CyberHire
Request invitation

Legal

Acceptable Use Policy

Last updated: 20 April 2026

Who this applies to

This Acceptable Use Policy ("AUP") applies to everyone who uses the CyberHire platform:

  • Customers (the companies that subscribe);
  • Admin Users (individuals who log in on a Customer's behalf); and
  • Candidates (individuals invited to take an assessment).

It is incorporated into the Terms of Service for Customers, and into the candidate invitation for Candidates. Breach of this AUP is a material breach of those agreements and may result in immediate suspension or termination.

Spirit of the rules

CyberHire is a platform built for cyber security hiring. Many of our Customers are themselves security teams; many of our Candidates are offensive-security practitioners. We expect users to apply security techniques inside the intended challenge environments and only against targets they are explicitly authorised to attack. What follows translates that principle into specifics.

Prohibited activities

1. Attacks against the platform itself

You must not:

  • Attempt to access any account, data, system, or network you are not authorised to access;
  • Probe, scan, or test the vulnerability of any CyberHire system or network without our prior written permission. This includes automated scanners, exploit frameworks, port scans, directory busters, and fuzzers directed at cyber-hire.com, portal.cyber-hire.com, our APIs, or our infrastructure;
  • Circumvent, disable, or interfere with security or authentication features, including rate limits, MFA, session handling, CSRF tokens, or the integrity signals described in the Candidate Privacy Notice;
  • Reverse-engineer, decompile or disassemble the platform, except to the extent this cannot be prohibited under applicable law;
  • Interfere with or disrupt the platform, for example by flooding, denial-of-service, resource exhaustion, or by abusing free-trial credits or limits;
  • Introduce malware, logic bombs, or other harmful code;
  • Use the platform to send unsolicited communications ("spam").

2. Attacks outside sanctioned challenge environments

Certain CyberHire challenges run inside a dedicated, ephemeral Linux VM provisioned just for the Candidate's attempt. You may exercise security techniques inside your own challenge VM. You must not:

  • Attempt to reach, scan, or interact with any other Candidate's VM, the VM host infrastructure, or any other network accessible from inside a challenge VM;
  • Attempt to break out of the VM sandbox or escalate privileges beyond those intended by the challenge;
  • Use the VM as a launchpad for attacks against any external system, including our sub-processors, partners, or third parties;
  • Mine cryptocurrency or perform other unsolicited workloads on the VM;
  • Exfiltrate or publish material from the challenge (flags, images, configuration files) except as explicitly required to submit an answer.

3. Assessment integrity (Candidates)

If you are a Candidate, you must not:

  • Take an assessment with help from another person;
  • Use an unauthorised tool, AI assistant, or search engine during an assessment where the assessment brief prohibits them (brief will state what is allowed);
  • Share, copy, reproduce, record, or publish questions, challenges, answers, flags, or screenshots outside the assessment;
  • Let anyone else take the assessment on your behalf;
  • Log in from multiple devices or browsers simultaneously to complete the same assessment;
  • Deliberately disable, block, or falsify integrity signals (webcam, screen count, paste detection, fingerprint, etc.) where the assessment requires them.

Breach of this section may result in a failed result being communicated to the Customer, suspension of the Candidate account, and - where applicable - permanent blocklisting from future assessments.

4. Misuse by Customers and Admin Users

If you are a Customer or Admin User, you must not:

  • Use the platform to screen Candidates for any unlawful purpose, including unlawful discrimination;
  • Use Candidate personal data outside the hiring process for which it was collected;
  • Share an Admin User account with other people (each authorised individual should have their own seat);
  • Use the platform to assess individuals who have not been given reasonable notice and appropriate privacy information (see your responsibilities in the Terms of Service and Candidate Privacy Notice);
  • Upload Customer content (custom challenges, job specs, logos, email templates) that infringes a third party's rights or is unlawful;
  • Re-identify aggregated or pseudonymised data, or attempt to derive information about another Customer.

5. Content standards

Material you submit to the platform (including custom challenges, questions, answers, logos, email templates, support messages and public-facing text) must not:

  • Be unlawful, defamatory, harassing, threatening, or obscene;
  • Infringe any third party's intellectual property or privacy rights;
  • Promote discrimination on the basis of a protected characteristic under the UK Equality Act 2010;
  • Contain malware, or deceptive code disguised as a legitimate challenge solution;
  • Disclose real credentials, secrets, personal data, or confidential information belonging to any person or organisation, unless you have the right to disclose them for the purpose of the challenge;
  • Contain "live" exploit code targeted at real production systems.

Responsible disclosure

If you discover a genuine security issue in the CyberHire platform, please do not exploit it. Report it to admin@cyber-hire.com with the subject line SECURITY. We will acknowledge receipt, investigate, and work with you on a responsible timeline for disclosure. We do not currently run a formal bug-bounty programme, but we appreciate coordinated reports and will not pursue good-faith researchers who abide by this AUP.

Enforcement

CyberHire may, at its discretion and without prior notice:

  • Warn the user;
  • Suspend or revoke access to specific features;
  • Suspend or terminate accounts (Admin User or Candidate);
  • Invalidate specific assessment results;
  • Report unlawful activity to law enforcement or other relevant authorities;
  • Terminate the Customer's subscription in line with the Terms of Service.

Wherever practical, we prefer to notify and give the user an opportunity to explain or remedy the behaviour before escalating.

Reporting abuse

If you believe someone is using the platform in a way that breaches this AUP, please report it to admin@cyber-hire.com. Include as much detail as you can - URL, time, account email (if known), description of what you observed.

Changes to this policy

We may update this AUP from time to time. Material changes will be notified in line with the Terms of Service. The "Last updated" date at the top of this page will always reflect the current version.

Contact

Security reports and abuse reports: admin@cyber-hire.com.
Legal queries: legal@cyber-hire.com.

Questions?

Contact our Data Protection Officer, Michael Carthy, at legal@cyber-hire.com .