Thanks for your interest in the Have I Been Pwned (HIBP) Services. Further down this page
out of Australia), I just wanted to give a brief "friendlier" introduction before
the formal bits.
"to do good things after bad things happen". Data breaches are an unfortunate
reality of increasingly online lives, but post-breach we can use that data to help reduce the
impact on breach victims. Using our Services to do that is awesome, whereas using our
Services to disadvantage breach victims, is not (that includes using it to pitch them
services or "ambulance chase"). You're welcome to go and build amazing things that
use our Services, my ask is that if you do that and display information from HIBP, that you
clearly indicate the source.
Most of what you'll read in the terms is obvious and common sense: don't deliberately attempt
to disrupt the Services, don't redistribute your API key to other parties (this is your
secret), if you don't pay a recurring invoice for the Services, they'll be cancelled and so
on and so forth. By necessity, some of it is a bit "legal speak" which is why I
wanted to set the context for why upfront.
I hope you use our Services to create something wonderful that helps breach victims, thank
you for reading this and for your interest in HIBP.
Founder and CEO, Have I Been Pwned
Welcome to Have I Been Pwned, operated by Superlative Enterprises Pty Ltd trading as "Have I Been Pwned" (we or us). We provide an online resource which facilitates the searching of email addresses and domains, allowing users to quickly assess if they, or people using their domain, may have been put at risk due to their online accounts having been compromised or "pwned" in a data breach.
You may access and purchase our Services through our website – haveibeenpwned.com (Website). By accessing and/or purchasing any of our Services , you agree to be bound by these Terms. If you do not agree with these Terms, you are not entitled to receive or purchase our Services. If you have any questions, complaints, or comments about our Website, your Subscription or your Dashboard, please contact us on the information provided below. To find out more information about us please visit our FAQ page at support.haveibeenpwned.com.
USE OF OUR SERVICES
Access to our Services
- Anyone can access our Website and use our Free Services. However, you will not be able to access and use our Paid Services unless you purchase a Subscription. The Services and bundles we offer are available for your review and selection on our Website. Terms related solely to your use of our Paid Services are dealt with further down in these Terms.
- In order to have an account with us, you must provide a valid email address and any other information required on our Website. We do not allow accounts to be established by automated means (i.e bots). If we reasonably believe that an account has been established by a bot or other automated means we may immediately cancel that account and terminate any associated Services.
Changes to our Services
- From time to time we may update, modify or remove features or functionality of our Services to reflect developments in technology. We will post any updates on our Website and amend our Documentation as required. If you have received Paid Services from us, and in the event of any Material Change, we will endeavour to provide you with written notice via your email address.
- If you do not agree with the changes we make to our Services you may discontinue your use of our Free Services at any time or cancel your Subscription via your Dashboard at any time. If you receive Paid Services from us, and in the event of a Material Change, you are entitled to contact us within 30 days of receiving notice of the Material Change to arrange for a refund for any unused pre-paid portion of the Subscription Fee. Our contact details are outlined in clause 16.
YOUR GENERAL OBLIGATIONS
You are not permitted to:
access or use our Services:
- for any purpose other than the Permitted Purpose;
- for the benefit of a third party (including for use by a related entity) other than as expressly permitted by the Terms;
- to provide an outsourced or white label service without identifying us as the source of the data and following our brand usage guidelines available on our Website from time to time;
- use our Services to query email addresses or domains belonging to individuals or organisations in a way that would disadvantage them or be construed as solicitation;
- use our Services in a way that has the potential to, or will, damage our goodwill or reputation or endanger, jeopardise or prejudicially affect our business in any manner;
interfere with or disrupt the integrity of the performance of our Services in any way, including:
- attempting to gain unauthorised access to our Services or its related systems and networks;
- accessing or using our Services in a manner that introduces malicious programs into our Services including viruses, worms, trojan horses and e-mail bombs;
- modifying, reproducing, revising, transmitting, distributing, reverse engineering or altering our Services or HIBP Data, including redistributing your API Key or other login details, or its configuration, to any other party; or
- using our Services in a manner that could harm or impair anyone else's use of our Services.
Unless otherwise agreed in writing by us, you must not give a third-party access to your account or Services. You are responsible for:
- maintaining the confidentiality and security of your account; and
- for all activities which occur using your account.
