⚠️ Important: You may only scan systems you own or have explicit written permission to test. Unauthorized scanning may violate laws including the Computer Fraud and Abuse Act (CFAA) and similar international regulations.
1. Purpose and Scope
This Acceptable Use Policy ("AUP") governs your use of ScanGrid's vulnerability scanning services. By using our service, you agree to comply with all provisions of this policy in addition to our Terms of Service.
2. Authorized Use
ScanGrid is intended for legitimate security testing and vulnerability assessment. You may use our service to:
✅ Permitted Activities
- Own Systems: Scan websites, networks, and applications you own
- Authorized Testing: Scan systems with explicit written permission from the owner
- Educational Purposes: Test on dedicated learning environments and labs
- Security Research: Conduct legitimate security research on your own infrastructure
- Compliance Testing: Perform security assessments for regulatory compliance
- Penetration Testing: Conduct authorized penetration tests as part of security programs
3. Prohibited Activities
❌ Strictly Forbidden
- Unauthorized Scanning: Scanning any system without proper authorization
- Malicious Use: Using scan results to compromise or attack systems
- Critical Infrastructure: Scanning power grids, healthcare systems, emergency services, or other critical infrastructure
- Government Systems: Scanning military, intelligence, or government systems without authorization
- Third-Party Systems: Scanning customer systems, competitor websites, or public services
- Denial of Service: Using scans to disrupt or overwhelm target systems
- Data Theft: Attempting to access, steal, or exfiltrate data
- System Compromise: Using scan results to gain unauthorized access
- Fraud: Using the service for fraudulent or deceptive purposes
4. Legal Compliance
Your Legal Responsibilities
- Authorization: Obtain proper written authorization before scanning any system
- Local Laws: Comply with all applicable federal, state, and local laws
- International Law: Respect international regulations and treaties
- Industry Standards: Follow relevant industry security standards and guidelines
- Disclosure: Report vulnerabilities responsibly according to established practices
🚨 Legal Warning: Unauthorized computer scanning may violate:
- Computer Fraud and Abuse Act (CFAA) - US
- Computer Misuse Act - UK
- Criminal Code provisions - Canada
- Cybercrime laws in other jurisdictions
5. Permission Requirements
Valid Authorization Must Include:
- Written Permission: Signed authorization from system owner
- Scope Definition: Clear definition of systems and tests authorized
- Time Limits: Specific timeframe for testing activities
- Contact Information: Emergency contacts for the testing period
- Liability Coverage: Understanding of liability and insurance coverage
✅ Best Practice: Always maintain documentation of your authorization and scan activities for legal compliance and audit purposes.
6. Rate Limits and Fair Use
Usage Restrictions
- Daily Limits: Maximum 3 comprehensive scans per 24-hour period
- Concurrent Scans: One active scan per user at a time
- High-Impact Scans: Limited during peak hours to ensure service availability
- Resource Abuse: Automated or scripted abuse of the service is prohibited
- Commercial Use: Commercial usage requires prior approval
7. Responsible Disclosure
If You Discover Vulnerabilities
- Private Reporting: Report vulnerabilities privately to system owners
- Reasonable Timeframe: Allow reasonable time for remediation before public disclosure
- No Exploitation: Do not exploit vulnerabilities beyond proof-of-concept
- Data Protection: Do not access, modify, or delete data
- Professional Conduct: Maintain professional and ethical standards
8. Educational and Research Use
Academic and Learning Environments
- Lab Environments: Use only on dedicated learning labs and test networks
- Educational Licenses: Ensure your institution has proper educational licensing
- Student Supervision: Students must be supervised by qualified instructors
- Controlled Environment: Testing must be in controlled, isolated environments
9. Consequences of Violations
Policy Violations May Result In:
- Service Suspension: Immediate suspension of access to ScanGrid
- Permanent Ban: Permanent prohibition from using our services
- Legal Action: Civil or criminal legal proceedings
- Law Enforcement: Reporting to appropriate law enforcement agencies
- Liability: Personal liability for damages and legal costs
10. Reporting Violations
If you observe violations of this policy or suspect misuse of our service:
- Contact us immediately through our website's contact form
- Provide detailed information about the suspected violation
- Include any relevant logs, screenshots, or evidence
- We will investigate all reports promptly and confidentially
11. Service Modifications
We reserve the right to:
- Monitor usage patterns for compliance and security
- Implement additional technical controls to prevent misuse
- Modify or restrict scan types based on risk assessment
- Cooperate with law enforcement investigations
12. Updates to This Policy
This Acceptable Use Policy may be updated periodically. Changes will be posted on our website with an updated revision date. Continued use of our service after changes indicates acceptance of the updated policy.