HackerOne Customer Terms and Conditions

Effective Date: July 20, 2024

These Customer Terms and Conditions apply to all Order Forms entered into on or after July 20, 2024, and for all free or trial versions, Community Edition and/or Customers utilizing the HackerOne Services not pursuant to an Order Form as of such date.

Welcome to HackerOne!

Please read these Customer Terms and Conditions carefully because they govern each Customer’s access to and use of the HackerOne Platform and Services.

1. Agreement to terms

1.1) By using the Services, a Customer agrees to be bound by these Customer Terms and Conditions and the General Terms and Conditions, which are incorporated by reference. If you do not understand any terms in these Customer Terms and Conditions or the General Terms and Conditions, please contact us before using the Services.

1.2) You may not access or use any Services unless you agree to abide by all of these Customer Terms and Conditions and the General Terms and Conditions (collectively, the “Terms”).

2. Definitions

2.1) Certain capitalized terms used in these Customer Terms and Conditions are defined in the General Terms and Conditions.

 

3. Services

3.1) HackerOne Platform. The Customer may access and use the HackerOne Platform solely for its and its Affiliates own business purposes to connect with Community Members and utilize the Services set forth in an Order Form or otherwise mutually agreed by HackerOne and the Customer. Among other things, the Customer may create Programs and offer Rewards to Community Members for their Community Member Submissions to such Programs. Community Members can access the HackerOne Platform to browse the Programs. If Community Members are interested in participating in such Programs, they can contact a Customer through the HackerOne Platform and can submit Community Member Submissions for the Programs under the terms described in Community Member Terms and Conditions and/or the Program Policy. HackerOne may change all or any part of the HackerOne Platform or HackerOne Site at any time, provided that such change is compliant with the terms of the Customer Terms and does not diminish the Services provided to Customers.

3.2) HackerOne Services. HackerOne will provide the Services set forth in a fully executed Order Form or otherwise mutually agreed in writing by HackerOne and the Customer.

3.3) Restrictions. The Customer shall not (and shall not permit any third party to), directly or indirectly: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Service (except to the extent Applicable Laws specifically prohibit such restriction); (ii) modify, translate, or create derivative works based on the Service; (iii) copy, rent, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to the Service; (iv) use the Service for the benefit of a third party; (v) remove or otherwise alter any proprietary notices or labels from the Service or any portion thereof; (vi) use the Service to build an application or product that is competitive with any HackerOne product or services; (vii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; or (viii) bypass any measures HackerOne may use to prevent or restrict access to the Service (or other accounts, computer systems, or networks connected to the Service). The Customer is responsible for all of the Customer’s activity in connection with the Service, including uploading Customer Data onto the Service. The Customer (a) shall use the Service in compliance with all applicable local, state, national and foreign laws, treaties and regulations in connection with the Customer’s use of the Service (including those related to data privacy, international communications, export laws, and the transmission of technical or personal data laws), (b) shall not use the Service in a manner that violates any third-party intellectual property, contractual, or other proprietary rights, (c) shall ensure that, in the event a Customer requests HackerOne or a Community Member to undertake research, vulnerability or other analysis, penetration testing or similar activities on or in relation to any third party software, service or infrastructure, that the Customer has all necessary rights and authorisations to undertake, and to authorise HackerOne and/or the relevant Community Member to undertake on its behalf, such activities. 

3.4) Third Party Services. If set forth on a fully executed Order Form, the Services may include Third Party Services, which will be provided by the third party to the Customer. HackerOne is not responsible for the Third Party Services, and HackerOne makes no warranty or representation with respect to the Third Party Services. If purchased by a Customer, the Customer agrees to be bound by any terms and conditions presented to the Customer by the Third Party Services provider governing the use of the applicable Third Party Services, and unless otherwise agreed, the Customer will remit payment for the Third Party Services directly to HackerOne within thirty (30) days of invoice, and HackerOne will pay the Third Party Services provider.