- You are responsible for obtaining all computer hardware, software, network, internet, mobile telecommunications and any other necessary equipment required to access and use our Services.
- You must ensure that your access to and use of our Services does not contravene any applicable laws and that you have all relevant approvals, licences and permissions relevant to the activities you are undertaking using our Services.
Application of these provisions
If you purchase any Paid Services from us, clause 3 – clause 6 (inclusive) will apply to your use of our Paid Services.
Subscribing for our Paid Services
Once you have subscribed to the Paid Services, we will grant you a non-exclusive, non-transferable and revocable licence for the Subscription Period to access and use:
- our API solely via the provided API Key;
- the Domain Name Search function; and
- any other functionality as outlined in the Documentation.
- You will be able to access your Dashboard to view your Subscription details and make changes to your Subscription as required.
The licence in this clause is granted subject to your ongoing compliance with these Terms and our Documentation.
Paid Services usage requirements
In addition to the general obligations outlined in clause 2 of these Terms, the following additional requirements apply to your use of our Paid Services:
- Controls such as rate limiting may be added to the domain search API if excessive API requests are made despite no new breaches appearing since the last request.
- In order to search a domain you must be able to demonstrate that you are the owner or controller of the relevant domain name.
- Subscriptions for the Domain Name Search are based on the number of breached email addresses on the relevant domain (excluding email addresses that appear solely in breaches categorised as a "Spam List"). We do not guarantee the reliability or accuracy of the Domain Name Search and you acknowledge that the number of breached email addresses associated with a domain may be inaccurate (for example, due to fabricated email addresses and data parsing errors).
- where the Paid Services impose a rate limit, you must ensure that your use of the Paid Services does not exceed this limit. If you exceed the rate limit, we may impose controls on your Subscription to restrict your access to the Paid Services to prevent you from exceeding the set rate limit until such time as your usage of the Paid Services returns within the prescribed limit.
- Pricing for the Domain Name Search function is categorised into tiers and is based on the number of breached email addresses associated with the relevant domain (excluding email address that appear solely in breaches categorised as a "Spam List"). If, during your current Subscription Period, the number of breached email addresses associated with the domain increases and moves your account into a higher Subscription tier (known as a "domain creep"), you will still be able to query the domains within the scope of your purchased Subscription tier for the remainder of your then current Subscription Period regardless of the domain creep. If you do not upgrade your Subscription at the end of your then current Subscription Period to take into account the additional breached email addresses, we may restrict your access for future Subscription Periods.
- If during the Subscription Period your domain name exceeds the size that can be queried by our Paid Services (due to factors outside of our control such as infrastructure scale), you may provide us with written notice if you are no longer able to query the domain name as part of your Paid Services. Without limiting your other rights at law, if we are unable to rectify the issue within 10 days of receiving written notice, you may cancel your Subscription and request a refund for any unused pre-paid portion of the Subscription Fee.
- It is your responsibility to ensure you have appropriate backup measures in place outside of our Paid Services as we are not responsible for loss, delay, interception or corruption in relation to Subscriber Data or your inability to access our Paid Services.
- Unless otherwise agreed to in writing, we do not guarantee any individual support (including technical support), maintenance, or other services (or level of service) related to our Paid Services. We may, however, provide you with access to limited support services through a support portal, as outlined in the Documentation.
- Your Subscription will commence on the date you purchase a Paid Service from us and it will continue to be valid for the period set out on your Dashboard (Subscription Period). Your Subscription Period will automatically renew for an additional period of the same length unless you cancel your Subscription prior to the end of the then current Subscription Period.
- You can cancel your Subscription at any time through your Dashboard. Subject to any rights which cannot be excluded by applicable law or as otherwise outlined in these Terms, you will not be entitled to a refund for any pre-paid Subscription Fees for the remainder of the Subscription Period but may continue to access your Dashboard and use the Services applicable to your Subscription until the last day of your paid-up Subscription Period.
- You must pay the Subscription Fee associated with your Subscription, as outlined on our Website.
- Payment for your Subscription is made through your Dashboard. We use a third-party service provider, Stripe Payments Australia Pty Ltd (Stripe) to provide the payment gateway services for our Services. Stripe and its global affiliates process transactions (including payment transactions) for us. Unless otherwise agreed in writing we only accept payments via Stripe. We do not store your payment information. For more information about Stripe, including how Stripe processes your payment information and their end user terms of service, please visit stripe.com/au.
