← Back to home

Terms of Engagement for Security Scans

Template v1 — last updated 20 April 2026

Standard engagement document. These terms govern every scan run at the owner-verified and premium-authorized tiers. Enterprise customers can request a signed counterpart at legal@protectyourvibes.ai.

By proceeding, you warrant that you are authorised to conduct security testing against the domain(s) listed on your Protect Your Vibes account.

1. Scope of authorised testing

  • Passive tier — surface analysis of public HTTP responses, headers, and declared origins. No authentication is required and no acceptance of these ToE is needed.
  • Owner-verified tier — active probing on a domain you have verified (DNS TXT or /.well-knownfile). Includes endpoint enumeration, GraphQL introspection checks, and Supabase/Firebase configuration probes.
  • Premium-authorized tier — deeper authenticated probing, higher request budgets, and scheduled monitoring. Requires an active paid plan and acceptance of these ToE.

2. Explicitly disallowed actions

You must not use the service, and we will not perform:

  • Denial-of-service or sustained high-rate traffic against targets
  • Destruction, modification, or encryption of data belonging to any party
  • Privilege escalation beyond read-only observation without prior written approval
  • Lateral movement into networks, hosts, or services not in scope
  • Exfiltration of personal data beyond what is strictly necessary to evidence a finding
  • Scans against any domain you do not own or have documented authorisation to test

3. Liability

Protect Your Vibes is not liable for damage that occurs on the target infrastructure as a consequence of scans you authorise, provided we have acted within the scope described in Section 1 and not in breach of Section 2. Our aggregate liability is limited as set out in the Terms of Service.

4. Indemnification

You will indemnify and hold Protect Your Vibes harmless from any third-party claim arising out of your instruction to scan a domain you do not own or are not authorised to test.

5. Duration

This ToE is valid for twelve (12) months from the date of acceptance, per domain you have verified on your account. You may re-accept at any time to renew.

6. Record retention

We retain scan logs, acceptance records (your name, timestamp, IP, and user-agent), and finding history for audit purposes. See the Privacy Policy for retention periods.

7. Termination

You may revoke this ToE at any time by unclaiming the affected domain on your dashboard, or by contacting legal@protectyourvibes.ai. Revocation is effective immediately and downgrades subsequent scans of that domain to the passive tier.

8. Electronic signature

Acceptance is recorded electronically via the form below. By typing your full legal name and checking the acceptance box, you agree that your electronic acceptance has the same legal effect as a handwritten signature.

Accept the Terms of Engagement