HackerOne Community Member Terms and Conditions
Effective Date: June 9, 2023
Welcome to HackerOne!
By signing up to the HackerOne Community Member Terms and Conditions, you are agreeing to the following terms and the General Terms and Conditions, which are incorporated by reference (the “Terms”).
A Community Member is an independent third party who is a Finder, hacker, security researcher, Reviewer, or anyone who is willing to make the internet safer and help companies and other organizations find bugs and vulnerabilities in their technology.
1. Your Use of HackerOne Platform
1.1) You may use the HackerOne Platform to participate in Programs and submit Community Member Submissions, provided you comply with these Terms.
2. Definitions
2.1) Some of the capitalized terms used in these Community Member Terms and Conditions are defined in the General Terms and Conditions.
3. Conduct
3.1) Our Platform operates for the benefit of the Community Members and Customers. HackerOne is passionate and proud of the unique ethical environment that it has created. Accordingly, all users of the Platform must conduct themselves in a professional, respectful, and courteous manner when interacting with HackerOne, Customers and/or each other. All Community Members must use the Platform properly for the purpose of helping companies and other organizations find bugs and vulnerabilities in their technology.
3.2) Any inappropriate behavior by a Community Member (or that which is deemed to violate the spirit of the environment) will not be tolerated by HackerOne. In such circumstances, HackerOne, may at its sole discretion, terminate a Community Member’s use of the Platform. For further information on our approach, please visit HackerOne's Code of Conduct for Community Members.
3.3) Restrictions. Community Member shall not (and shall not permit any third party to), directly or indirectly: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the HackerOne Platform or Service (except to the extent Applicable Laws specifically prohibit such restriction); (ii) modify, translate, or create derivative works based on the HackerOne Platform or Service; (iii) copy, rent, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to the HackerOne Platform or Service; (iv) use the Service for the benefit of a third party; (v) remove or otherwise alter any proprietary notices or labels from the Service or any portion thereof; (vi) use the Service to build an application or product that is competitive with any HackerOne product or services; (vii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; or (viii) bypass any measures HackerOne may use to prevent or restrict access to the Service (or other accounts, computer systems, or networks connected to the Service). Sections (i), (vii), (viii) of this paragraph shall not apply to Good Faith Security Research.
4. Community Member Submissions
4.1) By making any Community Member Submission available to a Customer, you agree to the Program Policy. HackerOne's Vulnerability Disclosure Guidelines are superseded by individual Program Policies in the event of a conflict.
4.2) You represent that neither the Community Member Submissions nor any use of Community Member Submissions by the Customer will infringe, misappropriate, or violate a third party's intellectual property rights, or rights of publicity or privacy, or result in the violation of any Applicable Law or regulation, including export control laws.
5. Community Membership Eligibility
5.1) You agree that you are eligible to use the HackerOne Platform and are not using the Platform in violation of export control laws or regulations and/or economic sanctions laws and regulations that are imposed, administered, or enforced by the U.S, the UK, the EU, or any other relevant jurisdiction.
5.2) If at any time, HackerOne has a material reason to believe that you are in violation of the laws or regulations at 5.1, HackerOne reserves the right to terminate your access to the HackerOne Platform and Services, at its sole discretion and with immediate effect. Any applicable Rewards will be held and unless suitable information is provided to support a lawful claim to the Reward, it may be forfeited.
6. Rewards
6.1) You may be awarded a Reward for submitting Community Member Submissions to a Customer for a particular Program, if the submitted Community Member Submissions meet the Customer's requirements described in the Program Policy. HackerOne will process Reward(s) that are monetary payments on behalf of Customer, and will typically remit the Reward payments to you within ten (10) business days after HackerOne receives the Reward payment from the Customer (or, if HackerOne has a Reward prepayment from Customer for the Program, within ten (10) business days after Customer notifies HackerOne that you have been awarded the Reward). HackerOne is not responsible for delays in payment outside of HackerOne's reasonable control.
6.2) To the extent that you are entitled to receive a monetary Reward, you appoint HackerOne as your agent to accept payment on your behalf. Payment from HackerOne's Customer to HackerOne, for delivery to you, satisfies and discharges the obligations of the HackerOne Customer to you, if any, to the extent of such payment. You authorize HackerOne to receive funds on your behalf and deliver such funds from HackerOne Customers to you.
