Acceptable Use Policy

Last updated: 18 March 2026

1. Scope

This Acceptable Use Policy ("AUP") applies to all users of SecPortal's active security testing features, including but not limited to vulnerability scanning, continuous monitoring, and attack surface discovery (collectively, "Active Features"). This AUP supplements our Terms of Service and Privacy Policy.

2. Permitted Use

Active Features may only be used to:

  • Perform security testing against domains you own and have verified through SecPortal's domain verification process.
  • Perform security testing against domains for which you have explicit, documented, written authorisation from the domain owner.
  • Conduct legitimate security assessments, vulnerability assessments, and compliance checks as part of your professional security services.
  • Monitor your own or your authorised clients' infrastructure for security issues.

3. Prerequisites for Active Features

Before using any Active Feature, you must:

  • Verify domain ownership through one of our supported methods (DNS TXT record, file upload, or HTML meta tag, subject to plan availability).
  • Submit a security testing attestation confirming your authorisation to test each domain. This attestation is immutably recorded with your IP address and timestamp.
  • Comply with plan limits on the number of verified domains and monthly scan quotas.

4. Prohibited Activities

You must not use Active Features to:

  • Scan, test, or monitor any domain or system without explicit authorisation from the owner.
  • Attempt to bypass, circumvent, or falsify the domain verification process.
  • Conduct denial-of-service (DoS) attacks or any activity designed to disrupt, degrade, or impair target systems.
  • Exfiltrate, steal, or misuse data discovered through scanning.
  • Exploit discovered vulnerabilities for unauthorised access, data theft, or any purpose beyond security assessment and reporting.
  • Scan government, military, critical infrastructure, financial infrastructure, or healthcare systems without explicit contractual agreements.
  • Use scan results to extort, blackmail, or threaten domain owners.
  • Resell, redistribute, or share scanning capacity or results outside of your authorised workspace.
  • Create multiple free accounts to circumvent scan quotas or rate limits.
  • Use automated tools or scripts to interact with Active Features beyond the intended API usage.

5. Monitoring and Enforcement

SecPortal monitors the use of Active Features to detect and prevent abuse. Monitoring includes:

  • Logging all scan initiations, targets, and results.
  • Recording security testing attestations with IP addresses and timestamps.
  • Applying rate limits and scan quotas based on your subscription plan.
  • Maintaining a blocklist of restricted domains that cannot be targeted.
  • Analysing scan patterns for anomalous or potentially abusive behaviour.

6. Consequences of Violations

Violations of this AUP may result in:

  • Immediate suspension of Active Features pending investigation.
  • Account termination for serious or repeated violations.
  • Referral to law enforcement for activities that may constitute criminal offences, including violations of the Computer Fraud and Abuse Act (CFAA), the Computer Misuse Act 1990 (UK), or equivalent legislation in your jurisdiction.
  • Cooperation with authorities — SecPortal will comply with valid legal requests and provide scan logs, attestation records, and account information to law enforcement as required.

7. Reporting Abuse

If you believe SecPortal's scanning features are being used to target your systems without authorisation, please contact us immediately:

  • Email: legal@secportal.io
  • Include the domain being scanned, approximate time of scan activity, and any relevant evidence.
  • We will investigate all reports within 24 hours and suspend scanning against the reported domain pending review.

For more information about how to identify SecPortal's scanner traffic, visit our Scanner Information page.

8. Changes to This Policy

We may update this AUP from time to time. Material changes will be communicated via email or through the Service. Continued use of Active Features after changes constitutes acceptance of the updated policy.

9. Contact

For questions about this Acceptable Use Policy: