HackerOne General Terms and Conditions

Effective Date: July 1, 2023

These General Terms and Conditions apply to all Order Forms entered into on or after July 1, 2023, and for all Community Edition and/or other Customers utilizing the HackerOne Services not pursuant to an Order Form as of such date.

Please read these General Terms and Conditions carefully because they, together with the Customer Terms and Conditions or the Community Members Terms and Conditions, govern Customer's or Community Member’s use of the Services (the “Terms”).

1. General Prohibitions

1.1) Customer or Community Member shall not use the Services, or any portion thereof, for the benefit of any third party or in any manner not permitted by the Terms.

2. Changes to the Terms

2.1) HackerOne may modify the Terms at any time upon notice to Customers and/or Community Members, as applicable. If Customer or Community Member does not object in writing to such changes and continues to use the Services after HackerOne has modified the Terms, Customer and Community Member will be deemed to have agreed to be bound by the modified Terms.

3. Confidential Information and Confidentiality Obligations

3.1) HackerOne understands that it may receive Confidential Information of Customer, Customer understands that it may receive Confidential Information of HackerOne, and Community Member understands that they may receive Confidential Information of a Customer or HackerOne. The receiving party agrees not to divulge to any third party any Confidential Information of another party and not to use any Confidential Information of another party for any purpose not contemplated by the Terms. Customers and Community Members acknowledge and agree that Non-Identifying Data is not Confidential Information and consent to its use by HackerOne without restriction, including but not limited to, improving the Platform and Services, and security industry research and collaboration.

4. Data protection and Privacy Policy

4.1) HackerOne’s Privacy Policy, which describes how HackerOne collects, uses, and discloses information from HackerOne's Customers and Community Members, will be applicable to the Services. For specific detail on HackerOne’s practices and types of cookies that HackerOne may use, please refer to HackerOne’s Cookies Policy.

5. Data & Information Security Policy

5.1) HackerOne’s Data & Information Security Policy, which describes the security of the HackerOne Platform, will be applicable to the Services.

6. Vulnerability Disclosure Guidelines

6.1) HackerOne’s Vulnerability Disclosure Guidelines, which describe the default policy governing Community Member Submissions through the Services, will be applicable to the Services. In the event of a conflict, HackerOne’s Vulnerability Disclosure Guidelines are superseded by individual Program Policies.

7. Compliance with Laws/Copyright Policy

7.1) Each party shall comply with all Applicable Law in connection with the performance of its obligations and the exercise of its rights in the Services. Without limiting the foregoing, HackerOne respects copyright law in all jurisdictions in which it does business and expects its Customers and Community Members to do the same. It is HackerOne’s policy to terminate, in appropriate circumstances, Customers and Community Members which infringe or are believed to be infringing the rights of copyright holders. Please see HackerOne’s Copyright and IP Policy for further information.

8. Feedback

8.1) Customer or Community Member may submit Feedback at any time by emailing HackerOne at feedback@hackerone.com. By submitting any Feedback, Customer or Community Member grants to HackerOne a worldwide, perpetual, irrevocable, non-exclusive, transferable, sublicensable, fully-paid, and royalty-free license under any and all intellectual property rights that Customer or Community Member owns or controls to use, copy, modify, create derivative works based upon, and otherwise exploit the Feedback for any purpose.

9. Links to Third Party Websites or Resources

9.1) The Services may contain links to third party websites or resources. HackerOne provides these links only as a convenience and is not responsible for the content, products, or services on or available from those websites or resources or links displayed on such websites. Each Customer and Community Member acknowledges sole responsibility for and assumes all risk arising from such Customer's or Community Member's use of any third party websites or resources.

10. Limitation of Liability

10.1) NO PARTY TO THE TERMS WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE, OR THE COST OF SUBSTITUTE SERVICES ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT SUCH PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY.

10.2) TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL CUSTOMER'S OR HACKERONE'S TOTAL LIABILITY TO THE OTHER ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO HACKERONE FOR USE OF THE SERVICES DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE WHEN THE CLAIM OR LIABILITY FIRST AROSE.

10.3) TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL HACKERONE'S TOTAL LIABILITY TO COMMUNITY MEMBER ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES EXCEED $1,000.

11. Governing Law and Jurisdiction; Class Action Waiver

11.1) The Terms and any action related thereto will be governed by the laws of the State of Delaware. Any and all, disputes arising out of or concerning the Terms shall be brought exclusively in the state and federal courts of Delaware. Customer or Community Member hereby submits to the personal jurisdiction of such courts and waives any and all objections to the exercise of jurisdiction, venue, or inconvenient forum in such courts.

