Terms of Use
Version: 2026-06-10
1. Agreement to These Terms
These Terms of Use govern your use of Cipher, WeCipher’s automated security scanning and reporting service. By creating a scan, paying for a scan, or using a report dashboard, you agree to these Terms.
2. Authorized Use Only
You may only scan applications, domains, systems, and accounts that you own or are explicitly authorized to test.
You must not use Cipher to scan third-party systems, internal networks, government systems, shared infrastructure, or any target where you do not have clear permission.
You are responsible for confirming that your use of Cipher is lawful and permitted by your organization, customer agreements, hosting provider, and applicable laws.
3. Scope of Service
Cipher provides automated DAST-style scanning, vulnerability triage, PDF reports, and risk registers. Cipher is not a full manual penetration test, compliance certification, forensic investigation, or guarantee that your application is secure.
Results may include false positives, false negatives, severity differences, or incomplete coverage, especially where authentication, rate limits, bot protection, or application complexity affects scanning.
4. Credentials and Test Accounts
If you provide login credentials, you confirm that they are authorized test credentials with appropriate permissions for scanning.
You should avoid using real customer data, production administrator credentials, payment-capable accounts, or credentials that can perform destructive actions unless you have intentionally prepared the environment for testing.
You are responsible for rotating, disabling, or deleting test credentials after scanning if needed.
5. Safety, Availability, and Acceptable Use
Automated scanning can create traffic, trigger alerts, expose bugs, affect logs, or interact with application functionality. You accept these operational risks when requesting a scan.
You must not use Cipher for denial-of-service activity, unauthorized access, data theft, malware, evasion testing without permission, harassment, fraud, or any unlawful purpose.
We may refuse, pause, cancel, or limit scans that appear unauthorized, unsafe, abusive, unlawful, or outside the intended scope of Cipher.
6. Reports and Security Findings
Reports, risk registers, and findings are provided for your internal security and remediation use. You are responsible for validating findings and deciding what to fix.
You should treat reports and access codes as confidential. Anyone with a valid access code or signed download link may be able to access sensitive report data.
7. Payment, Credits, and Refunds
Pricing, scan bundles, credits, and included deliverables are shown at checkout. Bundle credits are tied to the original application URL unless WeCipher approves a change.
Failed scans do not intentionally consume bundle credits. We may review suspected abuse, duplicate submissions, payment disputes, or unsafe targets before issuing additional scans or refunds.
8. No Warranty
Cipher is provided “as is” and “as available.” We do not warrant that scans will find every vulnerability, meet a specific compliance requirement, be uninterrupted, or produce error-free reports.
9. Limitation of Liability
To the maximum extent permitted by law, WeCipher will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, including lost profits, lost data, business interruption, or security incidents.
To the maximum extent permitted by law, WeCipher’s total liability for any claim related to Cipher is limited to the amount you paid for the scan or bundle giving rise to the claim.
10. Indemnity
You agree to defend, indemnify, and hold WeCipher harmless from claims, damages, liabilities, costs, and expenses arising from unauthorized scanning, misuse of Cipher, your breach of these Terms, or your violation of law or third-party rights.
11. Changes
We may update these Terms as Cipher changes. The version shown on this page is the version you accept when creating a scan.
Questions? Contact info@usewecipher.com.