Terms of Service

Draft — last updated 2026-04-14. Binding on all users of the Security Scanner SaaS.

1. What this service does

Security Scanner (the "Service") is an automated security-testing platform. You submit a target you own or are authorised to test, and the Service probes that target for security issues and returns a report.

2. Authorised-use only

You may only scan targets you own or are authorised to test. The Service will refuse to scan a domain unless you have completed an ownership challenge (DNS TXT record or HTTP file). You are solely responsible for ensuring you have lawful authorisation to run security tests against every target you submit. Unauthorised security testing may violate:

• Wetboek van Strafrecht art. 138ab (Netherlands) — computervredebreuk
• Computer Fraud and Abuse Act (United States) — 18 U.S.C. § 1030
• Computer Misuse Act 1990 (United Kingdom)
• Similar laws in every other jurisdiction

3. Your responsibilities

By using the Service you agree:

• Every target you submit is one you own, control, or have written authorisation to test.
• You will not use the Service to attack, disrupt, or cause material harm to any system — even systems you own.
• You will not submit another party's findings as your own on downstream bounty platforms.
• You will treat findings as confidential until remediated, even if discovered using our tools.

4. Payment and credits

The Service is pay-per-scan. Credits are purchased in SOL or USD. Credits are non-refundable once consumed by a completed scan. A portion of every SOL payment is used for protocol-level token buybacks as disclosed on the pricing page — this is a feature, not a liability.

5. Data retention

Scan results and findings are stored per-tenant and accessible only to members of the tenant org. Audit logs of every scan are retained for compliance purposes. We never share your scan data with third parties except where legally compelled.

6. Warranty disclaimer

The Service is provided "as is". Security scanning is a best-effort activity. A clean scan does NOT certify the absence of vulnerabilities in the target. We make no guarantee that the Service will find every security issue, and we accept no liability for issues we fail to find.

7. Liability cap

Our total liability under this agreement is capped at the amount you have paid the Service in the 30 days preceding the incident. In no event are we liable for indirect, consequential, or punitive damages.

8. Termination

We may suspend or terminate your account without refund if you submit unauthorised targets, abuse the rate-limit system, or violate any section of this agreement.

9. Jurisdiction

This agreement is governed by the laws of the Netherlands. Disputes are subject to the exclusive jurisdiction of the courts of Amsterdam.

10. Contact

Questions about these terms → support@security-scanner.example.com

⚠ This is a starter draft. Before going to production, have these terms reviewed by a qualified lawyer in your jurisdiction. Specific clauses (liability caps, governing law, ownership-verification obligations) must be tailored to your legal structure.