3.5) Use of the HackerOne Platform Services as a Community Member. If a Customer or an employee of a Customer, wishes to access and use the Services as a Community Member with the consent of Customer, then the Community Member Terms and Conditions will govern the Customer’s or the Customer’s employee’s use of the Services, as a Community Member. The Community Member Terms and Conditionare independent of, and in addition to, these Customer Terms and Conditions. In such case, the Customer or the Customer’s employee, is solely responsible for performing the Community Member’s obligations under the Community Member Terms and Conditions.

4. Community Member Submissions, Community Members, and Output

4.1) HackerOne does not endorse any Community Member. HackerOne is not responsible for any damage or harm resulting from a Customer’s communications or interactions with Community Members or other customers, either through the Services or otherwise. Any reputation ranking or description of any Community Member as part of the Services is not intended by HackerOne as an endorsement of any type. Any selection or use of any Community Member is at the Customer’s own risk.

4.2) Any use or reliance of Community Member Submissions that Customer receives is at Customer’s own risk. HackerOne does not endorse, represent, or guarantee the completeness, truthfulness, accuracy, or reliability of any Community Member Submission. HackerOne will not be liable for any errors or omissions in any Community Member Submission, or any loss or damage of any kind, incurred as a result of the use of any Community Member Submission.

4.3) Community Members are not employees, contractors, or agents of HackerOne, but are independent third parties who want to participate in Programs and connect with Customers through the Services. Unless otherwise expressly agreed to in writing by HackerOne, the Customer agrees that any legal remedy that the Customer seeks to obtain for actions or omissions of a Community Member regarding the Customer’s Program or Community Member Submissions will be limited to a claim against the applicable Community Member. Any contract or other interaction between a Customer and a Community Member, including with respect to any Customer Program Policy, will be between the Customer and the Community Member. HackerOne is not a party to such contracts and disclaims all liability arising from or related to such contracts.

4.4) Community Member Reviews. The Platform may collect and display reviews of Community Members by HackerOne customers. These reviews are provided as is and are not endorsements of any Community Member by HackerOne. To the extent the Customer relies on such reviews, the Customer does so at its sole discretion and risk. 

4.5) Any description of any Service capable of producing Output is not intended as an endorsement, representation, or guarantee by HackerOne as to the completeness, truthfulness, accuracy, or reliability of Output, and HackerOne does not make any kind of endorsement, representation, or guarantee in respect to the Output. HackerOne will not be liable for any errors or omissions in any Output, or any loss or damage of any kind, incurred as a result of the use of any Output.  The foregoing applies notwithstanding clause 9. The Customer assumes all responsibility for any use or dependence on the Output.

5. Rewards and HackerOne Fees

5.1) Rewards. If applicable to the Customer’s Program and in accordance with the Program Policy, a Customer may award Rewards to those Community Members who participate in the Customer’s Programs and/or submit Community Member Submissions that meet the Customer’s requirements. Unless otherwise agreed in writing, Customer agrees that it must provide advance payment in full for any requisite Reward funds prior to the transfer of funds to a Community Member by HackerOne. HackerOne shall not be responsible for any delays in the transfer of the Reward where there has been a delay in (a) receipt of the requisite Reward funds from the Customer or (b) the Customer validating a Submission.

5.2) Transfer of Funds Related to the Services. If applicable to the Program and in accordance with the Program Policy, the Customer may award Rewards to those Community Members who participate in the Customer’s Programs or submit Submissions that meet the Customer’s requirements.  As a part of the Services, subject to any regulatory or legal requirements, HackerOne will transfer payments through the engagement of third-party payment providers to the Community Members pursuant to the Program Policy and HackerOne company policy, subject to: (i) HackerOne’s advance receipt of Reward funds in full from the Customer; (ii) completion by the Customer of any applicable KYC/AML requirements (ii) completion of tax documentation by the Community Member; and (iii) a successful screen of Community Member to ensure regulatory compliance including but not limited to against the U.S. Office of Foreign Assets Control (OFAC) sanctions list. HackerOne is not responsible for delays in payment outside of HackerOne’s reasonable control or for processing or providing any Reward that is not a monetary payment unless otherwise set forth in an Order Form or otherwise agreed to in writing by HackerOne.

