Acceptable Use Policy:
1. Authorized Use
-
You may only use the provided systems, services, and resources for authorized business purposes or activities explicitly permitted by Hackybara or requesters.
-
Ensure that your use of Hackybara’s systems and services aligns with the policies, procedures, and guidelines established by the company.
-
Obtain proper authorization before accessing, using, or modifying any restricted areas, data, or systems.
-
Comply with all applicable laws, regulations, and contractual obligations when using our systems.
2. Information Security
-
Safeguard all access credentials (e.g., usernames, passwords) and protect them from unauthorized use.
-
Do not share or distribute your access credentials to others. Each user is responsible for their own account and actions taken using their account.
-
Be cautious when handling sensitive or confidential information. Only access, use, or disclose such information as necessary to perform your authorized duties.
-
Report any suspected security incidents, vulnerabilities, or potential breaches to the appropriate IT or security personnel immediately.
-
Follow Hackybara’s information security policies and procedures when handling sensitive or confidential information.
-
Do not install unauthorized software or applications on Hackybara’s systems.
3. Prohibited Activities When Targeting Hackybara
When targeting Hackybara’s systems or services, the following activities are strictly prohibited unless permission from Hackybara is given:
-
Unauthorized access or attempts to access restricted areas or services.
-
Exploiting security vulnerabilities, hacking, cracking, or engaging in any activity that compromises the integrity, availability, or performance of Hackybara’s systems.
-
Distributing malware, viruses, or any other malicious software.
4. Responsibilities of Security Professionals
Security professionals engaged by Hackybara to perform security assessments have the following responsibilities:
-
Conduct assessments only on systems and applications authorized by Hackybara or requesters.
-
Agree to use Hackybara’s third-party identity service.
-
Comply with the terms of engagement and adhere to the specific rules, NDAs, guidelines, and scope provided by Hackybara or requesters.
-
Protect the confidentiality and integrity of any data accessed or obtained during the engagement.
-
Do not disclose any vulnerabilities or findings discovered during the engagement to third parties without proper authorization from Hackybara if related to Hackybara, or requesters if related to requesters.
-
Provide accurate and timely reporting of findings to Hackybara or requesters according to the agreed-upon process.
-
Follow responsible disclosure practices and maintain the confidentiality of any sensitive or proprietary information obtained during the engagement.
5. Prohibited Activities When Targeting Requesters
When targeting requesters’ systems or applications as part of penetration testing services, the following activities are strictly prohibited unless permission from the requester is given:
-
Unauthorized access or attempts to access restricted areas or services.
-
Exploiting security vulnerabilities, hacking, cracking, or engaging in any activity that compromises the integrity, availability, or performance of the requester’s systems.
-
Distributing malware, viruses, or any other malicious software.
-
Engaging in phishing or social engineering attacks against the requester or its users.
6. Consequences of Violations
-
Violations of this policy may result in disciplinary action, including but not limited to, temporary or permanent suspension of access privileges, termination of employment or contract, and legal prosecution as applicable.
-
Hackybara reserves the right to investigate and take appropriate action against any suspected violation, including cooperation with law enforcement authorities.
-
Users found to be in violation of this policy may be held personally liable for any damages or losses incurred by Hackybara or its users as a result of their actions.
-
Examples of consequences for policy violations include warning notices, loss of privileges, account termination, and legal action.
7. Policy Compliance and Monitoring
-
Hackybara reserves the right to monitor system usage for security purposes, including network traffic, chats, compliance with this policy, and ensuring system performance.
-
By accessing or using our systems, you acknowledge and consent to such monitoring activities.
-
Hackybara may use automated tools or software to detect and mitigate security threats, including scanning for vulnerabilities or malicious activities.
-
Hackybara may conduct periodic audits or assessments to ensure policy compliance and identify potential risks or vulnerabilities.
8. Policies for Requesters of Security Services
Businesses (requesters) engaging Hackybara’s security services must comply with the following policies:
-
Provide written authorization to conduct security services.
-
Agree to use Hackybara’s third-party identity service.
-
Provide an NDA to be signed by the chosen security professional before security services can begin.
