Terms of Service

Last updated: May 2026

1. Overview

BrandSecOps provides automated Vulnerability Assessment and Penetration Testing (VAPT) services to help users identify and analyze potential security issues within their systems. The platform offers Light Scan (public, limited) and Deep Scan (authenticated users) capabilities, along with role‑based access, scan history, reporting, and task management features.

2. Scan Types and Availability

2.1 Light Scan (Anonymous)

Anyone can perform a Light Scan without signing in.

Limit: 3 scans per day per IP / session.

Results show all severity levels (Critical, High, Medium, Low) but details for Critical and High vulnerabilities are masked. To view full technical details, exploitation context, and remediation steps, the user must sign in or create an account.

2.2 Light Scan with Authentication (Registered Users)

After signing up and verifying your email address, Light Scan reports become fully visible (unrestricted details for all severities).

Verified users also unlock scan history, export options (PDF), and the ability to re‑run scans.

2.3 Deep Scan (Available for Authenticated Users)

Authenticated users can initiate Deep Scans from the Queue Scans page.

Deep scans perform more comprehensive checks, including active exploit validation, subdomain enumeration, advanced header analysis, and technology fingerprinting.

Results are stored in Scan History and can be exported.

2.4 Future Features

Additional scan types, subscription plans, or premium reporting may be introduced. Any changes will be communicated via the platform or email.

3. Account Registration & Access

3.1 Registration

To access full features, you must register using email + password or Single Sign‑On (SSO) via Google or LinkedIn.

A verification email is sent to the provided address. The verification link expires 10 minutes after sending.

3.2 Account Status

Accounts remain inactive until email verification is completed.

Administrators may activate, deactivate, or delete user accounts as governed by role‑based permissions.

3.3 Security

Users may enable Two‑Factor Authentication (2FA) from their profile.

SSO users initially have no local password; they can set one later if they wish to enable 2FA or use password‑based login.

4. Data Usage and Privacy

When you scan a domain, the platform processes the target URL and displays discovered vulnerabilities. Scan results are stored and associated with your account (if signed in).

Email addresses are used for authentication, report delivery, and unlocking full results. They are not sold or shared with third parties except as required by law.

See our Privacy Policy for more details on data retention and deletion.

5. Free Access and Restrictions

Light Scans (3 per day) are free without an account.

Authenticated users currently enjoy free access to Light and Deep Scans, scan history, and report exports.

BrandSecOps reserves the right to introduce paid subscriptions, usage limits, or feature tiers in the future. You will be notified before any such changes take effect.

6. Ethical Use Policy

You may only scan domains or systems that you own or have explicit written permission to test.

Unauthorized scanning of third‑party systems is strictly prohibited and may result in immediate suspension of your account and legal action.

You are responsible for complying with all applicable laws when using the platform.

7. Accuracy and Limitation of Results

Scan findings are generated by automated security engines and heuristics. False positives and false negatives may occur.

BrandSecOps does not guarantee the completeness, correctness, or timeliness of any vulnerability report. All findings should be manually validated by your security team before taking action.

8. Intellectual Property

All platform content, UI elements, scan algorithms, report formats, and underlying software are owned by BrandSecOps.

You may not copy, redistribute, reverse‑engineer, or reuse the scanning engine or report data outside the platform without prior written consent.

Scan results generated for your own domains remain your data, but the report structure and analytics are proprietary.

9. Limitation of Liability

To the fullest extent permitted by law, BrandSecOps shall not be liable for any direct, indirect, incidental, or consequential damages resulting from:

The use or inability to use the service.
Unauthorized scans initiated by you.
Reliance on scan results.
System downtime, data loss, or third‑party service failures.

The service is provided “as is” and “as available”.

10. Updates to These Terms

We may update these Terms of Service to reflect new features, legal requirements, or operational changes.

Continued use of the platform after the effective date of changes constitutes acceptance of the revised Terms.

11. Contact Information

For questions, support, account deletion requests, or data privacy inquiries:
support@brandcrock.com