5.3) The Customer understands and agrees that Community Members have appointed HackerOne as their agent to accept monetary Rewards on their behalf.  When the Customer transfers monetary Rewards to HackerOne for services provided by Community Members, the Customer acknowledges that the Customer is or will be the recipient of a service provided by Community Members and agrees that the Customer intends for the Customer’s payment to HackerOne to be delivered to those Community Members to discharge the Customer’s obligation, if any, to any such Reward for the Customer’s benefit. 

5.4) HackerOne Fees. The Customer agrees to pay HackerOne all fees for HackerOne’s Services and, unless otherwise set forth in an Order Form, a Rewards fee equal to twenty percent (20%) of each monetary Reward awarded to a Community Member (collectively, “HackerOne Fees”) within thirty (30) days of the date of HackerOne’s invoice unless otherwise stated on Order Form. Except for any amounts disputed in good faith, all undisputed past due amounts will incur interest at a rate of 1.5% per month or the maximum rate permitted by law, whichever is less. Customers will reimburse HackerOne for all reasonable costs and expenses incurred (including reasonable attorneys’ fees) in collecting any undisputed overdue amounts. The HackerOne Fees and Reward payments to Community Members are non-refundable, except as otherwise specifically provided herein or in the applicable Order Form.

5.5) Taxes.  The Customer is responsible for any duties, customs, fees, or taxes due on account of its use of the Services, including any withholding taxes based on the classification of the Services being rendered, excluding any taxes imposed by the United States on HackerOne’s income. If a Customer is required by Applicable Law to withhold any amount from the HackerOne Fees specified in the Order Form, then the Customer will pay HackerOne such HackerOne Fees as if no withholding were required and shall separately remit the withholding amount to the appropriate governmental authorities and provide evidence of such payment to HackerOne. 

5.6) Termination and Rewards. In the event of termination, discontinuation, or cancellation of the Services or an Order Form, subject to applicable Program Policy and/or Disclosure Guidelines, Customer authorizes HackerOne to transfer outstanding Rewards to the relevant Community Member(s). Where a Community Member Submission has not been validated by the Customer within thirty (30) days of a valid termination, HackerOne shall be authorized to transfer the Reward funds, based on normal industry validation practices.

6. Programs and Program Materials

6.1) HackerOne makes available through the HackerOne Platform both managed Programs, under which HackerOne is responsible for the management and the administration of a Customer’s Programs with input and approval from the Customer as mutually agreed throughout the Program, and Programs that are self-managed by Customers. If an Order Form does not specifically identify HackerOne as being responsible for the management and administration of a Customer’s Programs, then the Customer is solely responsible for the management and administration of Customer’s Programs through the Services. Where relevant to the Services,  HackerOne’s Vulnerability Disclosure Guidelines, which describe the default disclosure policy governing vulnerability reporting through the Services, will be applicable to the Services except to the extent a Customer adopts its own Program Policy with respect to its Program. In the event of any conflict between a Customer’s Program Policy and HackerOne’s Vulnerability Disclosure Guidelines, the Customer’s Program Policy shall prevail.

6.2) HackerOne reserves the right to reject a Program if, in its sole reasonable discretion, HackerOne reasonably objects to the Program and/or its Program Policy. HackerOne will notify the Customer of its intention to reject a Program, will identify its objections to the Program, and will work with the Customer to address those objections. In addition, where any Program is inactive or unattended by a Customer, HackerOne shall have the right to remove or disable access to the relevant Program Material and/or pause Community Member Submissions if the Customer has not responded to HackerOne’s written notice (by email) requiring attention within ten (10) business days of such written notice.

6.3) While HackerOne may assist the Customer in preparing the Customer’s Program Material, the Customer is solely responsible for the Customer’s Program Material. 

7. Intellectual property ownership and licenses

7.1) HackerOne does not claim any ownership rights in any Program Material or Community Member Submissions, and nothing in these Customer Terms or otherwise will be deemed to restrict any rights that a Customer may have to use and exploit its Program Material and Community Member Submissions. HackerOne and its licensors exclusively own all right, title, and interest in and to the HackerOne Property.

7.2) By making any Customer Data available through the Services, the Customer hereby grants to HackerOne a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit, and distribute copies of such Customer Data for the purpose of providing and (in a manner consistent with section 3 of the General Terms and Conditions) improving the Services. HackerOne has no obligation to maintain or provide any Customer Data after the Term. 

