Terms of Service

Please read these Terms of Service ("Terms") carefully before using the secninjaz.com website and any services, tools, or platforms offered through it (collectively, "the Platform") operated by SecNinjaz ("we," "us," "our").

By accessing or using our website or services, you ("you," "user," "Data Principal") agree to be bound by these Terms. If you do not agree to these Terms, do not use our services.

1. About Our Services

SecNinjaz is a cybersecurity services company. Through our Platform, we provide cybersecurity services including but not limited to:

• Cybersecurity Consulting — Professional security advisory and assessment services.
• Security Research & Education — Cybersecurity knowledge resources and training materials published on our website.

Our Platform also includes a vulnerability assessment tool that offers the following capabilities:

• Automated Vulnerability Assessment — Security scanning of web domains authorized by you.
• Domain Ownership Verification — Verification that you own or are authorized to scan the submitted domain.
• Vulnerability Reporting — Automated reports detailing discovered security findings, risk scores, and remediation recommendations.
• AI-Enhanced Analysis (optional) — AI-generated executive summaries, attack path analysis, and compliance mapping.
• AI Chat (optional) — Interactive chat-based analysis where you can ask questions about your scan findings and receive AI-generated explanations and recommendations.
• Scheduled Scanning — Recurring automated scans at configurable intervals.
• Scan Comparison — Differential analysis between consecutive scan results.

2. Eligibility

By using our services, you represent and warrant that:

• You are at least 18 years of age.
• You have the legal capacity to enter into a binding agreement.
• You are acting on your own behalf or are duly authorized to act on behalf of the entity that owns or controls the domain being scanned.
• You are not prohibited from using our services under applicable Indian law or the laws of your jurisdiction.

3. Vulnerability Assessment Tool — User Flow & Requirements

The following requirements apply specifically to our vulnerability assessment tool.

3.1 Email Verification

• You must provide a valid work email address associated with the domain you intend to scan.
• We will send a one-time password (OTP) to your email for verification.
• The OTP is valid for 10 minutes with a maximum of 5 verification attempts.
• Your email domain must match the target domain (exact match or subdomain relationship).

3.2 Domain Authorization & Ownership Verification

You must prove that you own or are authorized to scan the target domain. This is a mandatory prerequisite before any scan is initiated. You may verify domain ownership through one of three methods:

• DNS TXT Record — Add a securescan-verify-<token> TXT record to your domain's DNS configuration.
• HTML Meta Tag — Add a <meta name="securescan-verify" content="<token>" /> tag to your website's HTML.
• File Upload — Upload a verification token file to /.well-known/securescan-verify.txt on your web server.

By completing domain verification, you represent and warrant that:

• You are the lawful owner of the domain, OR
• You have explicit, written authorization from the domain owner to conduct a vulnerability assessment.
• The scan will not violate any applicable laws, regulations, or third-party agreements.
• You accept full responsibility for initiating the scan and any consequences arising from it.

3.3 Scanning

• Once email and domain are verified, you may initiate a vulnerability assessment scan.
• Scans are performed within isolated environments and are scoped strictly to the authorized domain.
• Scans are non-exploitative — they identify vulnerabilities but do not attempt exploitation, denial-of-service, or data exfiltration.
• Scan progress is reported in real-time via Server-Sent Events (SSE).

3.4 Report Access

• Scan reports are accessible for 72 hours after generation via your session token.
• After 72 hours, reports become inaccessible (HTTP 410 Gone).
• All data, including reports, is permanently deleted after 144 hours (6 days).
• Reports may be exported in JSON, Markdown, or PDF format during the access period.

4. Acceptable Use

You agree to use our services only for lawful purposes and in accordance with these Terms. Specifically, you agree NOT to:

• Scan unauthorized domains — Submit domains you do not own or are not authorized to scan.
• Circumvent verification — Attempt to bypass email verification, domain authorization, or any security controls.
• Impersonate others — Use another person's email address or identity to access the service.
• Abuse the platform — Launch denial-of-service attacks, flood requests, or attempt to overwhelm the service.
• Reverse engineer — Decompile, disassemble, or reverse engineer any part of the Platform.
• Exploit vulnerabilities — Use information from scan reports to exploit vulnerabilities in third-party systems.
• Redistribute reports — Share, publish, or distribute scan reports of domains you do not own without the domain owner's consent.
• Automate access — Use bots, scrapers, or automated tools to interact with the Platform outside of our documented API.
• Interfere with operations — Attempt to gain unauthorized access to our systems, networks, or other users' data.
• Violate laws — Use the service in any manner that violates applicable local, state, national, or international law including the Information Technology Act, 2000 and the DPDP Act, 2023.

Violation of these terms may result in immediate termination of your access and may be reported to relevant authorities.

5. Demo vs. Authorized Reports

• Demo Reports: If domain ownership is not verified, you will receive a demo report containing synthetic/placeholder data. Demo reports do not reflect actual vulnerabilities of any real system.
• Authorized Reports: Only after successful domain verification will you receive reports containing actual scan findings. Real findings are redacted server-side for unauthorized users.
• Compliance Mapping Disclaimer: AI-generated compliance mappings (OWASP, CWE, etc.) are provided for informational reference only and do not constitute a formal compliance audit or certification.

6. Intellectual Property

6.1 Our Property

• The Platform, its design, source code, algorithms, scanning methodology, branding, logos, and documentation are the intellectual property of SecNinjaz and are protected under applicable Indian intellectual property laws.
• Nothing in these Terms grants you any right, title, or interest in our intellectual property.