6.3) You may create a user account with your real name or a pseudonym. However, pursuant to Applicable Law, to be eligible to receive a Reward, you must not be subject to any categories in section 5.1 and you must provide HackerOne with accurate, complete, and up-to-date information about you, including but not limited to, your residential address, nationality, tax identification number (if applicable), and any other information that HackerOne reasonably requests (or is directed to request by a third party payment processor), to allow HackerOne to lawfully send any Reward to you and file any appropriate tax form following year end. If you do not co-operate with this process, so that HackerOne may meet its legal obligations by providing this information to HackerOne, any Reward that would otherwise be paid to you may be paid to a charity of HackerOne's choosing.
6.4) You are solely responsible for paying any and all taxes related to the Reward payments.
6.5) HackerOne will not be liable for any unpaid Rewards arising directly or indirectly as a consequence of a breach of the Terms by a Community Member.
6.6) HackerOne will not be liable in any way for any Program, including any errors or omissions in any Program Policy, or any loss or damage incurred as a result of your reliance on any Program Policy.
7. Independent Parties/Transactions
7.1) You are NOT an employee, contractor, or agent of HackerOne, but are an independent third party who wishes to participate as a Community Member in Programs and connect with the Customer through the Services. Nothing in the Terms is intended to render HackerOne and you as joint venturers, partners, or employer and employee. Under no circumstance shall HackerOne be considered to be your employer, nor shall you have any rights as an employee of HackerOne.
7.2) Customers are NOT Affiliates, employees, contractors, or agents of HackerOne, but are independent third parties who want to participate in Programs and connect with you through the Services. You agree that any legal remedy that you seek to obtain for a Customer's actions or omissions or other third parties regarding a Customer's Program, including Community Member Submissions, will be limited to a claim against the particular Customer or other third parties who caused harm to you, and you will not to attempt to impose liability on HackerOne or seek any legal remedy from HackerOne with respect to those actions or omissions. Any contract or other interaction between a Customer and you, including with respect to any Program Policy, will be between the Customer and you only. HackerOne is not a party to such contracts and disclaims all liability arising from or related to such contracts.
7.3) If a dispute arises between you and the Customer in relation a Program, and/or your use of the HackerOne Platform, you agree that you will interact and engage with Customers on a good faith basis. In the event of a dispute between a Community Member and Customer, you will work in good faith with HackerOne through its Mediation Team, to resolve the dispute to the satisfaction of all parties.
8. Ownership and Licenses
8.1) HackerOne does not claim any ownership rights in any Community Member Submissions. You agree that HackerOne may collect statistical and other information about Community Member Submissions and use that information for HackerOne’s benefit. Unless otherwise agreed in writing, except for any Community Member Submissions, HackerOne and its licensors exclusively own all right, title, and interest in and to the Services and content contained on the Services, including all intellectual property rights. The Services and HackerOne content are protected by copyright, trademark, and other laws of the United States and foreign countries.
8.2) By making any Community Member Submission available to a Customer through the Services, you hereby grant to HackerOne a perpetual, irrevocable, non-exclusive, transferable, sublicensable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit, and distribute copies of that Community Member Submission, for the sole purpose of providing the Services.
8.3) By making any Community Member Submission available to a Customer through the Services, you hereby grant to the Customer a perpetual, irrevocable, non-exclusive, transferable, sublicensable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit, and distribute copies of that Community Member Submission.
8.4) HackerOne hereby grants to you a revocable, non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to use the HackerOne Platform and access and view the content that HackerOne makes available on the HackerOne Platform solely in connection with your permitted use of the HackerOne Platform. HackerOne may change or discontinue all or any part of the HackerOne Platform, including your access to it, at HackerOne's sole discretion.
9. Authority
9.1) If you are using the Services on behalf of a company (such as your employer), or a Customer or other legal entity, you represent that you have the authority to bind that company or other legal entity to the Terms. HackerOne’s Platform and Services are not intended for use by children under the age of 13. If you are a minor (as defined under the applicable legal standard), you must disclose this to HackerOne in writing and your parents or legal guardian must agree to the Terms on your behalf. We may require additional information confirming that agreement by your parents/legal guardians.
Please see our existing Finder Terms effective prior to June 9, 2023.