-
Ensure that they have proper ownership or legal authorization for the systems being tested.
-
Cooperate with the Hackybara security professional during the testing process, including providing necessary information, access, and permissions.
-
Not interfere with the testing process or attempt to disrupt or prevent the detection of vulnerabilities.
-
Ensure that any vulnerabilities discovered during the testing are promptly addressed and remediated.
-
Acknowledge that a Hackybara security professional’s findings and reports are confidential and may only be shared with authorized parties.
-
Understand that Hackybara will not disclose any sensitive or confidential information obtained during the testing to unauthorized parties.
-
Comply with all applicable laws, regulations, and industry standards related to security assessments.
-
The requester grants explicit permission to any approved tester to conduct the security assessment, fully comprehending that scanning or testing activities may entail adverse effects.
Terms of Service:
1. Payment and Dispute Process
Payment Process
-
When a requester approves a tester or a team of testers for a specific task, the requester promptly sends the agreed-upon payment in advance.
-
Requesters and testers agree to use Hackybara as the payment platform and to not attempt to circumvent Hackybara by using third-party payment services.
-
This payment is securely held in an escrow account on our platform, providing both parties with peace of mind.
-
80% of the compensation will be made available to the tester once the request is complete.
-
If a tester fails to submit the report within the specified timeline set by the requester, our platform ensures a swift refund of the payment to the requester.
Reporting Process
-
Once the tester completes the assigned task, a comprehensive report detailing their actions and discoveries is diligently submitted to the requester.
-
Testers should deliver the final report to the requester through the Hackybara Chat feature.
-
Testers are encouraged to invest noticeable effort into their reports.
Requester Approval
-
The requester assesses the report with a discerning eye, seeking tangible proof of work and evident dedication.
-
When the requester is content with the delivered report, they provide their approval.
Dispute Resolution
-
If a requester receives a report that appears to lack effort or raises concerns, they have the option to defer the matter to our Hackybara Dispute Team.
-
The Hackybara Dispute Team follows and agrees to the same NDA supplied by the requester.
-
The Dispute Team thoroughly examines the situation.
Resolution Outcomes
-
If the report is deemed not viable or fails to meet the agreed-upon scope, the requester will receive a refund.
-
If the report meets the discerning standards set by the Hackybara Dispute Team, the payment is promptly delivered to the tester.
2. Standard Non-Disclosure Agreement (NDA)
Standard Non-Disclosure Agreement (NDA)
Hackybara is committed to maintaining a secure platform where businesses (requesters) and security professionals (testers) can engage in penetration testing and other security services with confidence. To safeguard all parties involved and to protect Hackybara as a facilitator, the following Standard Non-Disclosure Agreement (NDA) terms apply to all engagements conducted on the Hackybara platform.
1. Scope of Confidential Information:
- "Confidential Information" includes all non-public, proprietary, or sensitive information disclosed during the engagement process, including:
- Technical details, system architecture, security vulnerabilities, business strategies, proprietary methodologies, or any data shared between requesters and testers.
- Reports, findings, and any materials generated during the security assessment.
- Any internal Hackybara processes, platform features, or services related to the testing engagement that are not publicly known.
2. Obligations of Testers:
- Confidentiality: Testers agree to maintain the strict confidentiality of all Confidential Information shared by requesters and Hackybara and will not disclose such information to any third party without explicit written consent.
- Non-Use: Testers shall use the Confidential Information solely for the purpose of conducting the agreed-upon security assessments. Unauthorized use for personal gain, competitive advantage, or any purpose beyond the scope of the engagement is strictly prohibited.
- Secure Handling: Testers must implement industry-standard measures to safeguard the Confidential Information from unauthorized access or disclosure.
- Breach Notification: Testers are required to immediately notify both Hackybara and the requester in the event of any unauthorized access, disclosure, or loss of Confidential Information.
3. Obligations of Requesters:
- Limited Disclosure: Requesters agree to disclose only the necessary Confidential Information required for the performance of the security assessment and must take steps to minimize exposure to unrelated data.
- Ownership: Requesters retain ownership of all Confidential Information shared during the engagement. Hackybara is not responsible for managing the accuracy, completeness, or relevance of the information shared by requesters.
