Terms of Service

Version 2026-06-27

These terms govern your use of Is My Site Hackable? (the “Service”). By running a scan or creating an account, you agree to them. If you don't agree, don't use the Service.

What the Service does

Is My Site Hackable? is an automated security scanner for web applications. It offers a free passive scan that reads only what your site already serves to the public, and paid active (deep) scans plus scheduled monitoring that run only after you prove you own the domain. We may also offer a separate human security audit. The Service is provided on an “as is” basis as described below.

Your authorization to scan (important)

You may submit a domain only if you own it or have explicit, current authorization from its owner to have it security-tested. You are solely responsible for having that authorization, and you represent and warrant that you have it for every domain you submit.

  • Passive scans read only publicly-served artifacts (HTML, JavaScript bundles, response headers, publicly-reachable files, TLS configuration). They never log in, submit forms, or query your database.
  • Active (deep) scans, monitoring, and any agent-driven probing run only against a domain you have verified ownership of through the Service. No verification, no active scan.
  • You will not use the Service to test systems you are not authorized to test, to gain unauthorized access, or to disrupt any system or network.

Acceptable use

You agree not to:

  • use the Service for any unlawful purpose, or to violate anyone's rights;
  • submit government, military, or raw IP-address targets, or any domain you are not authorized to test;
  • use findings to attack, exploit, or harm any system, or to harass any person or organization;
  • resell, sublicense, or scrape the Service, or attempt to overwhelm, reverse-engineer, or circumvent its rate limits and safeguards.

We may suspend or terminate access for any suspected misuse, with or without notice.

Accounts

Paid features require an account, which is created when you subscribe. Sign-in is passwordless via a one-time code sent to your email, so keeping your email account secure is your responsibility. You are responsible for activity that occurs under your account.

Plans, billing, and cancellation

Paid plans are billed through Stripe. We never receive or store your raw card details. Subscriptions are priced per monitored domain and billing frequency, recur until cancelled, and you can cancel at any time; cancellation stops future renewals and takes effect at the end of the current period. Except where required by law, payments are non-refundable. Prices may change with notice for future billing periods.

No warranty; not a guarantee of security

The Service is provided “as is” and “as available,” without warranties of any kind, whether express or implied, including merchantability, fitness for a particular purpose, and non-infringement. Automated scanning is not exhaustive: a scan that finds nothing does not mean your application is secure, and we do not guarantee that the Service will detect every vulnerability or that reports are error-free. The Service is not a substitute for a comprehensive, professional security audit.

Limitation of liability

To the maximum extent permitted by law, Is My Site Hackable? and its operators will not be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of data, revenue, or profits, arising from your use of (or inability to use) the Service. Our total liability for any claim will not exceed the amount you paid us for the Service in the three months before the claim arose.

Indemnification

You will indemnify and hold harmless Is My Site Hackable? and its operators from any claim or liability arising out of your use of the Service, your breach of these terms, or your submission of a domain you were not authorized to test.

Intellectual property

The Service, including its software and report templates, belongs to its operators. The findings and reports generated for a domain you submitted are yours to use for securing that application.

Changes to these terms

We may update these terms. Material changes are reflected by a new version identifier (the version above), and the version you accepted at scan time is recorded with the time and IP of your acknowledgment. Continued use after a change means you accept the updated terms.

Governing law

These terms are governed by the laws of the State of New York, United States, without regard to its conflict-of-laws rules.

Contact

Questions about these terms? Email security@ismysitehackable.com. See also our Privacy Policy.