11.2) CLASS ACTION WAIVER: EACH CUSTOMER AND COMMUNITY MEMBER WAIVE ANY RIGHT TO ASSERT ANY CLAIMS AGAINST HACKERONE AS A REPRESENTATIVE OR MEMBER IN ANY CLASS OR REPRESENTATIVE ACTION, EXCEPT WHERE SUCH WAIVER IS PROHIBITED BY LAW OR DEEMED BY A COURT OF LAW TO BE AGAINST PUBLIC POLICY.

12. Publicity

12.1) HackerOne may use Customer's and/or Community Member's name and/or logo in any publicity or advertising describing the relationship between the parties.

13. Miscellaneous Terms

13.1) The Terms and any applicable executed Order Form that references the Terms constitute the entire and exclusive understanding and agreement between HackerOne and Customer or Community Member and supersede and replace any and all prior oral or written understandings or agreements between HackerOne and Customer or Community Member regarding the Services. If any provision of the Terms is held to be invalid, prohibited, or otherwise unenforceable by legal authority of competent jurisdiction, the other provisions of the Terms shall remain enforceable, and the invalid or unenforceable provision shall be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. The Terms are assignable by HackerOne and will bind and inure to the benefit of the parties, their successors, and assigns. Customer or Community Member may not assign the Terms without HackerOne's prior written consent, such consent not to be unreasonably withheld.

13.2) Any notices or other communications provided by HackerOne under the Terms, including those regarding modifications to the Terms, will be given via email or by posting to the HackerOne Site.

13.3) A party's failure to enforce any right or provision of the Terms will not be considered a waiver of such right or provision. Any such waiver will be effective only if in writing and signed by a duly authorized representative of the party issuing such waiver.

14. Termination

14.1) An Order Form may be terminated by HackerOne or the Customer solely if the other party fails to cure a material breach of thereof within thirty (30) days after receiving written notice of the breach from the non-breaching party. HackerOne may terminate any Community Member's access to and use of the HackerOne Platform, at HackerOne's sole discretion, at any time and without notice to the Community Member. HackerOne may terminate the access of any Community Edition and/or or other Customer utilizing the HackerOne Platform and Services not pursuant to an Order Form to the HackerOne Platform, at HackerOne’s sole discretion, at any time and without notice to the Customer. A Customer or Community Member may cancel such Customer's or Community Member's account at any time by sending an email to support@hackerone.com; provided, however, that in the event of such cancellation by a Customer, the Customer shall not be entitled to the refund of any prepaid HackerOne Fees unless specifically set forth in the applicable Order Form(s).

14.2) Upon any termination, discontinuation, or cancellation of the Services, the HackerOne Platform or a Customer's or Community Member's account, the provisions of these Terms which, by their nature, are intended to survive termination, shall survive.

14.3) Suspension of Services. Without limiting the foregoing, HackerOne may suspend or limit Customer’s access to or use of the Service if (i) Customer’s payment of fees is more than sixty (60) days past due; (ii) Customer’s use of the Service results in (or is reasonably likely to result in) damage to or material degradation of the Service which interferes with HackerOne’s ability to provide access to the Service to other customers; (iii) Customer breaches of the Agreement; (iv) Customer use of the Services is directly or indirectly linked to illegal activity; (v) Customer’s failure to pay Reward funds. In the case of subsection (ii): (a) HackerOne shall use reasonable efforts to work with Customer to resolve or mitigate the damage or degradation in order to resolve the issue without resorting to suspension or limitation; (b) prior to any such suspension or limitation, HackerOne shall use commercially reasonable efforts to provide notice to Customer describing the nature of the damage or degradation; and (c) HackerOne will reinstate Customer’s use of or access to the Service, as applicable, if Customer remediates the issue within thirty (30) days of receipt of such notice. 

15. Certain Definitions

15.1 The following capitalized terms shall have the following meanings as used in these General Terms and Conditions, in the Customer Terms and Conditions, and/or in the Community Member Terms and Conditions.