4. Hackybara's Role and Obligations:
- Facilitator Role: Hackybara serves as an intermediary, providing a secure platform for requesters and testers to connect. Hackybara does not directly handle Confidential Information shared between the parties, except when necessary for dispute resolution or platform operations.
- Confidentiality: Hackybara will not disclose any Confidential Information obtained through the platform without the express consent of both the requester and the tester, except as required by law.
- Limited Responsibility: Hackybara is not responsible for the accuracy, legality, or completeness of any Confidential Information exchanged between requesters and testers. Hackybara's role is limited to providing the platform for the engagement and facilitating payments and communications.
- Platform Security: Hackybara agrees to take reasonable measures to protect Confidential Information from unauthorized access while on the platform, including secure payment transactions and dispute resolution processes.
5. Limitation of Hackybara's Liability:
- Platform Limitations: Hackybara does not guarantee the completeness, accuracy, or performance of the services provided by testers. Hackybara is not responsible for any errors, omissions, or damages that may arise from the security assessments performed by testers.
- No Endorsement: Hackybara does not endorse or verify the qualifications or performance of any tester or requester. It is the sole responsibility of the parties involved to conduct their due diligence before entering into an engagement.
- Liability Cap: Hackybara's total liability, whether in contract, tort, or otherwise, shall be limited to the amount of fees paid by the requester for the specific engagement in which a dispute arises. Hackybara shall not be liable for any indirect, incidental, special, or consequential damages, including but not limited to loss of profits, data, or business opportunities.
6. Indemnification of Hackybara:
- Indemnity by Requesters and Testers: Both requesters and testers agree to indemnify, defend, and hold harmless Hackybara, its officers, directors, employees, agents, and affiliates from any claims, damages, losses, costs, liabilities, or expenses (including attorneys' fees) arising out of:
- A breach of this NDA by either party.
- Misuse, unauthorized access, or disclosure of Confidential Information.
- Any actions, negligence, or misconduct during the engagement, including claims from third parties regarding unauthorized testing, data breaches, or illegal activity.
- Cooperation in Defense: The indemnifying party agrees to cooperate fully with Hackybara in the defense of any such claims and may not settle any matter without Hackybara's prior written consent.
7. Return or Destruction of Confidential Information:
- At the Conclusion of Engagement: Testers and requesters are required to securely return or destroy any Confidential Information exchanged during the engagement, as requested by the disclosing party. Hackybara may facilitate secure communication and document return, but it is not responsible for the proper execution of these duties by the parties.
- Certification of Destruction: Upon request, testers must certify in writing that all Confidential Information has been securely deleted or returned to the requester.
8. Exclusions from Confidential Information: Confidential Information does not include information that:
- Was publicly known at the time of disclosure or becomes publicly known without breach of this Agreement.
- Was lawfully known to the receiving party without confidentiality obligations before disclosure.
- Is independently developed by the receiving party without use or reference to the Confidential Information.
- Is required to be disclosed by law, provided the disclosing party is given reasonable notice of such disclosure.
9. Duration of Confidentiality Obligations:
- The confidentiality obligations set forth in this Agreement shall commence upon the exchange of Confidential Information and shall remain in effect for the duration of the engagement and for five (5) years thereafter, unless otherwise stated by the parties in a separate agreement.
10. Dispute Resolution and Enforcement:
- Neutral Platform for Disputes: Hackybara will act as a neutral platform for resolving disputes related to confidentiality breaches. The Hackybara Dispute Team will adhere to the same confidentiality obligations as the parties and will not disclose or use any information shared during the dispute resolution process without consent.
- Legal Recourse: If a dispute cannot be resolved through Hackybara's platform, the injured party retains the right to pursue legal action against the offending party for breaches of this NDA or misuse of Confidential Information.
11. Modification and Acceptance:
- Hackybara reserves the right to modify the terms of this NDA as needed to reflect changes in legal requirements or platform operations. Any modifications will be communicated to users, and continued use of the Hackybara platform will constitute acceptance of the revised terms.
