HackerOne General Terms and Conditions

Effective Date: May 31, 2020 - June 30, 2023

These General Terms and Conditions apply to all Order Forms entered into on or after June 1, 2020 and for all Community Edition or other customers utilizing the HackerOne Services not pursuant to an Order Form as of such date.

Please read these General Terms and Conditions carefully because they, together with the Customer Terms and Conditions or the Finder Terms and Conditions, govern Customer's or Finder's use of the Services.

Customer or Finder shall not use the Services, or any portion thereof, for the benefit of any third party or in any manner not permitted by the Terms.

HackerOne may modify the Terms at any time upon notice to Customers and/or Finders, as applicable. If Customer or Finder does not object in writing to such changes and continues to use the Services after HackerOne has modified the Terms, Customer and Finder will be deemed to have agreed to be bound by the modified Terms.

HackerOne understands that it may receive Confidential Information of Customer, Customer understands that it may receive Confidential Information of HackerOne, and Finder understands that they may receive Confidential Information of a Customer or HackerOne. The receiving party agrees not to divulge to any third party any Confidential Information of another party and not to use any Confidential Information of another party for any purpose not contemplated by the Terms. Customers and Finders acknowledge and agree that HackerOne Aggregate Data is not Confidential Information and consent to the collection and use of HackerOne Aggregate Data.

HackerOne’s Privacy Policy, which describes how HackerOne collects, uses, and discloses information from HackerOne's Customers and Finders, will be applicable to the Services. For specific detail on HackerOne’s practices and types of cookies that HackerOne may use, please refer to our Cookies Policy

HackerOne’s Data & Information Security Policy, which describes the security of the HackerOne Platform, will be applicable to the Services.

HackerOne’s Vulnerability Disclosure Guidelines, which describe the default policy governing Finder Submissions through the Services, will be applicable to the Services. In the event of a conflict, HackerOne’s Vulnerability Disclosure Guidelines are superseded by individual Program Policies.

Each party shall comply with all Applicable Law in connection with the performance of its obligations and the exercise of its rights in the Services. Without limiting the foregoing, HackerOne respects copyright law in all jurisdictions in which it does business and expects its Customers and Finders to do the same. It is HackerOne’s policy to terminate, in appropriate circumstances, Customers and Finders which infringe or are believed to be infringing the rights of copyright holders. Please see HackerOne’s Copyright and IP Policy for further information.

Customer or Finder can submit Feedback by emailing HackerOne at feedback@hackerone.com. By submitting any Feedback, Customer or Finder grants to HackerOne a worldwide, perpetual, irrevocable, non-exclusive, transferable, sublicensable, fully-paid, and royalty-free license under any and all intellectual property rights that Customer or Finder owns or controls to use, copy, modify, create derivative works based upon, and otherwise exploit the Feedback for any purpose.

The Services may contain links to third party websites or resources. HackerOne provides these links only as a convenience and is not responsible for the content, products, or services on or available from those websites or resources or links displayed on such websites. Each Customer and Finder acknowledges sole responsibility for and assumes all risk arising from such Customer's or Finder's use of any third party websites or resources.

NO PARTY TO THE TERMS WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE, OR THE COST OF SUBSTITUTE SERVICES ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT SUCH PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY.

TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL CUSTOMER'S OR HACKERONE'S TOTAL LIABILITY TO THE OTHER ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO HACKERONE FOR USE OF THE SERVICES DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE WHEN THE CLAIM OR LIABILITY FIRST AROSE.

TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL HACKERONE'S TOTAL LIABILITY TO FINDER ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES EXCEED $1,000.

The Terms and any action related thereto will be governed by the laws of the State of California without regard to its conflict of laws provisions. Any and all disputes arising out of or concerning the Terms shall be brought exclusively within the Superior Court for the County of San Francisco or the United States District Court for the Northern District of California. Customer or Finder hereby submits to the personal jurisdiction of such courts and waives any and all objections to the exercise of jurisdiction, venue, or inconvenient forum in such courts.

CLASS ACTION WAIVER: EACH CUSTOMER AND FINDER WAIVE ANY RIGHT TO ASSERT ANY CLAIMS AGAINST HACKERONE AS A REPRESENTATIVE OR MEMBER IN ANY CLASS OR REPRESENTATIVE ACTION, EXCEPT WHERE SUCH WAIVER IS PROHIBITED BY LAW OR DEEMED BY A COURT OF LAW TO BE AGAINST PUBLIC POLICY.

HackerOne may use Customer's and/or Finder's name and/or logo in any publicity or advertising describing the relationship between the parties.

The Terms and any applicable executed Order Form that references the Terms constitute the entire and exclusive understanding and agreement between HackerOne and Customer or Finder, and supersede and replace any and all prior oral or written understandings or agreements between HackerOne and Customer or Finder regarding the Services. If any provision of the Terms is held to be invalid, prohibited, or otherwise unenforceable by legal authority of competent jurisdiction, the other provisions of the Terms shall remain enforceable, and the invalid or unenforceable provision shall be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. The Terms are assignable by HackerOne and will bind and inure to the benefit of the parties, their successors, and assigns. Customer or Finder may not assign the Terms without HackerOne's prior written consent, not to be unreasonably withheld.

Any notices or other communications provided by HackerOne under the Terms, including those regarding modifications to the Terms, will be given via email or by posting to the HackerOne Site.

A party's failure to enforce any right or provision of the Terms will not be considered a waiver of such right or provision. Any such waiver will be effective only if in writing and signed by a duly authorized representative of the party issuing such waiver.

