Terms of Service

Terms

Last updated .

By using PennScan you agree to these terms. If you’re using the service on behalf of an organization, you represent that you have authority to bind that organization. Questions go to legal@pennscan.com.

The account

You’re responsible for activity under your account, including actions taken by anyone you add to your organization. Keep your credentials private. Tell us immediately if they leak.

Authorized targets only

You must only scan targets you own or have explicit written authorization to test. Running PennScan against third-party infrastructure without authorization is a breach of these terms and, in most jurisdictions, a computer-fraud crime. The engine refuses targets not on your signed allowlist, but you are ultimately responsible for the authorization.

Acceptable use

You won’t:

  • Use PennScan to carry out denial-of-service, credential stuffing, or destructive payloads against any target — authorized or otherwise.
  • Reverse-engineer the service beyond what local law permits, or attempt to extract other customers’ data.
  • Resell access to the platform without a written reseller agreement.
  • Use the service for anything illegal or harmful (spam, harassment, illegal content).

Payment

Paid plans are billed monthly or annually in advance. Overage above your tier’s scan/AI-analysis caps is billed at the posted rate; you can set a hard cap in Settings. You can cancel anytime — prorated refunds for annual plans within 30 days of the charge.

Your data

You own what you put into PennScan. We claim a limited license to store and process it solely to provide the service. See /privacy for details.

Availability

We aim for 99.9% monthly availability for paid tiers and publish incident reports on /changelog. Free tier is provided as-is. Planned maintenance is announced at least 72 hours in advance outside business hours.

Warranties and liability

The service is provided “as is” — no finding is guaranteed to appear, no AI analysis is guaranteed correct, and no absence of findings guarantees an absence of vulnerabilities. To the maximum extent permitted by law, our aggregate liability for any claim is capped at the fees you paid us in the twelve months before the claim arose.

Termination

You can close your account anytime in Settings. We can suspend or terminate accounts for material breach of these terms, with notice where reasonably possible. On termination you can export your data for 30 days; after that it’s deleted.

Changes

Material changes are announced 30 days in advance via email and on /changelog. Continued use after the effective date constitutes acceptance.

These terms are governed by the laws of Delaware. Disputes go to the state or federal courts in Delaware. A signed order form or MSA supersedes these terms where they conflict.