Terms of Service

Introduction

Harbor Project provides workflows for responsible vulnerability disclosure and optional bug bounty coordination between participating organizations and security researchers.

Acceptance of Terms

By creating an account, accessing programs, or submitting reports, you confirm that you have authority to act and agree to comply with these terms, applicable program rules, and all relevant laws.

Platform Description

The platform acts as a facilitator for communication and workflow management between researchers and organizations. Harbor Project does not own third-party systems under test and does not guarantee remediation outcomes.

User Responsibilities

Organizations

Organizations are responsible for publishing accurate scope definitions, response commitments, and internal triage policies.

Researchers

Researchers are responsible for conducting lawful testing, submitting truthful reports, minimizing operational impact, and maintaining confidentiality during coordinated disclosure.

Responsible Disclosure Rules

Researchers must follow responsible disclosure practices at all times. Vulnerability testing is authorized only within assets and methods explicitly defined as in-scope by participating programs.

Prohibited Activities

Prohibited conduct includes out-of-scope testing, privacy-invasive activity, destructive exploitation, service disruption, extortion attempts, unauthorized data access beyond verification needs, and any violation of law or policy.

Intellectual Property

Harbor Project and its content, trademarks, and software are protected by intellectual property laws. Except where explicitly granted, no license or ownership rights are transferred to users.

Bug Bounty and Reward Disclaimer

Any bounty, honorarium, or reward is offered and paid solely by the participating organization under that program's terms. Harbor Project does not guarantee reward eligibility, amount, timing, or payment.

Limitation of Liability

To the maximum extent permitted by law, Harbor Project is provided on an "as is" basis and is not liable for indirect, incidental, consequential, or special damages arising from platform use, report handling, or third-party conduct.

Termination of Accounts

We may suspend or terminate accounts for policy violations, abusive conduct, legal risk, or security threats. Users may request account closure subject to retention obligations and ongoing case requirements.

Indemnification

You agree to defend and indemnify Harbor Project and its affiliates against claims, liabilities, damages, and expenses arising from your misuse of the platform, breach of these terms, or violation of applicable law.

Changes to Terms

We may update these terms from time to time. Continued use after updates become effective constitutes acceptance of the revised terms.

Governing Law

These terms are governed by applicable laws of the jurisdiction identified in your service agreement or, if none is specified, the jurisdiction where Harbor Project operates.

Contact Information

Questions about these terms can be directed through the platform support contact associated with your account.