Community Site Code of Conduct and Policies

By participating in programs on HackerOne, all Finders agree to help empower our community by following the HackerOne Code of Conduct (CoC). The CoC is in addition to the General Terms and Conditions and Finder Terms and Conditions that all Finders must agree to when creating an account.

This CoC sets out guidelines for engaging on the HackerOne platform and describes HackerOne’s potential actions if a violation occurs. A program may include additional rules of engagement or conduct in their program policy and may enforce those rules with program-level sanctions, so Finders should always review the program policy before engaging on a particular program.

To engage on the HackerOne community site, all HackerOne Brand Ambassadors and their attendees should adhere to HackerOne’s standard Code of Conduct policy, all of the rules outlined in the HackerOne Brand Ambassador Program Discord server, found in the #rules channel, and all of the rules outlined within the Community Site Code of Conduct.

Additional Community Site Policies:

  1. Do not collect PII, such as phone numbers, personal email addresses, physical mailing addresses, or other personal information from attendees. When creating events, it is possible to add your own custom fields to the RSVP registration form. This is a helpful feature as it may allow you to collect more information about your attendees, but can also be abused to collect unnecessary PII that would be difficult for us to control access to. Rather than collecting contact details from the attendees, you can use the email feature (discussed later) to encourage attendees to join the HackerOne Brand Ambassador Discord server for real-time communication.
     
  2. Do not spam or abuse the email feature. There is a feature within the Community Site that you can leverage to communicate with your attendees ahead of time, or after the event. While this feature should be used, make sure you are using it only when necessary and with appropriate level of frequencies. Never leverage it to email users who have not given permission to be contacted by submitting a RSVP to an event.
     
  3. Do not actively test the community site or other out of scope HackerOne assets. This community site is hosted by a third-party vendor, therefore is considered out of scope in our bug bounty program. Of course if you see something we would appreciate you disclosing it to us so we can escalate to them, but please do not actively test the site as we don’t have authorization to perform active testing on it. Refer to the HackerOne Bug Bounty Program Page for the most up to date information on in-scope assets.
     
  4. Do not profit from events. It’s strictly prohibited to make money or charge costs to the community and event participants. HackerOne covers costs for these events and ambassadors and/or club members cannot make profit from sponsored events, provided swag, or event tickets. Additionally, is not allowed to look for sponsors and charge them money with the goal of earning money through events, however if sponsors want to help with costs of organizing the event, that is allowed.
     
  5. Use HackerOne approved branding. For any swag and materials you may create for your event, please ensure you’re only using HackerOne approved branding guidelines and logos, all of which can be found at hackerone.com/branding.