You may only scan targets you own, operate, or have explicit written authorization to test. Running unauthorized security scans against systems you don't control is illegal in most jurisdictions and violates these terms.
We reserve the right to suspend any account we believe is using the service for unauthorized scanning, bulk vulnerability exploitation, or any illegal purpose.
Our scanner performs non-destructive tests: port scanning, HTTP probing, TLS analysis, exposed endpoint checks, rate limit testing, and nuclei template matching. We do not exploit vulnerabilities. We do not attempt to bypass authentication. We do not attempt denial of service.
In addition to customer-initiated scans, we periodically run batch research scans against publicly-reachable web applications discovered via Certificate Transparency logs and similar public sources. The methodology, source IP, User-Agent, per-target rate caps, and full module list are documented at /scanner.
If your host appears in one of our batch scans and you do not want it scanned, any of these routes will permanently exclude you within 24 hours:
/.well-known/scanner-optoutUser-agent: SecurityScannerBot + Disallow: / entry to your robots.txtOur lawful basis for batch research scanning under GDPR is Article 6(1)(f) (legitimate interest in researching the security posture of publicly-reachable web applications), balanced against the right of the controller of those applications to be informed and to act. We notify every affected app owner where we can find a contact, document the methodology publicly, and honor opt-out requests promptly.
We provide the service on an "as is" basis. We make no guarantees of uptime or scan accuracy. Scans may occasionally fail due to network issues, target firewalls, or our own infrastructure.
PAYG charges are one-time. Subscriptions auto-renew monthly until cancelled. You can cancel at any time via the billing portal; you keep access until the end of your paid period. No refunds for partial periods.
Each plan has per-day and per-target scan limits. Exceeding these limits will block further scans until the limit resets.
To the maximum extent permitted by law, we are not liable for damages arising from your use of the service, including but not limited to: scans missing vulnerabilities, false positives, service downtime, or actions taken based on AI-generated fix instructions. Always review AI-generated code changes before deploying.
You can delete your account at any time. We may terminate accounts that violate these terms with reasonable notice.