Clear Rules of Engagement

H1 Clear Finders must strictly comply with all confidentiality guidelines, requirements and obligations related to the HackerOne Clear Programs in which they participate. These guidelines apply to vulnerability information, customer information, policy or scope details, bugs, account information, or any other Program-specific information.

If a Program requires an additional NDA or other contractual agreement, it is fundamental to respect these signed documents and comply with their requirements. Disclosing information in violation of confidentiality guidelines and/or applicable NDAs/contracts is strictly prohibited. Failing to comply will be a breach of your obligations to the customer and could result in direct action against you.

No disclosure of any vulnerability reports from any H1 Clear Programs may be made without the H1 Clear Customer’s explicit written approval via a communication within the HackerOne platform. This supersedes the standard disclosure process described in the HackerOne Disclosure Guidelines available at https://www.hackerone.com/disclosure-guidelines .

Without limiting any confidentiality obligations you may have under the H1 Clear Customer’s program, you agree that you can make no disclosure of any H1 Clear Customer’s name without explicit written approval from the customer via in-platform communication.

Specifically, and without limiting the prior statement, you may make no posting on social media regarding any H1 Clear Customer or H1 Clear Program and related activities without explicit written permission from the customer. Requests for such permission needs to be in written format via the HackerOne platform.

All Clear Finders must adhere to HackerOne’s Code of Conduct; we expect all HackerOne Clear Finders to act in accordance with the highest professional and ethical standards. Any violation of these terms, misbehavior or other code of conduct violations could result in immediate termination as an HackerOne Clear Finder and removal from Clear Programs and/or the Platform generally.

Whenever a Clear Program Policy requires use of HackerOne’s VPN, or other tagging of testing traffic, Clear Finders must follow the applicable policy rule as doing so is a requirement to remain enrolled in Clear and to participate in the particular Program. Avoiding using VPN or forgetting to tag your traffic could result in sanctions or removal from HackerOne Clear.

Being professional and respectful towards customers, HackerOne personnel and other researchers is a key element of being a Clear Finder As such, Finders in HackerOne Clear are held to a higher professional standard than non-Clear Finders.

If a disagreement occurs, please use the proper communication channels and report any incidents to [email protected]

In order to remain a member of HackerOne Clear, Clear Finders must maintain acceptable levels of performance including activity, reputation, signal and impact. These guidelines are outlined in {link doc}

Failure to do may render you ineligible to continue participating in HackerOne Clear Programs and/or impact specific tier eligibility.

If any of the provisions of these Rules of Engagement are held invalid or unenforceable by a court or other legal proceeding, the remaining terms will remain in full force and effect, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law. These HackerOne Clear RoEs, together with the Finder Terms and conditions, constitute the complete and exclusive understanding and agreement between us with respect to your participation in HackerOne Clear Programs, and supersedes all prior understandings and agreements, whether written or oral, with respect HackerOne Clear Programs.If there is any conflict between the Finder Terms and Conditions and these HackerOne Clear RoEs, these HackerOne Clear RoEs will control. Any waiver, modification or amendment of any provision of these HackerOne Clear RoEs will be effective only if in writing and signed by HackerOne. These HackerOne Clear RoEs may be executed in counterparts, each of which will be deemed an original, and all of which together will constitute one and the same instrument, and may be executed digitally through digital signature or online acceptance. The exchange of a fully executed document (in counterparts or otherwise) by facsimile signature or by other electronic means, such as by portable document format (.pdf) file, shall be sufficient to bind you to these terms.

Finders:

This refers to the individual bug hunter or pentester that is performing security testing and reporting vulnerabilities on HackerOne’s platform.

Report Details:

Data in a report that includes payloads, custom built modules/tools, custom built scripts, or anything that could be considered unique or proprietary to the program or the report itself.