HackerOne General Terms and Conditions - 2017-02-16

Effective: February 16, 2017 - May 31, 2020

Please read these General Terms and Conditions carefully because they, together with the Customer Terms and Conditions or the Finder Terms and Conditions, govern Customer's or Finder's use of the Services.

Any contract or other interaction between a Customer and a Finder, including with respect to any Program Policy, will be between the Customer and the Finder. HackerOne is not a party to such contracts and disclaims all liability arising from or related to such contracts.

Customer or Finder shall not use the Services, or any portion thereof, for the benefit of any third party or in any manner not permitted by the Terms.

HackerOne may change all or any part of the HackerOne Platform or HackerOne Site provided that such change is within the compliance of the Terms herein. Further, where any Program is inactive or unattended by Company, HackerOne shall have the right to remove or disable access to any relevant Program Material or Vulnerability Reports if Company has not responded to HackerOne's written notice (by email) requiring attention within 3 business days of such written notice.

HackerOne may modify the Terms at any time upon notice to Customer or Finder. If Customer or Finder continues to use the Services after HackerOne has modified the Terms, Customer and Finder will be deemed to have agreed to be bound by the modified Terms.

HackerOne understands that it may receive Confidential Information of Customer, Customer understands that it may receive Confidential Information of HackerOne, and Finder understands that it, he or she may receive Confidential Information of a Customer or HackerOne. The receiving party agrees not to divulge to any third person any Confidential Information of another party and not to use any Confidential Information of another party for any purpose not contemplated by the Terms, provided Customer or Finder agrees that HackerOne may collect data with respect to Services and Programs and report on the aggregate response rate, aggregate Bounties paid and other aggregate measures ("HackerOne Aggregate Data") and the HackerOne Aggregate Data is not Confidential Information.

HackerOne's Privacy Policy (https://www.hackerone.com/privacy), which describes how HackerOne collects, uses and discloses information from HackerOne's Customers and Finders, will be applicable to the Services.

HackerOne's Security Policy (https://www.hackerone.com/terms/security), which describes the security of the HackerOne Platform, will be applicable to the Services.

HackerOne's Vulnerability Guidelines (https://www.hackerone.com/disclosure-guidelines), which describe the default policy governing vulnerability reporting through the Services, will be applicable to the Services. HackerOne's Vulnerability Guidelines are superseded by individual Program Policies in the event of a conflict.

HackerOne respects copyright law in all jurisdictions in which it does business and expects its users to do the same. It is HackerOne's policy to terminate in appropriate circumstances Customers and Finders which repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see HackerOne's Copyright and IP Policy (https://www.hackerone.com/dmca), for further information.

Customer or Finder can submit Feedback by emailing HackerOne at feedback@hackerone.com. By submitting any Feedback, Customer or Finder grants to HackerOne a worldwide, perpetual, irrevocable, non-exclusive, transferable, sublicenseable, fully-paid and royalty-free license under any and all intellectual property rights that Customer or Finder owns or controls to use, copy, modify, create derivative works based upon and otherwise exploit the Feedback for any purpose.

The Services may contain links to third-party websites or resources. HackerOne provides these links only as a convenience and is not responsible for the content, products or services on or available from those websites or resources or links displayed on such websites. Customer or Finder acknowledges sole responsibility for and assumes all risk arising from Customer's or Finder's use of any third-party websites or resources.

THE SERVICES ARE PROVIDED BY HACKERONE "AS IS," WITHOUT WARRANTY OF ANY KIND. WITHOUT LIMITING THE FOREGOING, HACKERONE EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. HackerOne makes no warranty that the Services will meet Customer's or Finder's requirements, as applicable, or be available on an uninterrupted, secure or error-free basis.

Customer will indemnify, defend and hold harmless HackerOne and its officers, directors, employees and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of or in any way connected with (i) Customer's Program Material, (ii) Customer's use of a Vulnerability Report, or (iii) Customer's violation of the Terms.

Finder will indemnify, defend and hold harmless HackerOne and its officers, directors, employees and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of or in any way connected with (i) Finder's access to or use of the Services, (ii) Finder's reliance of Program Material, (iii) Finder's Vulnerability Reports, or (iv) Finder's violation of the Terms.

NO PARTY TO THE TERMS WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE SERVICES ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT SUCH PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY.

IN NO EVENT WILL CUSTOMER'S OR HACKERONE'S TOTAL LIABILITY TO THE OTHER ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO HACKERONE FOR USE OF THE SERVICES DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE WHEN THE CLAIM OR LIABILITY FIRST AROSE.

