Skip to main content

HackerOne Finder Terms and Conditions

Last Updated: February 16, 2017

Welcome to HackerOne! By signing up as a Finder, you are agreeing to the following terms and the General Terms and Conditions found at https://www.hackerone.com/terms/general, which are incorporated by reference. A Finder is a hacker, security researcher or anyone who is willing to help companies and other organizations find bugs and vulnerabilities in their computer systems.

Your Use of HackerOne Platform

You may use the HackerOne Platform to participate in Programs and submit Vulnerability Reports provided you comply with the Terms.

Vulnerability Reports

By making any Vulnerability Report available to a Customer, you agree to the Program Policy. HackerOne's Vulnerability Guidelines are superseded by individual Program Policies in the event of a conflict.

You represent that neither the Vulnerability Reports nor any use of Vulnerability Report by the Customer will infringe, misappropriate or violate a third party's intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation, including export control laws.

Bounties

You may be awarded a Bounty for submitting Vulnerability Reports to a Customer for a particular Program if the submitted Vulnerability Reports meets the Customer's requirements described in the Program Policy. HackerOne will process Bounties that are monetary payments on behalf of Customer, and will typically remit the Bounty payments to you within ten (10) business days after HackerOne receives the Bounty payments from the Customer (or, if HackerOne has a Bounty Prepayment from Customer for the Program, within ten (10) business days after Customer notifies HackerOne that you have been awarded the Bounty). HackerOne is not responsible for delays in payment outside of HackerOne's reasonable control.

You may remain anonymous by using a pseudonym. To be eligible to receive a Bounty, however, you must provide HackerOne with accurate, complete and up-to-date information about you, including your mailing address, social security number (if applicable) and any other information that HackerOne reasonably requests, to allow HackerOne to legally send any Bounty to you and file the appropriate tax form following year end. If you do not provide this information to HackerOne, any Bounty that would otherwise be paid to you will be paid to a charity of HackerOne's choosing.

You are responsible for paying all taxes related to the Bounty payments, if any.

HackerOne will not be liable in any way for any Program, including any errors or omissions in any Program Policy, or any loss or damage incurred as a result of your reliance on any Program Policy.

Independent Parties

You are not an employee, contractor or agent of HackerOne, but are an independent third party who wants to participate in Programs and connect with the Customer through the Services. Nothing in the Terms is intended to render HackerOne and you as joint venturers, partners, or employer and employee. Under no circumstance shall HackerOne be considered to be your employer, nor shall you have any right as an employee of HackerOne.

Customers are not employees, contractors or agents of HackerOne, but are independent third parties who want to participate in Programs and connect with you through the Services. You agree that any legal remedy that you seek to obtain for a Customer's actions or omissions or other third parties regarding a Customer's Program, including Vulnerability Reports, will be limited to a claim against the particular Customer or other third parties who caused harm to you, and you will not to attempt to impose liability on HackerOne or seek any legal remedy from HackerOne with respect to those actions or omissions.

Ownership and Licenses

HackerOne does not claim any ownership rights in any Vulnerability Reports. You agree that HackerOne may collect statistical and other information about Vulnerability Reports, and use that information at HackerOne. Except for any Vulnerability Reports, HackerOne and its licensors exclusively own all right, title and interest in and to the Services and content contained on the Services, including all intellectual property rights. The Services and HackerOne content are protected by copyright, trademark, and other laws of the United States and foreign countries.

By making any Vulnerability Report available to a Customer through the Services, you hereby grant to HackerOne a perpetual, irrevocable, non-exclusive, transferable, sublicenseable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit and distribute copies of that Vulnerability Report, for the sole purpose of providing the Services.

By making any Vulnerability Report available to a Customer through the Services, you hereby grant to the Customer a perpetual, irrevocable, non-exclusive, transferable, sublicenseable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit and distribute copies of that Vulnerability Report.

HackerOne hereby grants to you a revocable, non-exclusive, non-transferable, non-sublicenseable, worldwide, royalty-free license to use the HackerOne Platform and access and view the content that HackerOne makes available on the HackerOne Platform solely in connection with your permitted use of the HackerOne Platform. HackerOne may change or discontinue all or any part of the HackerOne Platform, including your access to it, at HackerOne's discretion.

Authority

If you are using the Services on behalf of a company (such as your employer), or a Customer or other legal entity, you represent that you have the authority to bind that company or other legal entity to the Terms. If you are a minor (in the United States, that means under 18 years old), your parents must agree to the Terms on your behalf.

Definitions

Some of the capitalized terms used in these Finder Terms and Conditions are defined the General Terms and Conditions.