  • “Affiliate" means any entity which controls, is controlled by or under common control with a party, where “control” means ownership or control, direct or indirect, of fifty percent (50%) or more of such entity’s voting capital, and any such entity shall be an Affiliate of such party only as long as such ownership or control exists.
  • “Applicable Law” shall mean all laws (including the requirements of any government or regulatory authority) applicable to a party and/or the Services under this Agreement for the time being in force in the relevant jurisdiction. These include but are not limited to anti-money laundering, anti-bribery, data privacy, export, and intellectual property laws.
  • Community Member” means an independent third party (an individual or entity) and has undertaken the Community Onboarding and is using Platform to provide Submissions. This includes but is not limited to Community Members.
  • Community Member Submission” means documents and related materials evidencing a Community Member’s activities related to a Program. This includes a Finder’s Submission or a Reviewer’s Submission.
  • “Confidential Information” means any confidential or proprietary business or technical information about a party related to the Services or a Program, including the HackerOne Platform and the content of Community Member Submissions. Confidential Information does not include any information that (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party; (ii) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party; (iii) is already in the possession the receiving party at the time of disclosure by the disclosing party; or (iv) is obtained by the receiving party from a third party without a breach of such third party's obligations of confidentiality.
  • “Customer” means a customer of HackerOne using the HackerOne Platform for Services, including to receive Community Member Submissions.
  • “Customer Report” means a report or similar documentation made available by HackerOne to a Customer through the HackerOne Platform or otherwise that summarizes or is based upon Community Member Submissions, including, without limitation, penetration test reports, checklist reports, re-testing reports, and similar documentation regarding Community Member activities related to a Program.
  • “Feedback” means any feedback, comments, or suggestions for improvements to the Services.
  • “Finder” means an individual or entity using the HackerOne Platform to provide Finder Submissions.
  • “Finder Submission(s)” means documents and related materials evidencing a Finder’s activities related to a Program, including, without limitation, Vulnerability Reports.
  • “HackerOne” means HackerOne Inc., a Delaware corporation, and its Affiliates.
  • “HackerOne Platform” or “Platform” means the software-as-a-service HackerOne Platform offered by HackerOne.
  • “HackerOne Property” means any property of any kind, tangible or intangible, which is acquired, created, developed, or licensed by HackerOne prior to or outside the scope of this Agreement and any improvement or modification thereof and all intellectual property rights therein, including without limitation the HackerOne Platform and Services.
  • “HackerOne Site” means HackerOne's website located at hackerone.com and related domains and subdomains.
  • “Mediation Team” means the HackerOne internal mediation team.
  • Non-Identifying Data” means aggregated and anonymized statistical and other information from Community Member Submissions and Customer’s use of the Platform and Services.
  • “Program” means the security initiative(s) for which a Customer desires to receive Community Member Submissions from Community Members, which a Customer posts to the HackerOne Platform.
  • "Program Materials” means the Program Policy and the description of the Program and any other materials made available by Customer to Community Members in connection with a Program.
  • “Program Policy” include a Customer created description of the security-related and other services that the Customer is seeking from Community Members, the terms, conditions, and requirements governing the Program to which the Community Members must agree, and the Rewards, if any, that a Customer will award to Community Members who participate in the Program.
  • “Order Form” means an order form or similar document referencing these Terms, which has been mutually agreed to by HackerOne and a Customer either (i) in a mutually signed writing or (ii) by a Customer issued purchase order that is accepted by HackerOne and which (a) expressly reference and incorporates this Terms and (b) describes the Services to be purchased, including the fees payable therefore and the start and end date of the subscription term for such Services, by referencing a HackerOne provided sales order form or otherwise; provided, however, that if a Customer purchases the Services through a reseller or other HackerOne authorized partner, the Order Form shall be the Order Form entered into between HackerOne and the reseller/authorized partner for such Customer’s use of the Services and the payment obligations under such Order Form and the Terms shall be payment obligations of the reseller/authorized partner and not the Customer.
  • “Reviewer” means an individual or entity using the HackerOne Platform to provide Reviewer Submissions.
  • “Reviewer Submission” means documents and related materials evidencing a Reviewer’s activities related to a Program, including, without limitation, code review.
  • “Reward(s)” means bounties, grants, pay for effort payments, and other financial or non-financial rewards that are awarded to Community Members participating in a Program.
  • “Services” means HackerOne’s software as a service solution made available by HackerOne to Customers through the HackerOne Platform together with any ancillary services purchased by a Customer.
  • “Terms” means these General Terms and Conditions and the Customer Terms and Conditions or the Community Member Terms and Conditions, as applicable.
  • “Third Party Services” means any third party services purchased by a Customer on a resale basis through HackerOne and which are specifically identified as Third Party Services in an Order Form.
  • “Vulnerability Report(s)” means bug reports or other vulnerability information, in text, graphics, image, software, works of authorship of any kind, and information or other material that Community Members provide or otherwise make available through the HackerOne Platform to a Customer resulting from participation in a Program.

Contact Information

If there are any questions about the Terms or the Services, please contact HackerOne at info@hackerone.com, or at HackerOne Inc., 548 Market Street PMB 24734, San Francisco, CA 94104.

Please see our existing General Terms and Conditions effective prior to July 1, 2023.