HackerOne General Terms and Conditions

Effective Date: May 11, 2026

These General Terms and Conditions apply to:

  • All Customers with Order Forms entered into on or after May 11, 2026.
  • Any Customers accessing, utilizing or otherwise receiving products or services through the HackerOne Platform without an Order Form or other applicable written agreement.
  • All users of the HackerOne Community Edition.
  • All Community Members.

Please read these General Terms and Conditions carefully because they, together (as applicable) with the Customer Terms and Conditions, Customer AI Terms and Conditions, and Community Member Terms and Conditions (collectively, the "Terms") govern use of the Platform and any HackerOne products or services, by Customer or Community Member.

1. General Prohibitions

Customer or Community Member shall not use the Platform and/or any HackerOne product or service, or any portion thereof, for the benefit of any unauthorized third party or in any manner not permitted by the Terms.

2. Changes to the Terms

HackerOne may modify the Terms at any time upon notice to Customers and/or Community Members, as applicable. If a Customer or Community Member continues to use the Platform and/or any HackerOne product or service after the effective date of any update to the Terms, they will be deemed to have agreed to be bound by the modified Terms.

3. Confidential Information and Confidentiality Obligations

HackerOne understands that it may receive Confidential Information of Customer or Community Member, Customer understands that it may receive Confidential Information of HackerOne, and Community Member understands that they may receive Confidential Information of a Customer or HackerOne. The receiving party agrees not to divulge to any third party any Confidential Information of another party and not to use any Confidential Information of another party for any purpose not contemplated by the Terms. Customers and Community Members acknowledge and agree that Non-Identifying Data is not Confidential Information and consent to its collection and use for business purposes by HackerOne without restriction, including but not limited to, benchmarking, testing, training, validating, developing and improving the Platform, the Services or future products or services, and security industry research and collaboration.

4. Data Protection and Privacy Policy

HackerOne's Privacy Policy, which describes how HackerOne collects, uses, and discloses information from HackerOne's Customers and Community Members, is applicable to the use of the Platform and any HackerOne product or service. For specific details on HackerOne's practices and types of cookies that HackerOne may use, please refer to HackerOne's Cookies Policy.

5. Data & Information Security Policy

HackerOne's Data & Information Security Policy, which describes HackerOne's security procedures, is applicable to the Platform and any HackerOne product or service.

6. Vulnerability Disclosure Guidelines

HackerOne's Vulnerability Disclosure Guidelines, which describes the default policy governing Community Member Submissions, is applicable to the Platform and any HackerOne product or service. In the event of a conflict, HackerOne's Vulnerability Disclosure Guidelines are superseded by individual Program Policies.

7. Compliance with Laws/Copyright Policy

Each party shall comply with all Applicable Law in connection with the performance of its obligations and the exercise of its rights in the use of the Platform and any HackerOne product or service. Without limiting the foregoing, HackerOne respects copyright law in all jurisdictions in which it does business and expects its Customers and Community Members to do the same. HackerOne is entitled to suspend or terminate Customer or Community Member access to the Platform and/or any HackerOne product or service when such Customer's or Community Member's use infringes or, in HackerOne's reasonable discretion, is believed to infringe the rights of copyright holders, including copyright held by other Community Members. Please see HackerOne's Copyright and IP Policy for further information.

8. Feedback

Customer or Community Member may submit Feedback at any time by emailing HackerOne at feedback@hackerone.com. By submitting any Feedback, Customer or Community Member grants to HackerOne a worldwide, perpetual, irrevocable, non-exclusive, transferable, sublicensable, fully-paid, and royalty-free license under any and all intellectual property rights that Customer or Community Member owns or controls to use, copy, modify, create derivative works based upon, and otherwise exploit the Feedback for any purpose.

9. Links to Third Party Websites or Resources

The Platform and/or HackerOne product or service may contain links to third-party websites or resources. HackerOne provides these links only as a convenience and is not responsible for the content, products, or services displayed on or available from those websites or resources. Each Customer and Community Member acknowledges sole responsibility for and assumes all risk arising from such Customer's or Community Member's use of any third-party websites or resources.

10. Limitation of Liability

NO PARTY TO THE TERMS WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE, OR THE COST OF SUBSTITUTE SERVICES ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT SUCH PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY.