You may wish to update your Subscription via your Dashboard if:
- you require a higher rate limit for your API Key; and
- the number of email addresses associated with a domain name increases and your then current Subscription is no longer sufficient to continue querying the domain name.
- We may increase the Subscription Fee for a new Subscription Period by providing you with at least 60 days written notice. If you do not agree with the changes made to the Subscription Fee you can cancel your Subscription at any time via your Dashboard.
- Except where otherwise defined in the Terms, capitalised expressions set out in this clause 6.1 bear the same meaning as those expressions in the A New Tax System (Goods and Services Tax) Act 1999 (Cth).
- Except where express provision is made to the contrary, and subject to this clause, any amount that may be payable under the Terms is exclusive of any GST. If a party makes a Taxable Supply in connection with the Terms for a Consideration which represents its Value, then the Recipient of the Taxable Supply must also pay, at the same time and in the same manner as the Value is otherwise payable, the amount of any GST payable in respect of the Taxable Supply. A party's right to payment under this clause is subject to a valid Tax Invoice being delivered to the Recipient of the Taxable Supply.
- You are responsible for paying all taxes, any other governmental fees and charges, and any penalties, interest, and other additions that are imposed on you relating to the payments made in accordance with these Terms.
- If you are in a supported location, Stripe Tax will be used to automatically calculate the correct tax amount applicable to your Subscription based on your geographical location and status. You can read more about Stripe Tax and how Stripe calculates the correct tax rate by clicking here.
INTELLECTUAL PROPERTY RIGHTS
Ownership of Intellectual Property Rights
- You acknowledge and agree that we and our licensors, as applicable, are the owners of, and will retain all rights, title and interest in all Intellectual Property Rights in the Services, including any improvements, enhancements or modifications to the Services.
- You grant us a non-exclusive, non-transferable, royalty free licence to use the Subscriber Data for the purpose of making our Services available to you or improving our Services.
- You represent and warrant that the Subscriber Data you provide to us does not infringe the Intellectual Property Rights of any third party and is provided to us in accordance with all laws that are applicable to you.
You hereby grant us a worldwide, perpetual, irrevocable, royalty-free licence to use and commercialise any feedback, suggestions, improvements, requests, enhancements, or corrections relating to our Services you provide to us from time to time.
DATA PROTECTION AND SECURITY
General privacy obligations
- Each party will perform their obligations under these Terms in accordance with their respective obligations under Privacy Laws.
If either party collects, holds, uses or discloses Personal Information in the course of or relating to these Terms that party must:
- only use Personal Information for the purpose of performing its obligations under these Terms; and
- not disclose Personal Information to any third party without the other party's prior written consent or as required by law
You are responsible for:
- establishing, maintaining and enforcing information security controls against the unauthorised access, destruction, loss, alteration, disclosure or misuse of Subscriber Data; and
- where, and to the extent necessary, obtaining all necessary consents from individuals whose Personal Information is included as part of the Subscriber Data to enable us to perform our obligations or exercise our rights under the Terms.
WARRANTIES AND DISCLAIMER
Disclaimer regarding our Services
You acknowledge and agree that:
your entry into the Terms is neither:
- contingent upon the future functionality or features, or the expected performance, of our Services; or
- dependent upon any oral or written public comments made by us with respect to the future functionality, performance or features of our Services;
- Subject to clause 9.2, your access to our Services is provided on an "as is" basis. Any representation, warranty, condition or undertaking that would be implied in these Terms by legislation, common law, equity, trade, custom or usage is excluded to the maximum extent permitted by law. We disclaim all other warranties (whether express, implied or statutory) and conditions, including fitness for purpose, availability, ongoing functionality, quality, accuracy, merchantability or non-infringement of our Services.
- You are solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of the Subscriber Data and any information which is inputted into our Services.
- We are in no way responsible for your use of the information retrieved from our Services. By providing or granting access to our Services, we provide no advice or recommendations to you and we are not in the business of providing advice of any kind. You assume sole responsibility and entire risk as to the suitability and results obtained from use of our Services and we have no liability to you for any decisions made or actions or omissions taken based on your access or use of our Services (and you will hold us harmless from any liability to third parties as a result of such use by you).