An Order Form may be terminated by HackerOne or the Customer solely if the other party fails to cure a material breach of thereof within thirty (30) days after receiving written notice of the breach from the non-breaching party. HackerOne may terminate any Finder's access to and use of the HackerOne Platform, at HackerOne's sole discretion, at any time and without notice to the Finder. HackerOne may terminate the access of any Community Edition or other Customer utilizing the HackerOne Platform and Services not pursuant to an Order Form to the HackerOne Platform, at HackerOne’s sole discretion, at any time and without notice to the Customer. A Customer or Finder may cancel such Customer's or Finder's account at any time by sending an email to support@hackerone.com; provided, however, that in the event of such cancellation by a Customer, the Customer shall not be entitled to the refund of any prepaid HackerOne Fees unless specifically set forth in the applicable Order Form(s).

Upon any termination, discontinuation, or cancellation of the Services, the HackerOne Platform or a Customer's or Finder's account, the provisions of these Terms which, by their nature, are intended to survive termination, shall survive.

The following capitalized terms shall have the following meanings as used in these General Terms and Conditions, in the Customer Terms and Conditions, and/or in the Finder Terms and Conditions.

• “Affiliate" means any entity which controls, is controlled by or under common control with a party, where “control” means ownership or control, direct or indirect, of fifty percent (50%) or more of such entity’s voting capital, and any such entity shall be an Affiliate of such party only as long as such ownership or control exists.
• “Applicable Law” shall mean all laws (including the requirements of any government or regulatory authority) applicable to a party and/or the Services under this Agreement for the time being in force in the relevant jurisdiction. These include but are not limited to anti-money laundering, anti-bribery, data privacy, export, and intellectual property laws.
• “Confidential Information” means any confidential or proprietary business or technical information about a party related to the Services or a Program, including the HackerOne Platform and the content of Finder Submissions. Confidential Information does not include any information that (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party; (ii) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party; (iii) is already in the possession the receiving party at the time of disclosure by the disclosing party; or (iv) is obtained by the receiving party from a third party without a breach of such third party's obligations of confidentiality.
• “Customer” means a customer of HackerOne using the HackerOne Platform for Services, including to receive Finder Submissions.
• “Customer Report” means a report or similar documentation made available by HackerOne to a Customer through the HackerOne Platform or otherwise that summarizes or is based upon Finder Submissions, including, without limitation, penetration test reports, checklist reports, re-testing reports, and similar documentation regarding Finder activities related to a Program.
• “Feedback” means any feedback, comments, or suggestions for improvements to the Services.
• “Finder” means an individual or entity using the HackerOne Platform to provide Finder Submissions.
• “Finder Submission(s)” means documents and related materials evidencing a Finder’s activities related to a Program, including, without limitation, Vulnerability Reports.
• “HackerOne” means HackerOne Inc., a Delaware corporation, and its Affiliates.
• “HackerOne Aggregate Data” means aggregated and anonymized statistical and other information from Finder Submissions and Customers and Finders use of the HackerOne Platform and Services, which information does not identify particular Customer or Finders, and which is used for, among other things, reporting, research, improvements of the Platform and the Services, industry collaboration, and other reasonable business purposes.
• “HackerOne Platform” or “Platform” means the software-as-a-service HackerOne Platform offered by HackerOne.
• “HackerOne Property” means any property of any kind, tangible or intangible, which is acquired, created, developed, or licensed by HackerOne prior to or outside the scope of this Agreement and any improvement or modification thereof and all intellectual property rights therein, including without limitation the HackerOne Platform and Services.
• “HackerOne Site” means HackerOne's website located at hackerone.com and related domains and subdomains.
• “Program” means the security initiative(s) for which a Customer desires to receive Finder Submissions from Finders, which a Customer posts to the HackerOne Platform.
• "Program Materials” means the Program Policy and the description of the Program and any other materials made available by Customer to Finders in connection with a Program.
• “Program Policy” include a Customer created description of the security-related and other services that the Customer is seeking from Finders, the terms, conditions, and requirements governing the Program to which the Finders must agree, and the Rewards, if any, that a Customer will award to Finders who participate in the Program.
• “Order Form” means an order form or similar document referencing these Terms, which has been mutually agreed to by HackerOne and a Customer either (i) in a mutually signed writing or (ii) by a Customer issued purchase order that is accepted by HackerOne and which (a) expressly reference and incorporates this Terms and (b) describes the Services to be purchased, including the fees payable therefore and the start and end date of the subscription term for such Services, by referencing a HackerOne provided sales order form or otherwise; provided, however, that if a Customer purchases the Services through a reseller or other HackerOne authorized partner, the Order Form shall be the Order Form entered into between HackerOne and the reseller/authorized partner for such Customer’s use of the Services and the payment obligations under such Order Form and the Terms shall be payment obligations of the reseller/authorized partner and not the Customer.
• “Reward(s)” means bounties, grants, pay for effort payments, and other financial or non-financial rewards that are awarded to Finders participating in a Program.
• “Services” means HackerOne’s software as a service solution made available by HackerOne to Customers through the HackerOne Platform together with any ancillary services purchased by a Customer.
• “Terms” means these General Terms and Conditions and the Customer Terms and Conditions or the Finder Terms and Conditions, as applicable.
• “Third Party Services” means any third party services purchased by a Customer on a resale basis through HackerOne and which are specifically identified as Third Party Services in an Order Form.
• “Vulnerability Report(s)” means bug reports or other vulnerability information, in text, graphics, image, software, works of authorship of any kind, and information or other material that Finders provide or otherwise make available through the HackerOne Platform to a Customer resulting from participation in a Program.

If there are any questions about the Terms or the Services, please contact HackerOne at info@hackerone.com, or at HackerOne Inc., 548 Market Street PMB 24734, San Francisco, CA 94104.

Please see our existing General Terms and Conditions effective prior to June 1, 2020.