Terms of service

TERMS OF USE

Effective Date: April 14, 2025

Welcome to the Hacken’s Website hackpot.io Hack:Pot ("Platform" or “HackPot”). These Terms of Use ("Terms") govern your access to and use of the Platform. By utilizing our services, you acknowledge and agree to be bound by these Terms. If you do not agree with any provision herein, you must refrain from using the Platform.

Before using the Platform, please read our Terms of Service for hacken.io, Privacy Notice, and Terms and Conditions $HAI.

Platform – A decentralized crowdfunding system that facilitates cybersecurity audits through community-funded bug bounty programs.

Supporters – Users who contribute utility tokens to collectively fund the cost of ethical hacking services.

Projects – Digital infrastructure, applications, or services are subject to security assessment through the Platform.

Ethical Hackers – Security researchers engaged in identifying and reporting vulnerabilities within Projects.

HackPot Fund (HackPot Pools) – A pool of contributed tokens designated for compensating Ethical Hackers who successfully identify security vulnerabilities.

APY (Annual Percentage Yield) – The projected return on contributions allocated to a Project that successfully withstands security testing.

$HAI - utility token that can be allocated to the HackPot Pools designated for a Project’s security testing.

1. Nature of Services

  1. The Platform operates as a decentralized crowdfunding infrastructure designed to support the financing of cybersecurity assessments—specifically, ethical hacking engagements—for designated digital products, platforms, or services (“Projects”) submitted by third-party developers or entities.

  2. Upon the successful aggregation of the required contribution threshold for a given Project, the Platform initiates the process of engaging an independent security researcher or certified ethical hacker (“Ethical Hacker”). The primary objective of the Ethical Hacker is to conduct a time-bound and scope-defined security audit aimed at identifying potential vulnerabilities within the Project.

  3. The engagement of the Ethical Hacker shall be governed by a separate, legally binding agreement between the Platform and the Ethical Hacker. This agreement shall include, but not be limited to, (a) the defined scope of the security audit, (b) the time period for the engagement, (c) criteria for vulnerability classification, and (d) the payment conditions. The service shall be contractually deemed as “successfully rendered” only in the event that the Ethical Hacker discovers and submits at least one verifiable, high-severity (i.e., critical) vulnerability, as defined by industry standards such as CVSS v3.1 or similar applicable frameworks.

  4. In the event that a critical vulnerability is discovered, validated, and acknowledged in accordance with the aforementioned criteria, the total sum of funds contributed by the Supporters toward the Project’s Bug Bounty Fund shall be disbursed to the Ethical Hacker as compensation for services rendered. No partial distributions shall be made, and the full fund amount shall constitute the service fee.

  5. Conversely, if the Ethical Hacker fails to identify any critical vulnerability within the established timeframe and audit scope, the cybersecurity service shall be considered unfulfilled. In such case, the entirety of the contributed funds shall be returned, proportionally and without deduction, to each Supporter who participated in the crowdfunding round for that specific Project.

  6. The crowdfunding and audit mechanism offered by the Platform does not include or resemble elements of gambling, wagering, or speculative investment. Outcomes are not influenced by chance, randomness, or probability. All contributions are made for the purpose of procuring a professional cybersecurity audit and are subject to transparent service delivery conditions. The Platform operates as a technical and administrative intermediary only and does not act as a broker, insurer, or guarantor of audit outcomes or Project viability.

2. Supporter Eligibility and Participation

  1. Access to and participation in the Platform is limited to natural persons who are at least eighteen (18) years of age or the age of legal majority in their respective jurisdiction, whichever is higher.

  2. By registering for or using the Platform, Users affirm and warrant that they (a) possess full legal capacity to enter into binding agreements; (b) are not located in, or subject to, any jurisdiction in which participation in token-based crowdfunding or cybersecurity-related activities is prohibited or restricted; and (c) are acting in accordance with all applicable laws, regulations, and directives governing their use of digital assets and participation in decentralized platforms.

3. Participation Obligations of Supporters

Users who contribute utility tokens to a Project campaign (“Supporters”) acknowledge, understand, and accept the following conditions:

  1. Their contributions are exclusively intended to support the commissioning of professional cybersecurity services, specifically the engagement of Ethical Hackers to perform vulnerability audits on the respective Project.

  2. Participation does not entitle Supporters to any form of equity, ownership, governance rights, or profit-sharing in the Project or Platform. Contributions are not considered loans, investments, or securities under any applicable financial or securities regulation.

  3. Each Supporter fully accepts the binary nature of the audit outcome:

  • If a critical vulnerability is discovered and validated in accordance with the Hacker’s engagement agreement, 100% of the contributed funds for that Project shall be disbursed to the Ethical Hacker as a service fee.

  • If no critical vulnerability is discovered, the Ethical Hacker shall not receive compensation, and all contributed funds shall be returned to Supporters in full and in proportion to their initial contribution.

  1. Supporters shall not hold the Platform liable for audit outcomes, cybersecurity risk assessment results, the technical soundness of the audited Project, or any other decision-making by the Ethical Hacker. The Platform operates solely as an intermediary and is not responsible for the performance of third parties.

  2. Supporters are solely responsible for ensuring that their use of utility tokens, participation in campaigns, and interaction with smart contracts complies with any relevant anti-money laundering (AML), tax, foreign exchange, or reporting obligations in their jurisdiction.

4. $HAI Contributions and APY Mechanism

  1. Allocation of Utility Tokens

Each Supporter voluntarily allocates a defined quantity of utility tokens to a designated Bug Bounty Fund associated with a specific Project listed on the Platform. Such allocation constitutes a conditional contribution intended exclusively for financing ethical hacking services.