IN NO EVENT WILL HACKERONE'S TOTAL LIABILITY TO FINDER ARISING OUT OF OR IN CONNECTION WITH THE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES EXCEED $1,000.

The Terms and any action related thereto will be governed by the laws of the State of California without regard to its conflict of laws provisions. Any and all disputes arising out of or concerning the Terms shall be brought exclusively within the Superior Court for the County of San Francisco or the United States District Court for the Northern District of California. Customer or Finder hereby submits to the personal jurisdiction of such courts and waives any and all objections to the exercise of jurisdiction, venue or inconvenient forum in such courts.

HackerOne may use Customer's and/or Finder's name in any publicity or advertising describing the relationship between the parties.

The Terms and any applicable executed order form that references the Terms constitute the entire and exclusive understanding and agreement between HackerOne and Customer or Finder, and supersede and replace any and all prior oral or written understandings or agreements between HackerOne and Customer or Finder regarding the Services. If any provision of the Terms is held to be invalid, prohibited or otherwise unenforceable by legal authority of competent jurisdiction, the other provisions of the Terms shall remain enforceable, and the invalid or unenforceable provision shall be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. The Terms are assignable by HackerOne, and will bind and inure to the benefit of the parties, their successors and assigns. Customer or Finder may not assign the Terms without HackerOne's prior written consent, not to be unreasonably withheld.

Any notices or other communications provided by HackerOne under the Terms, including those regarding modifications to the Terms, will be given via email or by posting to the HackerOne Site.

HackerOne's failure to enforce any right or provision of the Terms will not be considered a waiver of such right or provision. Any such waiver will be effective only if in writing and signed by a duly authorized representative of HackerOne.

HackerOne may terminate any Customer's or Finder's access to and use of the HackerOne Platform, at HackerOne's sole discretion, at any time and without notice to the Customer or Finder. A Customer or Finder may cancel such Customer's or Finder's account at any time by sending an email to support@hackerone.com.

Upon any termination, discontinuation or cancellation of the Services, the HackerOne Platform or a Customer's or Finder's account, the following provisions of the Terms will survive: No Endorsement, Independent Parties, Ownership, Warranty Disclaimers, Limitation of Liability, and Dispute Resolution.

The following capitalized terms shall have the following meanings as used in these General Terms and Conditions, in the Customer Terms and Conditions, and/or in the Finder Terms and Conditions.

• "Confidential Information" means any confidential or proprietary business or technical information about a party related to the Services or a Program, including the HackerOne Platform and the content of Vulnerability Reports. Confidential Information does not include any information that (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party; (ii) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party; (iii) is already in the possession the receiving party at the time of disclosure by the disclosing party; or (iv) is obtained by the receiving party from a third party without a breach of such third party's obligations of confidentiality.
• "Customer" means a customer of HackerOne using the HackerOne Platform to receive Vulnerability Reports.
• "Feedback" means any feedback, comments or suggestions for improvements to the Services.
• "Finder" means an individual or entity using the HackerOne Platform to provide Vulnerability Reports.
• "HackerOne" means HackerOne Inc., a Delaware corporation.
• "HackerOne Platform" means the vulnerability coordination software-as-a-service HackerOne Platform offered by HackerOne.
• "HackerOne Site" means HackerOne's website located at hackerone.com and related domains and subdomains.
• "Program" means the security initiative(s) for which a Customer desires to receive Vulnerability Reports from Finders, which a Customer posts to the HackerOne Platform.
• "Program Materials" means the Program Policy and the description of the Program.
• "Program Policy" include a description of the security-related services prepared by a Customer that the Customer is seeking from Finders, the terms, conditions and requirements governing the Program to which the Finders must agree, and the Bounties, if any, that a Customer will award to Finders who participate in the Program.
• "Services" means the HackerOne Platform and any related service made available by or through HackerOne.
• "Terms" means these General Terms and Conditions and the Customer Terms and Conditions or the Finder Terms and Conditions, as applicable.
• "Third Party Services" means any third party services to be provided to a Customer through HackerOne.
• "Vulnerability Reports" means bug reports or other vulnerability information, in text, graphics, image, software, works of authorship of any kind, and information or other material that Finders provide or otherwise made available through the HackerOne Platform to a Customer resulting from participation in a Program.

If there are any questions about the Terms or the Services, please contact HackerOne at info@hackerone.com, or at HackerOne Inc., 22 4th Street, 5th Floor, San Francisco, CA 94103.