Terms of Service

By accessing or using the vulnr platform, website (vulnr.app), APIs, or any associated services (collectively, the “Service”), you (“Customer,” “you,” or “your”) agree to be bound by these Terms of Service (“Terms”). If you do not agree to all of these Terms, you may not use the Service.

These Terms constitute a legally binding agreement between you and vulnr (“vulnr,” “we,” “us,” or “our”). These Terms apply to all users, including visitors, registered users, and any person or entity that submits a URL or domain for security scanning.

We reserve the right to modify these Terms at any time. Material changes will be communicated via email or a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the modified Terms.

vulnr provides automated vulnerability scanning services for websites and web applications. The Service includes, but is not limited to:

• Automated security scanning of submitted domains and URLs
• Detection of open ports, known vulnerabilities, and misconfigurations
• Security reports with findings, severity ratings, and remediation guidance
• Dashboard access for managing scans, findings, and subscriptions
• PDF report generation for paid plan subscribers
• Recurring scanning on paid subscription plans

The Service is provided on an “as-is” and “as-available” basis. We do not guarantee that the Service will identify all vulnerabilities, and a clean report does not constitute a warranty of complete security.

To use certain features of the Service, you must create an account. You agree to:

• Provide accurate, current, and complete registration information
• Maintain the security and confidentiality of your login credentials
• Notify us immediately of any unauthorized use of your account
• Accept responsibility for all activities that occur under your account

We reserve the right to suspend or terminate accounts that violate these Terms or that we reasonably believe are being used for unauthorized purposes.

This section is critically important. Please read carefully.

By submitting a domain or URL for scanning, you represent and warrant that:

• You are the legal owner of the domain or URL, or you have obtained explicit, documented, written authorization from the owner to commission security testing
• You have the legal authority to bind your organization to these Terms
• The target does not belong to a government entity or third party you are not authorized to test
• You understand that vulnerability scanning involves actively probing systems in a controlled, non-destructive manner

Submitting a domain or URL you do not own or have authorization to scan is a violation of these Terms and may constitute a criminal offense under the Computer Fraud and Abuse Act (CFAA) and equivalent international laws. vulnr reserves the right to report such activity to law enforcement.

vulnr offers the following subscription tiers:

• Free: Limited scans per day. High-level risk overview with gated detailed findings.
• Pro: Increased scan quota, full finding details, proof-of-concept evidence, remediation steps, and PDF reports.
• Max: Unlimited scans, priority processing, white-label PDF reports, and dedicated support.

Subscriptions are billed on a monthly or annual basis. Payment is processed securely through Polar.sh. You authorize us to charge your payment method on a recurring basis until you cancel.

All prices are in United States Dollars (USD). Applicable taxes may be added based on your jurisdiction.

Full refund: If a scan fails or does not complete due to a technical error on our end, you are entitled to a full refund for that billing period.

No refund: Once a security scan report has been delivered and made accessible through your dashboard, no refund will be issued for that billing period.

Cancellation: You may cancel your subscription at any time. Access to paid features will continue through the end of the current billing period. No prorated refunds are issued for unused portions of a billing period.

Contact [email protected] for refund requests or billing inquiries.

You agree not to:

• Submit domains or URLs for scanning that you do not own or are not authorized to test
• Use the Service to conduct illegal activities or violate any applicable laws
• Attempt to probe, scan, or test the security of vulnr's own infrastructure
• Redistribute, resell, or publicly disclose security reports without written permission from vulnr
• Use automated tools to scrape, crawl, or extract data from the Service
• Interfere with or disrupt the Service or servers connected to the Service
• Impersonate another person or entity
• Use the Service to transmit malware, viruses, or harmful code
• Circumvent, disable, or interfere with security features of the Service

Violation of this Acceptable Use Policy may result in immediate account termination without refund.

All content, features, and functionality of the Service (including but not limited to text, graphics, logos, icons, software, and reports) are owned by vulnr and are protected by copyright, trademark, and other intellectual property laws.

Security scan reports generated for your domains are licensed to you for your internal use only. You may share reports with your development team, security consultants, auditors, or investors under NDA. Public distribution requires written consent from vulnr.

vulnr treats all scan findings, vulnerability details, and customer data as strictly confidential. We will not disclose your security scan results to any third party without your explicit written consent, except:

• When required by law, court order, or regulatory authority
• To our authorized service providers who are bound by confidentiality obligations
• In anonymized and aggregated form for statistical or research purposes

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

VULNR DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE. A SCAN THAT DOES NOT IDENTIFY VULNERABILITIES DOES NOT GUARANTEE THAT NO VULNERABILITIES EXIST. SECURITY SCANNING IS INHERENTLY LIMITED BY SCOPE, TIME, AND METHODOLOGY.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, VULNR’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU TO VULNR IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

IN NO EVENT SHALL VULNR BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE.

VULNR SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM: (A) YOUR USE OF OR INABILITY TO USE THE SERVICE; (B) ANY SECURITY BREACH OR INCIDENT THAT OCCURS DESPITE OR BECAUSE OF THE SERVICE; (C) ANY THIRD-PARTY ACTIONS OR INACTIONS; OR (D) YOUR FAILURE TO IMPLEMENT RECOMMENDED REMEDIATIONS.

You agree to indemnify, defend, and hold harmless vulnr, its officers, directors, employees, agents, and affiliates from and against all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys’ fees) arising from:

• Your use of the Service
• Your violation of these Terms
• Your submission of a domain or URL for scanning without proper authorization
• Your violation of any third-party rights
• Any claim by a third party related to your use of the Service

Either party may terminate this agreement at any time. We may suspend or terminate your access to the Service immediately, without prior notice or liability, if:

• You breach any provision of these Terms
• We are required to do so by law
• We reasonably believe your account has been compromised
• We discontinue the Service or any part of it

Upon termination, your right to use the Service ceases immediately. Sections relating to intellectual property, limitation of liability, indemnification, and governing law survive termination.

These Terms are governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to conflict of law principles.

Any disputes arising from or relating to these Terms or the Service shall first be attempted to be resolved through good faith negotiation. If negotiation fails, disputes shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association (AAA). The arbitration shall take place in Delaware, United States.

You agree to waive any right to a jury trial or to participate in a class action lawsuit or class-wide arbitration.

If any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

These Terms, together with the Privacy Policy, constitute the entire agreement between you and vulnr regarding the Service and supersede all prior agreements and understandings.

For questions about these Terms:

• Email: [email protected]
• Billing: [email protected]
• Website: vulnr.app