EXCEPT FOR CUSTOMER'S BREACH OF THE USE RESTRICTIONS SET FORTH IN THE CUSTOMER TERMS AND CONDITIONS, TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL CUSTOMER'S OR HACKERONE'S TOTAL LIABILITY IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHER LEGAL THEORY TO THE OTHER ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO HACKERONE FOR USE OF THE SERVICES DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE WHEN THE CLAIM OR LIABILITY FIRST AROSE.

TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL HACKERONE'S TOTAL LIABILITY IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE TO COMMUNITY MEMBER ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE PLATFORM OR PLATFORM TOOLS EXCEED $1,000.

11. Governing Law and Jurisdiction; Class Action Waiver

The Terms and any action related thereto will be governed by the laws of the State of Delaware. Any and all disputes arising out of or concerning the Terms shall be brought exclusively in the state and federal courts of Delaware. Customer or Community Member hereby submits to the personal jurisdiction of such courts and waives any and all objections to the exercise of jurisdiction, venue, or inconvenient forum in such courts.

CLASS ACTION WAIVER: EACH CUSTOMER AND COMMUNITY MEMBER WAIVES ANY RIGHT TO ASSERT ANY CLAIMS AGAINST HACKERONE AS A REPRESENTATIVE OR MEMBER IN ANY CLASS OR REPRESENTATIVE ACTION, EXCEPT WHERE SUCH WAIVER IS PROHIBITED BY LAW OR DEEMED BY A COURT OF LAW TO BE AGAINST PUBLIC POLICY.

12. Publicity

HackerOne may use Customer's and/or Community Member's name and/or logo in any publicity or advertising describing the relationship between the parties.

13. Miscellaneous Terms

The Terms and any applicable executed Order Form that references the Terms constitute the entire and exclusive understanding and agreement between HackerOne and Customer or Community Member and supersede and replace any and all prior oral or written understandings or agreements between HackerOne and Customer or Community Member regarding the Platform and any HackerOne product or service. If any provision of the Terms is held to be invalid, prohibited, or otherwise unenforceable by legal authority of competent jurisdiction, the other provisions of the Terms shall remain enforceable, and the invalid or unenforceable provision shall be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. The Terms are assignable by HackerOne and will bind and inure to the benefit of the parties, their successors, and assigns. Customer or Community Member may not assign the Terms without HackerOne's prior written consent, such consent not to be unreasonably withheld or delayed.

Any notices or other communications provided by HackerOne under the Terms, including those regarding modifications to the Terms, will be given through the Platform, via email and/or by posting to the HackerOne Site.

A party's failure to enforce any right or provision of the Terms will not be considered a waiver of such right or provision. Any such waiver will be effective only if in writing and signed by a duly authorized representative of the party issuing such waiver.

14. Termination

An Order Form may be terminated by HackerOne or the Customer solely if the other party fails to cure a material breach of such party's obligations thereunder within thirty (30) calendar days after receiving written notice of the breach from the non-breaching party.

HackerOne may suspend or terminate any Community Member's access to and use of the HackerOne Platform, at HackerOne's sole discretion, at any time and without notice to the Community Member.

HackerOne may, at its sole discretion and at any time, terminate access to any free or trial versions of the Platform, the Community Edition, or any HackerOne product or service, in whole or in part, without notice, if such access or use is by any third party who is not a Customer or an authorized third party, acting pursuant to a valid Order Form.

A Customer or Community Member may cancel such Customer's or Community Member's account at any time by sending an email to support@hackerone.com; provided, however, that in the event of such cancellation by a Customer, the Customer shall not be entitled to a refund of any prepaid HackerOne Fees unless specifically set forth in the applicable Order Form(s).

Upon any termination, discontinuation, or cancellation of use of the Platform or any HackerOne products or services or any portion thereof, or Customer's or Community Member's account, the provisions of these Terms which, by their nature, are intended to survive termination, shall survive.

Suspension of Services to Customer. Without limiting the foregoing, HackerOne may suspend or limit Customer's access to or use of the Services if (i) Customer's payment of fees is more than sixty (60) calendar days past due; (ii) Customer's use of the Services results in (or is reasonably likely to result in) damage to or material degradation of the Services which interferes with HackerOne's ability to provide access to the Services to other customers; (iii) Customer breaches its obligations under the Terms or any other written agreement between HackerOne and Customer; (iv) Customer's use of the Services is directly or indirectly linked to reasonable suspicion of illegal activity; and/or (v) Customer's failure to pay Reward funds. In the case of subsection (ii): (a) HackerOne shall use reasonable efforts to work with Customer to resolve or mitigate the damage or degradation in order to resolve the issue without resorting to suspension or limitation; (b) prior to any such suspension or limitation, HackerOne shall use commercially reasonable efforts to provide notice to Customer describing the nature of the damage or degradation; and (c) HackerOne will reinstate Customer's use of or access to the Services, as applicable, if Customer remediates the issue within thirty calendar (30) days of receipt of such notice.

