawful requests or to private parties as we, in our sole discretion, believe necessary or appropriate: (i) to comply with law, regulation or valid legal process (including orders and subpoenas); or (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general. If we are going to release Your Information, our policy is to provide you with notice unless we are prohibited from doing so by law or court order.

We are aware and mindful of our responsibility and potential liability in cases of onward transfers to third parties.

For more details on how we disclose, see our Privacy Policy.

Inquiries and complaints

If you are a resident of a European country participating in the Privacy Shield and you believe we maintain your personal data within the scope of this Privacy Shield certification, you may direct any questions or complaints concerning our Privacy Shield compliance to privacy@hackerone.com.

Dispute Resolution & Arbitration

In compliance with the Privacy Shield Principles, HackerOne commits to resolve complaints about our collection or use of your personal information. EEA and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact HackerOne at privacy@hackerone.com.

HackerOne has further committed to refer unresolved Privacy Shield complaints to JAMS. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield or to file a complaint visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. The services of JAMS are provided at no cost to you. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.

U.S. Federal Trade Commission Enforcement

Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Right to access and limit use

You have a legal right to request the personal information about you held by us. On request, we will provide you with a copy of this information. You also have a right to correct, amend, or delete such personal information where it is inaccurate or has been processed in violation of the Privacy Shield Principles.

Requirement to Disclose

HackerOne may be required to share your personal information in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.