  1. Secure Custody of Tokens

All contributed tokens are held in a secure, transparent, and verifiable smart contract or designated custody mechanism until the completion of the corresponding cybersecurity audit. During this holding period, neither the Platform, the Project, nor the Ethical Hacker shall have discretionary access to the tokens.

  1. Distribution Following Audit Outcome

Upon the conclusion of the audit and in accordance with the terms governing the Ethical Hacker’s engagement:

If a critical vulnerability is discovered and validated, the entire balance of the Bug Bounty Fund shall be disbursed in full to the engaged Ethical Hacker as compensation for the successful provision of services.

If no critical vulnerability is discovered, the audit is deemed unsuccessful for the purposes of compensation, and 100% of the contributed tokens shall be automatically returned to all participating Supporters in proportion to their original contribution.

  1. Prohibition of Chance-Based Distribution

The Platform does not support or facilitate any distribution of tokens based on elements of chance, probability, or speculative performance. Token allocation outcomes are strictly determined by clearly defined and verifiable cybersecurity service conditions. At no point shall token contributions be interpreted as wagers, bets, or financial instruments subject to gaming or gambling regulations.

5. Non-Gambling Disclaimer

  1. No Gambling or Betting Activity

The Platform does not operate, promote, or facilitate any form of gambling, betting, or speculative financial activity. At no point shall contributions made by Supporters be interpreted as wagers, bets, or investments subject to chance or probability-based outcomes.

  1. Purpose-Driven Contributions

All contributions are allocated solely for the procurement of cybersecurity auditing services. The outcome of each audit—specifically, whether or not a critical vulnerability is identified—serves as the determining factor for the distribution of funds, in accordance with transparent, objective, and pre-established contractual terms. This structure eliminates any reliance on randomness or performance speculation.

  1. Regulatory Compliance

The Platform has been designed to remain compliant with applicable gambling, financial, and consumer protection laws by ensuring that all user participation is governed by clearly defined service agreements rather than probabilistic or speculative mechanisms.

6. Ethical Hacker Engagement and Service Conditions

  1. Separate Service Agreement

Prior to the commencement of any cybersecurity audit, each Ethical Hacker shall enter into a formal and binding service agreement with the Platform. This agreement shall comprehensively define the scope of work, methodology, duration of the engagement, severity criteria (e.g., based on CVSS or equivalent), reporting obligations, and payment conditions.

  1. Success Criteria for Compensation

For the avoidance of doubt, the service shall be contractually deemed as “delivered” only upon the Ethical Hacker’s discovery, submission, and the Platform’s verification of at least one valid, high-severity vulnerability (“Critical Vulnerability”) in the audited Project. The vulnerability must meet the severity threshold as defined in the applicable Hacker agreement and must be demonstrably exploitable.

  1. No Finding – No Fee Policy

In the event that no Critical Vulnerability is identified and validated during the defined audit period, the cybersecurity service shall be deemed not rendered for compensation purposes. The Ethical Hacker shall waive any right to payment, and the entire contributed amount shall be returned to Supporters as per Section 5. The Platform shall not be liable for any claims, losses, or damages arising from such an outcome.

7. Compliance and Regulatory Framework

  1. Regulatory Adherence

The Platform is committed to maintaining compliance with all applicable laws and regulations, including but not limited to anti-money laundering (AML) obligations, Know Your Customer (KYC) procedures where applicable, and requirements governing virtual asset service providers (VASPs), as defined under relevant jurisdictions.

  1. User Responsibility for Legal Compliance

Each User bears sole responsibility for ensuring that their access to, and use of, the Platform complies with the legal, regulatory, and tax obligations applicable within their respective jurisdiction. The Platform shall not be held liable for any breach of local laws arising from a User’s participation.

  1. Cooperation with Authorities

Where required by law, the Platform reserves the right to cooperate with competent authorities and may disclose User information in compliance with lawful requests or investigations, consistent with applicable data protection regulations.

8. Limitation of Liability

  1. No Guarantee of Outcome

The Platform does not guarantee the identification of vulnerabilities, the success of a cybersecurity audit, or the issuance of any refund or compensation, except as explicitly defined under the terms of these Terms of Use. Users acknowledge that all contributions are made at their own discretion and risk.

  1. No Liability for Token Value or Third Parties

The Platform does not make any representations or warranties regarding the present or future value, usability, or liquidity of utility tokens used on the Platform. Furthermore, the Platform disclaims all liability for the conduct, errors, omissions, or performance of any third-party service providers, including but not limited to Ethical Hackers and Project Owners.

  1. Limitation of Damages

To the maximum extent permitted by law, the Platform shall not be liable for any indirect, incidental, consequential, or punitive damages arising from or related to the use of the Platform, including but not limited to loss of data, loss of profits, or reputational harm.

9. Amendments and Termination

The Platform reserves the right to update or modify these Terms at any time. Continued use of the Platform following any updates constitutes acceptance of the revised Terms.

10. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the Republic of Estonia. Any disputes arising from or in connection with these Terms shall be subject to resolution through binding arbitration in the Republic of Estonia.

11. Contact information

If you have any questions or comments about these Terms or the Platform or the Hack:Pot (hackpot.io), please contact us at contact@hackpot.io

Hacken OĂś:

Registration code: 14351915

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Parda tn 4, 10151, Estonia.

By accessing or using the Platform, you confirm that you have read, understood, and agree to be bound by these Terms.

PreviousFor Independent Security ResearchersNextLinks to useful resources

Last updated