15. Certain Definitions

The following capitalized terms shall have the following meanings when used in the Terms.

  • "Affiliate" means any entity which controls, is controlled by or under common control with a party, where "control" means ownership or control, direct or indirect, of fifty percent (50%) or more of such entity's voting capital, and any such entity shall be an Affiliate of such party only as long as such ownership or control exists.
  • "Applicable Law" shall mean all laws (including the requirements of any government or regulatory authority) in effect and applicable to a party and/or the Platform and/or any HackerOne product or service, in the relevant jurisdiction. These include, but are not limited to, artificial intelligence, anti-money laundering, anti-bribery, data protection, export, and intellectual property laws.
  • "Commercial Community Member" means any Community Member that creates a commercial account on the Platform or that otherwise accesses the Platform for the purpose of participating in Programs and providing Community Member Submissions in a Commercial Capacity, as further described in the Commercial Community Member Terms.
  • "Community Member" means an independent third party that has undertaken the Community Registration applicable to that party and is accessing or using the Platform primarily to participate in Programs and/or for providing Community Member Submissions. This includes but is not limited to Commercial Community Members, Finders, Pentesters and/or Reviewers.
  • "Community Member Data" means, for each Community Member, any information or documentation that is inputted, uploaded, submitted, or otherwise made available by or on behalf of that Community Member through or in connection with the use of the Platform and/or as part of any HackerOne product or service, including Community Member Submissions and information, content or other output generated from using Platform Tools.
  • "Community Member Submission" means documents and related materials evidencing a Community Member's activities related to a Program. This includes a Finder's Submission, Pentester's Submission or a Reviewer's Submission or Community Member Data.
  • "Community Member Registration" means the terms and conditions set out by HackerOne that a Community Member must agree to before accessing the Platform including but not limited to: Community Member Terms and Conditions, HackerOne Code of Conduct, HackerOne Privacy Policy, and HackerOne Disclosure Guidelines (where applicable).
  • "Confidential Information" means, as applicable, any non-public, confidential, or proprietary business or technical information of HackerOne, Customer, or any Community Member, including any information relating to a HackerOne product or service, disclosed or made available in connection with any Program, the HackerOne Platform, and/or any Community Member Submissions. Confidential Information does not include Non-Identifying Data or any information that: (i) was publicly known and made generally available prior to disclosure; (ii) becomes publicly known and made generally available after disclosure through no breach of any obligation owed to the disclosing party; (iii) was in the receiving party's possession prior to disclosure without breach of any obligation; or (iv) is received from a third party without breach of any obligation of confidentiality.
  • "Customer" means a customer of HackerOne using the Platform and/or any HackerOne product or service (including users of the Community Edition), pursuant to a valid Order Form or any other authorized third party accessing, utilizing or otherwise receiving products or services through the Platform (excluding Community Members).
  • "Customer Data" means, for each Customer, any information or documentation that is inputted, uploaded, submitted, or otherwise made available by or on behalf of that Customer through or in connection with the use of the Services (including Program Materials and Confidential Information).
  • "Customer Report" means a report or similar documentation made available by HackerOne to a Customer through the HackerOne Platform or otherwise that summarizes or is based upon Community Member Submissions, including, without limitation, penetration test reports, checklist reports, re-testing reports, and similar documentation regarding Community Member activities related to a Program.
  • "Feedback" means any feedback, comments, or suggestions for improvements to the Services.
  • "Finder" means a Community Member using the HackerOne Platform to provide Finder Submissions.
  • "Finder Submission" means documents and related materials evidencing a Finder's activities related to a Program, including, without limitation, Vulnerability Reports.
  • "HackerOne" means HackerOne Inc., a Delaware corporation, and its Affiliates.
  • "HackerOne Platform" or "H1 Platform" or "Platform" means the proprietary, software-as-a-service technology platform operated by HackerOne, including all related software, applications (web-based, mobile, or otherwise), tools, features, APIs, dashboards, artificial intelligence and machine learning systems, databases, algorithms, infrastructure, documentation, and other technical components made available by HackerOne, as well as any updates, upgrades, modifications, enhancements, and derivative works thereof.