Nothing in these Terms excludes, restricts or modifies any condition, warranty, right or remedy conferred by the Australian Consumer Law (as set out in Schedule 2 of the Competition and Consumer Act 2010 (Cth)) or any other applicable law that cannot be excluded, restricted or modified by agreement.
LIMITATION OF LIABILITY
- To the fullest extent permitted by applicable law, neither party will be liable to the other party, whether in contract, tort (including negligence) or otherwise, for any special, indirect or consequential loss, loss of profits, loss of sales or business, loss of production, loss of agreements, loss of business opportunity, loss of anticipated savings, loss of or damage to goodwill, loss of reputation, and loss of use or corruption of software, data or information arising under, or in connection with, the Terms.
- Subject to clause 10(a) and to the extent permitted by applicable law, our aggregate liability in respect of any claims arising out of or in connection with the Services provided under these Terms, whether in contract or tort (including negligence) or otherwise, is limited to the amount you have paid us to receive our Services.
To the fullest extent permitted by law, our liability for a breach of a non-excludable condition or warranty is limited at our option (where permitted by the Australian Consumer Law (as set out in Schedule 2 of the Competition and Consumer Act 2010 (Cth)) to:
- in the case of goods, any one or more of the replacement of the goods or the supply of equivalent goods, the repair of the goods, the payment of the cost of replacing the goods or acquiring equivalent goods or the payment of the cost of having the goods repaired; or
- in the case of services, the supplying of the services again or the payment of the cost of having the services supplied again.
You will indemnify us against any loss, damage, liability, charge, expense, outgoing or cost (including all legal and other professional costs on a full indemnity basis) of any nature or kind, howsoever arising, whether present, unascertained, immediate, future or contingent arising out of or in connection with any claim arising from:
- your use of our Services in an unlawful manner or in violation of the Terms;
- any negligence, fraud, wilful misconduct or breach of law by you; and
- any claim by a third party that our use of Subscriber Data in accordance with these Terms is unlawful or in violation of any third party rights (including Intellectual Property Rights).
TERMINATION AND SUSPENSION
- We may, with or without notice to you and at our discretion, limit or suspend your right to access or use our Services if we reasonably believe you are not complying with the Terms (including your payment obligations under clause 5).
Without prejudice to any right or action or remedy which has accrued, or which may accrue in our favour, we may immediately terminate the Terms where:
- you have breached a material term of these Terms;
if you have Paid Services with us and you:
- fail to comply with its payment obligations as outlined in clause 5 of the Terms; or
- are subject to a change of control or become insolvent.
- On termination or expiry of the Terms under this clause 12 you will cease accessing our Services and, where applicable, stop using your API Key immediately.
- Expiry or termination of the Terms will not affect the operation of the provisions of the Terms which by their nature survive termination or expiry of the Terms.
- Termination or expiry of the Terms will not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry.
- These Terms are governed by and must be construed in accordance with the laws in force in Queensland.
- The parties submit to the exclusive jurisdiction of the courts of Queensland and the Commonwealth of Australia in respect of all matters arising out of or relating to the Terms, its performance or subject matter.
- The Terms contains the entire agreement between the parties concerning the subject matter of the agreement.
- A party must do all things and execute all documents that are reasonably necessary to give full effect to the Terms.
- We will not be in breach of the Terms or liable for any loss to the extent this arises from matters outside of our control.
CHANGES TO THESE TERMS
- We may, from time to time amend these Terms. We will endeavour to provide you with prior written notice on our Website of any such amendments. If you do not agree with any amendments to these Terms, you may stop using our Free Services and/or cancel your Paid Services at any time via your Dashboard.
- You agree that if you use our Services after the date on which such changes to the Terms have occurred, we will treat your use of our Services as acceptance of the changed Terms.
DEFINITIONS AND INTERPRETATION
In the Terms, the following terms have the meaning set out below.
- Affiliate means any entity which (directly or indirectly) controls, is controlled by or is under common control of a party.
- API means the application programming interface and accompanying Documentation that facilitates your access and use of your API Key.
- API Key means the unique confidential key provided to you to access our API as outlined in the Documentation on the Website.
