Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs your use of the SecurityOwl web security scanning platform (the "Service"). This AUP is incorporated by reference into our Terms of Service. By using the Service, you agree to comply with this AUP in addition to all other applicable terms and policies.

SecurityOwl provides powerful security scanning tools designed to help website owners and authorized security professionals identify vulnerabilities in web applications. With this capability comes responsibility. This AUP exists to ensure that the Service is used ethically, legally, and in a manner that does not harm others.

Violation of this AUP may result in immediate suspension or termination of your account without notice or refund.

1. Authorization Requirement

You must have proper authorization before scanning any target. This is the most fundamental requirement of using the Service. Each time you initiate a scan, you represent and warrant that:

• You are the legal owner of the target website, domain, or web application; or
• You have obtained explicit, written authorization from the owner or authorized representative to perform security scanning on the target; or
• You are acting within the scope of a valid, documented engagement (such as a penetration testing contract, bug bounty program, or internal security assessment) that authorizes the type of scanning performed by the Service.

SecurityOwl does not verify your authorization. You bear sole responsibility for ensuring that you have the legal right to scan any target you submit to the Service. We strongly recommend that you maintain written records of your authorization for each target in the event of any dispute.

2. Rate Limits and Fair Use

To ensure the quality, reliability, and availability of the Service for all users, we enforce rate limits and fair use policies based on your subscription tier:

• Free tier: Limited to 1 scan per month. Scans are subject to standard processing priority;
• Pro tier: Limited to 1 full scan per month with enhanced features including AI-powered analysis;
• Enterprise tier: Unlimited scans with priority processing, full feature access, and dedicated support.

You agree not to circumvent, bypass, or attempt to exceed the rate limits associated with your subscription tier. This includes but is not limited to creating multiple accounts to obtain additional free scans, using automated tools to submit scans beyond your allocated limits, or exploiting any technical vulnerabilities in the Service to bypass restrictions.

We reserve the right to throttle, queue, or temporarily suspend your access to the Service if your usage patterns indicate abuse or place an unreasonable burden on our infrastructure.

3. Prohibited Activities

The following activities are strictly prohibited when using the Service. This list is not exhaustive, and we reserve the right to determine what constitutes a violation of this AUP at our sole discretion.

3.1 Unauthorized Scanning

• Scanning any website, web application, server, network, or system without explicit authorization from the owner or operator;
• Scanning targets that belong to government agencies, military organizations, critical infrastructure operators, healthcare providers, or financial institutions without proper authorization and compliance with sector-specific regulations;
• Submitting targets for scanning based on forged, expired, or otherwise invalid authorization documents;
• Scanning targets for the purpose of gathering intelligence to plan or execute unauthorized access.

3.2 Exploitation of Findings

• Attempting to exploit, leverage, or take advantage of any vulnerability identified by the Service;
• Using scan results to gain unauthorized access to any system, data, or network;
• Sharing vulnerability details with unauthorized parties for the purpose of enabling exploitation;
• Using scan results to extort, blackmail, threaten, or coerce any individual or organization;
• Publicly disclosing vulnerability details without first following responsible disclosure practices and allowing the target owner reasonable time to remediate.

3.3 Denial of Service and Infrastructure Abuse

• Using the Service to perform, facilitate, or amplify denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks;
• Submitting scan targets with the intent of causing disruption, degradation, or outage of the target system;
• Overwhelming the Service or its infrastructure with excessive requests, automated scripts, or other means;
• Attempting to interfere with the Service's scanning infrastructure, databases, or internal systems.

3.4 Unauthorized Access Attempts

• Attempting to access other users' accounts, scan results, or data;
• Attempting to access administrative interfaces, backend systems, or restricted areas of the Service;
• Probing, testing, or exploiting the Service itself for vulnerabilities without our explicit written authorization;
• Bypassing or attempting to bypass authentication, authorization, or access control mechanisms of the Service.

