Terms of Service

1. Acceptance of Terms

By creating an account or using ExposEdge ("the Service"), operated by ExposEdge ("we", "us", "our"), based in Luxembourg, you agree to these Terms of Service and our Privacy Policy. If you do not agree, do not use the Service.

The Service is currently in free beta. No payment is required. Features, availability, and credit allocations may change as the Service evolves.

2. Service Description

ExposEdge is an automated external attack surface scanner that performs passive and active reconnaissance on domains you provide. The Service uses open-source security tools and AI-powered analysis to generate security reports with findings, risk scores, and remediation guidance.

The Service performs only non-destructive, read-only operations. It does not attempt to exploit vulnerabilities, modify data, inject payloads, or perform any write operations against scanned targets. All active checks are limited to standard HTTP requests, DNS queries, TLS handshakes, and port probes at safe rates (maximum 2 requests per second per host).

3. Authorization Requirement

You may only scan domains that you own or for which you have explicit written authorization from the domain owner. By initiating a scan, you represent and warrant that you have the legal right to perform security testing on the specified domain. Each scan records a timestamped attestation of your authorization claim.

Unauthorized scanning of third-party domains is strictly prohibited and may constitute a criminal offence under applicable laws, including but not limited to the Computer Misuse Act 1990 (UK), the EU Directive 2013/40/EU on attacks against information systems, and equivalent national legislation. You are solely responsible for ensuring proper authorization.

We reserve the right to block scans against domains on our blocklist (government, military, educational, and major infrastructure domains) and to suspend accounts that violate this requirement. We may cooperate with law enforcement authorities and share relevant user information (including attestation records, IP addresses, and scan history) if notified of unauthorized scanning activity.

4. Account Responsibilities

You are responsible for maintaining the confidentiality of your account credentials. You must provide accurate information when creating your account. You agree not to share your account, create multiple accounts to circumvent usage limits, or use the Service for any unlawful purpose.

5. Credits

During the free beta, each account receives 3 scan credits at registration. Credits are non-transferable. No payment is required or accepted during the beta period. We reserve the right to modify credit allocations with notice.

6. Disclaimer: Limitations of the Service

THE SERVICE IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND DOES NOT CONSTITUTE PROFESSIONAL SECURITY ADVICE, A PENETRATION TEST, OR A SECURITY AUDIT.

You expressly acknowledge and agree that:

• The Service performs automated external scanning only and cannot detect all vulnerabilities, misconfigurations, or security risks affecting your systems.
• Scan results are generated using a combination of automated tools and AI-powered analysis. AI-generated content (including narratives, risk assessments, and remediation guidance) may contain inaccuracies, incomplete information, or errors.
• The absence of findings in a report does not mean your systems are secure. The Service only tests what is externally observable and may miss internal vulnerabilities, logic flaws, authentication bypasses, and other issues that require authenticated or internal access.
• Risk scores are calculated algorithmically and represent a relative assessment, not an absolute measure of security posture.
• Remediation guidance is auto-generated and should be reviewed by a qualified professional before implementation.
• You should not rely solely on this Service for security decisions. We strongly recommend complementing automated scanning with professional security assessments, code reviews, and penetration testing.

7. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, AND NON-INFRINGEMENT.

IN NO EVENT SHALL WE BE LIABLE FOR:

• Any security incidents, data breaches, or damages resulting from vulnerabilities that the Service failed to detect.
• Any damages arising from reliance on scan results, risk scores, or remediation guidance provided by the Service.
• Any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or goodwill.
• Any damages arising from unauthorized use of the Service against third-party domains.
• Any disruption to scanned systems, even though the Service is designed to be non-disruptive.

Our total aggregate liability for any claims arising from or related to the Service shall not exceed EUR 100.

Nothing in these Terms excludes or limits our liability for: death or personal injury caused by our negligence; fraud or fraudulent misrepresentation; or any liability that cannot be excluded or limited by applicable law.

AI-generated content (including executive summaries, attack narratives, risk scores, and remediation guidance) is provided as-is and may contain errors, hallucinations, or outdated information. We do not warrant the accuracy, completeness, or reliability of AI-generated analysis.

8. Indemnification

To the extent permitted by applicable consumer protection law in your jurisdiction, you agree to indemnify, defend, and hold harmless ExposEdge, its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising from: (a) your use of the Service; (b) your violation of these Terms; (c) your scanning of domains without proper authorization; or (d) your violation of any applicable law or third-party rights.

9. Prohibited Activities

You may not: scan domains without authorization; use the Service to attack, disrupt, or gain unauthorized access to third-party systems; attempt to reverse-engineer, decompile, or extract the source code of the Service; resell or redistribute scan results commercially without written permission; use the Service to generate false or misleading security certifications; or use the Service in any way that violates applicable laws or regulations.

10. Discovery of Illegal Content

If a scan reveals content that appears to involve illegal activity (including but not limited to exposed personal data constituting a data breach, or references to child exploitation material), we reserve the right to: report such findings to relevant authorities; suspend the scan; and notify the user. We may be legally obligated to report certain discoveries under EU and national law.

11. Intellectual Property

The Service, including its software, algorithms, prompts, and documentation, is our proprietary property. Scan reports generated for your domains are yours to use, share, and distribute. You grant us a limited license to process your scan data for the purpose of providing the Service and improving our scanning capabilities.

12. Data Retention and Termination

Scan data (results, findings, assets, and reports) is automatically deleted 90 days after creation, regardless of account status. This is enforced by automated database expiry and cannot be overridden.

We may suspend or terminate your account immediately if you violate these Terms, particularly the authorization requirement. You may delete your account at any time from your account settings. Upon deletion, all your data is permanently removed in accordance with our Privacy Policy.

13. Governing Law and Jurisdiction

These Terms are governed by and construed in accordance with the laws of Luxembourg. Any disputes arising from or relating to these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of Luxembourg, without prejudice to your rights under mandatory consumer protection laws of your country of residence within the EU/EEA.

14. Changes to Terms

We may update these Terms from time to time. We will notify you of material changes via email at least 30 days before they take effect. For material changes, we will ask you to affirmatively accept the updated Terms on your next login. Continued use of the Service for non-material changes after the effective date constitutes acceptance.

15. Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions shall continue in full force and effect.

16. Contact

Operator: ExposEdge, Luxembourg. For questions about these Terms, contact us at legal@exposedge.com.