Confidential Information means:
- your API Key, your Domain Name Search login details and the HIBP Data, algorithm information and any other information that at the time of disclosure by a Disclosing Party is identified to the Receiving Party as being confidential or which the Receiving Party knows, or ought reasonably to be expected to know, is confidential to the Disclosing Party or any Affiliate of the Disclosing Party; and
- all other information belonging or relating to a Disclosing Party, or any Affiliate of that Disclosing Party, that is not generally available to the public at the time of disclosure other than by reason of a breach of the Terms.
- Dashboard means the interface used to manage the account you create following your purchase of a Subscription for our Services.
- Disclosing Party means the party to whom information belongs or relates.
- Documentation means information, as updated by us from time to time, containing technical specifications and other usage requirements and restrictions which govern your use of our Services as outlined on our Website and expressly incorporated into the Terms by reference.
- Domain Name Search means the feature which allows controllers of a domain name to search for all exposed email addresses associated with the specific domain name as outlined in the Documentation on the Website.
- Free Services means the email search function available on our Website and any other services made available to you on our Website which does not require payment.
- HIBP Data means any Material that is provided to you by us in order for you to use our Services.
Intellectual Property Rights means any and all intellectual and industrial property rights throughout the world, whether subsisting now or in the future, including rights of any kind in:
whether created or in existence before or after the date of the Terms and includes any thing, whether tangible or intangible, which incorporates, embodies or is based on any of the things referred to in paragraphs (a) to (f) inclusive of this definition.
- inventions, discoveries and novel designs, whether or not registered or registrable as patents, innovation patents or designs, including developments or improvements of equipment, technology, processes, methods or techniques;
- literary works, dramatic works, musical works, artistic works, cinematograph films, television broadcasts, sound broadcasts, published editions of works and any other subject matter in which copyright (including future copyright and rights in the nature of or analogous to copyright) may, or may upon creation of the subject matter, subsist anywhere in the world;
- registered and unregistered trade marks and service marks, including goodwill in the business concerned in the relevant goods and services;
- trade, business or company names;
- internet domain names; and
- proprietary rights under the Circuit Layouts Act 1989 (Cth),
- Material means material in whatever form and includes email addresses, domains, hash prefixes other data, documents, reports, information, images, content or sounds (together with any database made up of any of these), business process and software.
- Material Changes means any material change to your Subscription or the functionality of our Services.
Paid Services means the Services on our Website requiring a paid Subscription, including but not limited to the:
- API Key;
- API; and
- Domain Name Search.
- Permitted Purpose means running on-demand queries of email addresses and domain names for breaches and pastes up to a certain rate limit as outlined in the Documentation.
- Personal Information has the meaning given in the Privacy Act 1988 (Cth) and includes "Sensitive Information" (as that term is defined in the Privacy Act 1988 (Cth)).
- Privacy Laws means any applicable law, statute, regulation, ordinance, code, standard or requirement of any government, governmental or semi-governmental body which relates to privacy, including without limitation the Privacy Act 1988 (Cth) and the Australian Privacy Principles under the Privacy Act, and the Spam Act 2003 (Cth), as amended from time to time.
- Receiving Party means the party to whom information is disclosed or who possesses or otherwise acquires information belonging or relating to a Disclosing Party.
- Services means the services available on the Website and includes the Free Services and the Paid Services.
- Subscriber Data means all Material you supply or make available to us, (including any Personal Information) in connection with the Terms.
- Subscription means any non-once off or periodic service you have signed up for via your account, including our Paid Services.
- Subscription Fee means the subscription fee outlined on your Dashboard and on our Website for the Paid Services.
- Subscription Period means the period described as such associated with your Subscription and outlined on your Dashboard.
Terms consists of the following:
- the Documentation.
In the Terms, unless the context requires otherwise:
- the headings are used for convenience only and do not affect the interpretation of the Terms;
- "include" or any similar expressions must be construed as if it were followed by "(without being limited to)"; and
- Unless specified, money amounts are in US dollars.
OUR CONTACT DETAILS
HIBP's services are provided by Superlative Enterprises Pty Ltd (ABN 62 085 442 020). Our contact details are:
Registered Office: Level 11, 2 Corporate Court, Bundall 4217, Queensland, Australia