3. Limitation of Liability
-
By engaging in security testing activities or using our systems and services, you agree that Hackybara L.L.C, its employees, agents, or affiliates shall not be held liable for any damages, losses, or harm arising directly or indirectly from security testing activities.
-
This limitation of liability includes unintended system disruptions, data breaches, or unauthorized access to information.
4. Indemnification Policy
-
Hackybara users agree to indemnify and hold harmless Hackybara L.L.C, its affiliates, officers, directors, and employees, from any claims, damages, losses, liabilities, costs, or expenses (including attorneys’ fees) arising out of their use of the platform, violation of the AUP, breach of any representation or warranty, or infringement of any rights.
5. Due Diligence Responsibilities of Requesters
-
Verification of Achievements: Requesters must verify professional achievements and past performance by reviewing portfolios, case studies, or previous reports.
-
Employment History: Requesters should verify the employment history of the tester by contacting previous employers or clients, if applicable.
-
Credential Verification: Requesters must confirm the authenticity of certifications, educational qualifications, and professional memberships held by the tester.
-
Reference Checks: Requesters are encouraged to conduct reference checks to verify the tester’s professionalism, integrity, and competence.
-
Assessment of Suitability: Requesters must assess whether the tester’s skills align with the complexity and objectives of the project.
-
Legal and Regulatory Compliance: Requesters must ensure that engaging a tester complies with applicable legal and regulatory requirements.
-
No Endorsement by Hackybara: Hackybara does not endorse, guarantee, or assume responsibility for any tester’s qualifications.
6. Policy Updates
-
Hackybara may modify or update this policy periodically. It is your responsibility to review the latest version of the policy.
-
Material changes will be communicated to users through appropriate channels.
-
Hackybara may provide training or awareness programs to educate users about policy updates and reinforce compliance.
7. No-Circumvention Clause
Non-Compete and No-Circumvention Obligations
-
While using the Hackybara platform, testers agree not to engage in any attempt to bypass, avoid, or circumvent Hackybara’s platform, payment systems, or commission structure.
-
Testers shall not attempt to contact, solicit, or contract directly with any requester they encounter through Hackybara for the purpose of avoiding platform fees or commissions.
-
All engagements initiated through Hackybara must remain on the platform for the duration of the professional relationship unless explicit written authorization is granted by Hackybara.
-
If a tester violates this clause, Hackybara reserves the right to terminate the account and pursue appropriate remedies.
Hackybara Supports Tester Employment
-
Hackybara fully supports situations where a requester chooses to hire a tester full-time after forming a positive professional relationship.
-
Full-time employment opportunities for testers are supported and encouraged by Hackybara.
-
This clause does not restrict testers from being hired; it only prevents testers from bypassing Hackybara’s platform for freelance or contract work that originated through the platform.
8. No Impersonation or False Representation
Users agree that all information provided to Hackybara during registration and platform use must be accurate, truthful, and complete. Users may not impersonate any individual or entity, misrepresent their identity, qualifications, certifications, or affiliations, or create accounts on behalf of another person without authorization. Hackybara reserves the right to suspend or terminate accounts found to be engaging in impersonation, false representation, or fraudulent activity.
9. Governing Law & Jurisdiction
This Agreement shall be governed by and interpreted in accordance with the laws of the State of Maryland, without regard to its conflict-of-law principles.
Any disputes, claims, or legal proceedings arising out of or relating to the use of Hackybara’s platform, services, or agreements shall be brought exclusively in the state or federal courts located in the State of Maryland. By using the Hackybara platform, you consent to the personal jurisdiction of these courts.
10. Acceptance of Terms
By creating an account, accessing the platform, or using any of Hackybara’s services, you acknowledge that you have read, understood, and agreed to be bound by this Terms of Service, the Acceptable Use Policy, the Standard NDA, and all other applicable Hackybara policies.
If you do not agree to these terms, you must not access or use the platform.
11. Severability Clause
If any provision of this Agreement is determined to be invalid, unlawful, or unenforceable by a court of competent jurisdiction, such provision shall be enforced to the fullest extent permitted by law, and the remainder of the Agreement shall remain valid, enforceable, and in full effect.
The invalidity of one clause does not affect the enforceability of the remaining clauses.