  • "HackerOne Property" means any property of any kind, tangible or intangible, which is acquired, created, developed, or licensed by HackerOne and any improvement or modification thereof and all intellectual property rights therein, and includes without limitation the HackerOne Platform and/or any HackerOne product or service and excluding, for the avoidance of doubt, Customer Data or Customer Reports.
  • "HackerOne Site" means HackerOne's website located at hackerone.com and related domains and subdomains.
  • "Mediation Team" means the HackerOne internal mediation team.
  • "Non-Identifying Data" means aggregated and anonymized statistical and other information from Community Member Submissions, Community Member Data, Customer Data and Customer's use of the Platform and Services.
  • "Order Form" means an order form or similar document referencing these Terms, which has been mutually agreed to by HackerOne and a Customer either (i) in a mutually signed writing or (ii) by a Customer issued purchase order that is accepted by HackerOne and which (a) expressly reference and incorporates these Terms and (b) describes the Services to be purchased, including the fees payable therefor and the start and end date of the subscription term for Services, by referencing a HackerOne-provided sales order form or otherwise; provided, however, that if a Customer purchases the Services through a reseller or other HackerOne authorized partner, the Order Form shall be the Order Form entered into between HackerOne and the reseller/authorized partner for such Customer's use of the Services and the payment obligations under such Order Form and the Terms shall be payment obligations of the reseller/authorized partner and not the Customer.
  • "Personal Data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • "Platform Tools" shall have the meaning set out in the Community Member Terms and Conditions.
  • "Program" means a security initiative established by a Customer through the HackerOne Platform or in connection with the Services, including for the purpose of receiving Community Member Submissions from Community Members.
  • "Program Materials" means the Program Policy and the description of the Program and any other materials made available by Customer to Community Members in connection with a Program.
  • "Program Policy" means a Customer-created description of the security-related and other services that the Customer is seeking from Community Members, the terms, conditions, and requirements governing the Program to which the Community Members must agree, and the Rewards, if any, that a Customer will award to Community Members who participate in the Program.
  • "Pentester" means a Community Member using the HackerOne Platform to provide Pentester Submissions.
  • "Pentester Submission" means documents and related materials evidencing a Pentester's activities related to a Program, including, without limitation, penetration testing results.
  • "Reviewer" means a Community Member using the HackerOne Platform to provide Reviewer Submissions.
  • "Reviewer Submission" means documents and related materials evidencing a Reviewer's activities related to a Program, including, without limitation, code review.
  • "Reward(s)" means bounties, grants, pay for effort payments, and other financial or non-financial rewards that are awarded to Community Members participating in a Program.
  • "Services" means the Platform and any products, services, or offerings provided by HackerOne to Customer in connection with the Platform, including any ancillary or professional services and any features or functionality that incorporate artificial intelligence or machine learning technologies.
  • "Subcontractor" means a third party that: (i) provides personnel to HackerOne, when such personnel have access to Customer Data; or (ii) provides the professional services delivered to the Customer as part of the Services. Subcontractors are subject to HackerOne quality and security reviews and are bound to contracts that are reasonably calculated to ensure performance according to HackerOne's obligations under these Terms, including confidentiality obligations. Community Members are not Subcontractors.
  • "Terms" means these General Terms and Conditions, the Customer Terms and Conditions, the Customer AI Terms and Conditions, and the Community Member Terms and Conditions (as applicable).
  • "Third-Party Services" means any third party-services purchased by a Customer on a resale basis through HackerOne and which are specifically identified as Third-Party Services in an Order Form.
  • "Vulnerability Report" means bug reports or other vulnerability information, in text, graphics, image, software, works of authorship of any kind, and information or other material that Community Members provide or otherwise make available through the HackerOne Platform to a Customer resulting from participation in a Program.
16. Contact Information

If there are any questions about the Terms or the Services, please contact HackerOne at info@hackerone.com, or at HackerOne Inc., 548 Market Street PMB 24734, San Francisco, CA 94104.

Please see our existing General Terms and Conditions effective prior to May 11, 2026.