 

7.3) HackerOne hereby grants to the Customer a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to access and view the content and other HackerOne Property (including Output) that HackerOne makes available on the Services solely in connection with the Customer’s permitted use of the HackerOne Platform and Services.

7.4) HackerOne hereby grants to the Customer a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to access and view the Community Member Submissions that are made available through the HackerOne Platform and the Services solely in connection with the Customer’s permitted use of the HackerOne Platform and Services.

7.5) Subject to HackerOne’s ownership of any HackerOne Property contained therein, the Customer will own all right, title, and interest to each Customer Report. HackerOne hereby grants the Customer a non-exclusive, non-transferable, perpetual, worldwide license to access, use, and reproduce any HackerOne Property included in each Customer Report.

8. Confidentiality

8.1) The General Terms and Conditions sets forth the Customer’s and HackerOne’s obligations to protect Confidential Information of the other party.

9. Warranty

9.1) Except in relation to the generation of Outputs through Services employing artificial intelligence, machine learning and/or similar services or technologies, HackerOne represents and warrants that the HackerOne Platform and the Services provided to a Customer will be provided as described in an applicable Order Form or as otherwise mutually agreed by HackerOne and the Customer, by qualified personnel in a professional manner, and will comply in all material respects with the documentation and content made available by HackerOne with respect thereto. In order to state a claim for breach of the foregoing warranty, a Customer must provide notice of such non-compliance within the thirty (30) day period following such non-compliance specifying the details of such noncompliance. If a Customer timely provides HackerOne with the required notice, as the Customer’s sole and exclusive remedy, HackerOne shall re-perform such portion of the Services or otherwise use commercially reasonable efforts to correct any such non-compliance, at its expense, within thirty (30) days of its receipt of such notice.

9.2) Procurement Regulations of the U.S. Government.  The Service is a “commercial” offering, as that term is used in FAR Section 2.101 (defining “commercial items”) and DFAR Section 227.704(a)(1) (defining “commercial computer software”).

9.3) Disclaimer of Warranties.  EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” AND WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED.

9.4) HackerOne makes no warranty that the Services or Outputs will meet a Customer’s specific requirements or be available on an uninterrupted, secure, or error-free basis.

9.5) Trade Controls.  The Customer will not use the Service in violation of export control laws or regulations and/or economic sanctions laws or regulations that are imposed, administered, or enforced by the U.S, the UK, the EU, or any other relevant jurisdiction.

9.6) If at any time, HackerOne has a material reason to believe that the activity of the Customer and/or its Affiliates is restricted under the laws and regulations outlined at 9.5, HackerOne reserves the right to terminate access to the HackerOne Platform and Services, at its sole discretion and with immediate effect. 

10. Indemnification

10.1) The Customer will indemnify, defend, and hold harmless HackerOne and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a third party claim (i) that Customer Data infringe upon a patent, copyright, trademark, or trade secret of a third party, (ii) arising from the Customer’s use of a Community Member Submission in violation of its Program Policy, or (iii) arising from actions taken by HackerOne or Community Members on the request or instruction of Customer.

10.2) HackerOne will indemnify, defend, and hold harmless the Customer and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a third party claim that the HackerOne Platform infringes upon a patent, copyright, trademark, or trade secret of a third party, provided that HackerOne shall not be responsible for any such claim to the extent arising out of or relating to a Community Member Submission, the Customer Data, or any Outputs generated by Customer through the Services.

10.3) The indemnified party shall give prompt written notice of all claims for which indemnity is sought and shall cooperate in defending against such claims, at the expense of the indemnifying party. The indemnifying party shall conduct and have sole control of the defense and settlement of any claim for which it has agreed to provide indemnification; provided that the indemnified party shall have the right to provide for its separate defense at its own expense. The rights and remedies set forth in this Section 10 states a party’s exclusive liability and the other party’s exclusive rights and remedies regarding claims made by a third party for intellectual property infringement or violation of a third party’s intellectual property rights.

Please see our existing Customer Terms and Conditions related to Order Forms entered into prior to July 20, 2024.