6.2 Your Data

• You retain ownership of any data you provide to us (email, domain URL).
• Scan reports generated from your authorized domains are licensed to you for your internal use.
• You may use report content to remediate vulnerabilities in your own systems.
• You may not use our reports, branding, or platform to offer competing vulnerability assessment services.

7. Service Availability & Limitations

7.1 Availability

• We strive to maintain the Platform's availability but do not guarantee uninterrupted or error-free operation.
• We may suspend any service temporarily for maintenance, upgrades, or security patches with or without prior notice.
• Scan durations vary depending on target domain complexity, network conditions, and system load.

7.2 Scope of Scanning

Our vulnerability assessment tool covers:

• Top 50 ports via network scanning (TCP/UDP with service version detection)
• DNS record enumeration (A, AAAA, CNAME, MX, NS, TXT, SOA, CAA) and email security checks (SPF, DKIM, DMARC, DNSSEC)
• HTTP header and SSL/TLS configuration analysis
• Web application vulnerability scanning
• Technology fingerprinting and CVE correlation
• OSINT-based credential leak checks

Our scanning does NOT include:

• Full penetration testing or exploitation
• Physical security assessment
• Social engineering testing
• Source code review
• Mobile application testing
• Internal network scanning

7.3 Accuracy

• Vulnerability scan results are generated through automated tools and may contain false positives or false negatives.
• Reports are provided "as is" and should be validated by qualified security professionals before taking remediation action.
• AI-generated summaries, attack paths, and compliance mappings are for informational purposes only and may contain inaccuracies.
• Risk scores are calculated algorithmically and should not be the sole basis for security decisions.

8. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE INDIAN LAW:

• No Warranty — The Platform, all services, and all reports are provided on an "AS IS" and "AS AVAILABLE" basis without warranties of any kind, whether express, implied, or statutory, including implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
• No Guarantee of Security — A clean scan report does not guarantee that your domain is free from vulnerabilities. Our scans are limited in scope and methodology.
• Limitation of Damages — SecNinjaz shall not be liable for any:
  • Direct, indirect, incidental, special, consequential, or punitive damages
  • Loss of profits, revenue, data, or business opportunities
  • Damages arising from reliance on scan reports
  • Damages arising from unauthorized third-party access to your data
  • Damages arising from service interruption or unavailability
• Maximum Liability — In no event shall our total aggregate liability exceed the amount paid by you to SecNinjaz for the specific service that gave rise to the claim, or INR 10,000, whichever is less.
• Force Majeure — We are not liable for failure or delay in performing our obligations due to circumstances beyond our reasonable control, including natural disasters, government actions, network failures, or third-party service outages.

9. Indemnification

You agree to indemnify, defend, and hold harmless SecNinjaz, its directors, officers, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including legal fees) arising from:

• Your use or misuse of the Platform
• Scanning a domain you are not authorized to scan
• Your violation of these Terms
• Your violation of any applicable law or regulation
• Any third-party claims arising from your use of our services
• Any unauthorized or illegal use of scan report data

10. Termination

10.1 By You

• You may stop using the service at any time. Due to our session-based model (no accounts), simply closing your browser tab ends your session.
• You may request immediate deletion of your data by contacting dpo@secninjaz.com.

10.2 By Us

We may suspend or terminate your access without prior notice if:

• You violate these Terms
• You scan a domain without authorization
• We detect abuse, automated attacks, or suspicious activity from your session
• We are required to do so by law or a court order

10.3 Effect of Termination

Upon termination:

• All active scans will be stopped
• All scheduled scans will be cancelled
• Your data will be deleted in accordance with our data retention policy (see Privacy Policy)
• Sections 4 (Acceptable Use), 6 (IP), 8 (Limitation of Liability), 9 (Indemnification), and 15 (Governing Law) survive termination

11. Third-Party Services

Our Platform may integrate with or rely on third-party services including:

• Email delivery services
• AI/LLM service providers (for optional enhanced analysis)
• Cloud infrastructure providers
• Scanning engine providers

We are not responsible for the practices, availability, or policies of third-party services. Your use of third-party services is governed by their respective terms.

12. Modifications to Terms

• We reserve the right to modify these Terms at any time.
• Material changes will be communicated via a prominent notice on our website.
• The "Last Updated" date will reflect the latest revision.
• Continued use of the service after changes constitutes acceptance of the modified Terms.
• If you disagree with the modified Terms, you must stop using the service.

13. Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall remain in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

14. Entire Agreement

These Terms, together with the Privacy Policy, Cookie Policy, Acceptable Use Policy, and any other policies referenced herein, constitute the entire agreement between you and SecNinjaz regarding your use of the Platform. These Terms supersede all prior agreements, representations, and understandings.

15. Governing Law & Dispute Resolution

• These Terms are governed by and construed in accordance with the laws of India.
• Any dispute arising under these Terms shall first be attempted to be resolved through good-faith negotiation between the parties.
• If negotiation fails, disputes shall be subject to binding arbitration in accordance with the Arbitration and Conciliation Act, 1996, seated in New Delhi, India.
• The courts of New Delhi, India shall have exclusive jurisdiction for any matters not subject to arbitration.

16. Contact Us

For questions about these Terms of Service:

SecNinjaz Cybersecurity Services

• Website: https://secninjaz.com
• Email: legal@secninjaz.com
• Data Protection Officer: dpo@secninjaz.com
• Postal Address: 512-514 Best Business Park Plot No.: P2, Netaji Subhash Place, Delhi, 110034

These Terms of Service were last reviewed and published on 25 March 2026.