Legal & Privacy

Terms, Privacy & Authorized-Use Notice

Please read these terms before using this site. By using the Attack Surface Analyzer you agree to them.

Effective date: June 16, 2026

1. Terms of Use

This website (the "Site") and the external attack-surface analysis and related services it offers (collectively, the "Services") are operated by the Site's owners ("we," "us," or "our"). By accessing or using the Site or Services, you ("you" or "User") agree to be bound by these Terms of Use and all applicable laws and regulations. If you do not agree, do not use the Site or Services.

You must be at least 18 years old and authorized to enter into these terms on behalf of yourself or the organization you represent. You agree to use the Services only for lawful purposes and only in a manner that does not infringe the rights of, or restrict or inhibit the use of, the Site by any third party.

The Services are provided for informational and security-assessment purposes. Results are not a guarantee of security, completeness, or compliance, and do not constitute legal, regulatory, or professional advice.

2. Authorized Testing Only

You may only submit a domain, host, IP address, or other target that you own or that you are expressly, legally authorized to test. By submitting any target for external analysis, scanning, reconnaissance, or penetration testing through the Site or Services, you represent and warrant that:

you own the target, or you have obtained all necessary authorizations, permissions, and consents from the owner and operator of the target to permit external security testing of it;
your use of the Services complies with all applicable laws, including computer-fraud, anti-hacking, wiretapping, and unauthorized-access laws (such as the U.S. Computer Fraud and Abuse Act and analogous state and foreign laws); and
you are solely responsible for confirming the scope and legality of any test you initiate.

Unauthorized scanning or testing of systems you do not own or are not permitted to test may be illegal. You agree to indemnify, defend, and hold us harmless from any claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to any target you submit or any testing you initiate, including any claim that you lacked authorization. We may refuse, suspend, or terminate any request at our sole discretion.

3. Privacy

This section explains what information we collect, how we use it, and the choices you have.

Information we collect

Information you provide: your name, business email address, company name, and the domain or target you ask us to analyze, along with answers to the short survey.
Assessment data: the technical results generated when you run an analysis (for example, open ports, exposed services, TLS/certificate details, email-authentication records, subdomains, and known vulnerabilities associated with the target you submit).
Automatically collected data: standard server and log information such as IP address, browser type, pages viewed, and timestamps, and information collected through cookies and similar technologies (see Section 4).

How we use it

to run the analysis you request and deliver your results by email;
to offer and, where you authorize it, perform a deeper Stage 2 penetration test;
to operate, secure, and improve the Site and Services; and
to communicate with you about your request and related products and services.

Service providers and disclosures

We use trusted third-party providers to deliver the Services — for example, to host the Site, capture your contact details, send email, and perform the security scans and penetration tests you request. These providers process data on our behalf. We do not sell your personal information for money. We may disclose information if required by law, to enforce these terms, or to protect the rights, property, or safety of any person.

Retention and security

We retain personal information for as long as needed to provide the Services and for legitimate business or legal purposes, then delete or de-identify it. We use reasonable technical and organizational safeguards, but no method of transmission or storage is completely secure.

Your choices

You may request access to, correction of, or deletion of your personal information, and you may opt out of marketing emails at any time using the unsubscribe link or by contacting us at privacy@attacksurfaceanalysis.org.

4. California Privacy Rights & Cookies / Meta Pixel

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the "CCPA/CPRA"), gives you certain rights regarding your personal information, including the right to know what personal information we collect and how we use and disclose it, the right to request access to or deletion of your personal information, the right to correct inaccurate personal information, and the right to opt out of the "sale" or "sharing" of personal information and to limit the use of sensitive personal information. You also have the right not to receive discriminatory treatment for exercising these rights. To exercise any of these rights, contact us at privacy@attacksurfaceanalysis.org. We will verify your request as required by law and you may use an authorized agent.

Cookies, pixels, and the Meta Pixel. The Site uses, or may use, cookies and similar tracking technologies — including the Meta Pixel (Facebook Pixel) and comparable analytics and advertising tags from third parties — to understand how visitors use the Site, to measure and improve our marketing, and to deliver relevant advertising. These technologies may collect information such as your IP address, device and browser information, pages viewed, and actions taken on the Site, and may share that information with the providers of those technologies (for example, Meta Platforms, Inc.).

Under California law, this use of cookies and pixels may be considered a "sale" or "sharing" of personal information for cross-context behavioral advertising, and California's privacy and invasion-of-privacy laws (including the California Invasion of Privacy Act, "CIPA") may apply to data collected through these technologies. By continuing to use the Site, you consent to the use of cookies and tracking technologies described here. You may opt out of the sale/sharing of your personal information, and disable non-essential cookies, by adjusting your browser settings, by using available "Do Not Track" or Global Privacy Control signals, or by contacting us at privacy@attacksurfaceanalysis.org. Where required, we will honor opt-out preference signals.

5. Trademarks

All product names, company names, logos, and brands referenced on this Site — including, without limitation, ThreatMate, vPentest, Vonahi Security, Kaseya, ConnectSecure, Nodeware, RoboShadow, NodeZero, Horizon3.ai, Cavelo, Network Detective Pro, RapidFire Tools, Galactic Advisors, VulScan, Dark Web ID, ID Agent, and Meta — are the property of their respective owners. All trademarks, service marks, trade names, and registered trademarks are the property of their respective owners.

Use of these names, marks, and brands is for identification and comparison purposes only (nominative fair use) and does not imply any affiliation with, sponsorship by, or endorsement by their owners. This Site and its operators are not affiliated with, authorized by, or endorsed by the owners of those marks unless expressly stated.

6. Ownership & Conflict-of-Interest Disclosure

This Site may be owned, in whole or in part, by one or more individuals or entities that have a financial, equity, employment, advisory, or other interest in one or more of the companies, products, or tools referenced or compared on this Site. As a result, the comparisons, opinions, rankings, and recommendations presented here may reflect those interests and should not be treated as wholly independent or unbiased. We strive to base statements on publicly available information and observed behavior, but you should perform your own evaluation before making any purchasing or security decision.

7. Disclaimer & Limitation of Liability

THE SITE AND SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. We do not warrant that the Services will be uninterrupted, error-free, complete, or that any vulnerability, exposure, or risk will be detected.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL WE OR OUR OWNERS, OFFICERS, EMPLOYEES, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, OR GOODWILL, ARISING OUT OF OR RELATED TO YOUR USE OF (OR INABILITY TO USE) THE SITE OR SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR TOTAL AGGREGATE LIABILITY FOR ANY CLAIM RELATING TO THE SITE OR SERVICES WILL NOT EXCEED ONE HUNDRED U.S. DOLLARS (US$100). Some jurisdictions do not allow certain limitations, so some of the above may not apply to you.

8. Changes & Contact

We may update these terms from time to time. Changes are effective when posted, and the "Effective date" above will be updated. Your continued use of the Site after changes are posted constitutes acceptance of the revised terms.

Questions about these terms, your privacy, or your data rights? Contact us at legal@attacksurfaceanalysis.org (legal) or privacy@attacksurfaceanalysis.org (privacy).