3.5 Data Misuse

• Reselling, redistributing, licensing, or commercially exploiting scan data, results, or reports without our prior written consent;
• Aggregating scan results from the Service for the purpose of building or enhancing a competing product or service;
• Scraping, harvesting, or systematically extracting data from the Service beyond normal use;
• Using the Service to collect or compile personal data about individuals without their consent.

3.6 Illegal Activities

• Using the Service for any purpose that violates applicable local, state, national, or international law;
• Using the Service in connection with fraud, identity theft, phishing, or other criminal activities;
• Using the Service to facilitate hacking, cracking, or other unauthorized computer intrusions;
• Using the Service to target individuals or organizations based on their race, ethnicity, national origin, religion, gender, sexual orientation, disability, or other protected characteristic.

4. Reporting Obligations

We encourage responsible use of the Service and responsible handling of scan results. If you discover critical vulnerabilities through the Service, we strongly recommend following responsible disclosure practices:

• Promptly notify the affected target owner or operator of the identified vulnerabilities;
• Provide the target owner with reasonable time (we recommend at least 90 days) to investigate and remediate the vulnerabilities before any public disclosure;
• Do not attempt to exploit any identified vulnerabilities;
• Coordinate with the target owner on the timing and scope of any public disclosure.

If you become aware of any misuse of the Service, violations of this AUP by other users, or security vulnerabilities in the Service itself, please report them to us at abuse@securityowl.io.

If you discover a security vulnerability in the SecurityOwl platform itself, please report it responsibly to security@securityowl.io. Do not publicly disclose any vulnerability in our platform without first giving us reasonable time to investigate and remediate.

5. Consequences of Violation

Violations of this AUP may result in one or more of the following actions, at our sole discretion:

• Warning: A formal notice describing the violation and requiring you to cease the prohibited activity;
• Temporary suspension: Temporary suspension of your account and access to the Service while the violation is investigated;
• Permanent termination: Permanent termination of your account and access to the Service, without refund of any prepaid subscription fees;
• Data deletion: Deletion of your account data, including scan results and history;
• Legal action: Pursuit of legal remedies, including injunctive relief and monetary damages;
• Reporting to authorities: Reporting the violation to law enforcement agencies, regulatory authorities, or affected third parties as appropriate.

The severity of the response will depend on the nature, scope, and impact of the violation. Serious violations, including unauthorized scanning and exploitation of findings, may result in immediate account termination without prior warning.

6. Cooperation with Law Enforcement

SecurityOwl will cooperate with law enforcement agencies, regulatory authorities, and judicial proceedings to the extent required by applicable law. This cooperation may include:

• Disclosing user account information, scan logs, and other relevant data in response to valid legal process (such as subpoenas, court orders, or search warrants);
• Proactively reporting illegal activities or suspected criminal conduct observed through the Service to the appropriate authorities;
• Preserving account data and records when notified of pending legal proceedings or government investigations;
• Providing testimony or technical assistance in legal proceedings related to misuse of the Service.

Where legally permitted, we will attempt to notify you if your account data is subject to a legal request. However, we may be prohibited from providing such notice in certain circumstances, such as when a gag order or non-disclosure requirement is in effect.

7. Monitoring and Enforcement

We reserve the right, but do not assume the obligation, to monitor your use of the Service for compliance with this AUP. We may use automated systems and manual review processes to detect potential violations, including analysis of scan targets, usage patterns, and account behavior.

Our decision not to enforce any particular provision of this AUP on any occasion shall not constitute a waiver of our right to enforce that provision or any other provision in the future.

8. Changes to This Policy

We may update this Acceptable Use Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page. We may also provide notice through the Service interface or via email for significant changes.

Your continued use of the Service after any changes to this AUP constitutes your acceptance of the updated policy. If you do not agree to the revised AUP, you must discontinue your use of the Service.

9. Contact Information

If you have any questions about this Acceptable Use Policy or wish to report a violation, please contact us: