Terms of Use

1. Authorized Use Only

The Service is provided exclusively for defensive security validation. By using it, you represent and warrant that:

• You are testing only networks, systems, applications, and security controls that you own or for which you have explicit written authorization from the owner;
• Your use of the Service complies with all applicable local, national, and international laws, including but not limited to the US Computer Fraud and Abuse Act (CFAA), the EU Network and Information Systems (NIS) Directive, and similar legislation in your jurisdiction;
• You will not use the Service to attack, probe, or interfere with third-party systems, networks, or accounts that you do not own or are not authorized to test;
• You will not use the Service in furtherance of any unlawful, fraudulent, or malicious activity.

Unauthorized testing of computer systems is a criminal offense in most jurisdictions. You are solely responsible for ensuring you have the proper authorization before initiating any test.

2. Nature of Test Payloads

All payloads delivered by the Service are inert test signatures designed to trigger security detection without performing destructive operations. Specifically:

• Antivirus tests use the EICAR Standard Anti-Virus Test File, a 68-byte string defined by eicar.org and recognized by all major AV/EDR engines worldwide.
• Firewall and IPS tests reference documented CVE patterns (e.g., CVE-2014-6271 Shellshock, CVE-2021-44228 Log4j, CVE-2019-11510 Pulse Secure) for signature matching purposes only.
• All exploit-style patterns reference RFC 2606 reserved test domains (example.com, example.org); no live infrastructure, command-and-control endpoint, or third-party system is targeted.
• No payload delivered by the Service contains live malicious code, ransomware logic, credential theft mechanisms, or persistent compromise tooling.

The Service does not provide, distribute, or facilitate access to weaponized exploit code.

3. Privacy Policy

3.1 Data we process

To operate the Service, we process limited operational data:

• Your public IP address — displayed back to you in the Network Pulse and NGFW Test pages so you can see the network telemetry for your own session. The IP address is not stored on our servers.
• Country code— derived from your IP via Cloudflare's edge headers (cf-ipcountry) for region-aware features such as the compliance notice banner. Not stored.
• Edge location— the Cloudflare colo serving your request, used for the "Nearest Edge Server" display. Not stored.
• HTTP request metadata(user agent, request path, headers) — handled transiently by Cloudflare and Google Cloud Run for operational purposes; not retained by us beyond standard CDN edge logs (subject to Cloudflare's and Google's respective retention policies).

3.2 What we do not collect

• No user accounts, sign-ups, or persistent identifiers
• No tracking cookies, advertising pixels, or third-party trackers
• No content of files you upload to the DLP Validator (parsed in-memory and discarded immediately after analysis)
• No data from your firewall, NGFW, or security tools — those logs remain entirely on your infrastructure

3.3 Local browser storage

The Service uses a small amount of browser-local storage (localStorage and sessionStorage) to remember your consent acknowledgment and dismissal of informational banners. This data never leaves your browser.

3.4 Your rights (GDPR / CCPA / similar)

Because we do not store personal data on our servers, there is no server-side record to request, correct, or delete. Clearing your browser's local storage removes any client-side state. For questions about CDN edge logs, please refer to the privacy policies of Cloudflare and Google Cloud.

4. Export Control & Sanctions Compliance

The Service is intended for lawful defensive use. Although ITSecTools is provided free of charge and uses only inert, documented test signatures, use of security testing tools may be regulated in some jurisdictions under export control regimes including but not limited to:

• The US Export Administration Regulations (EAR), particularly ECCN 4D004 (intrusion software)
• US Office of Foreign Assets Control (OFAC) sanctions programs
• The Wassenaar Arrangement controls on intrusion software
• EU dual-use export regulations (Regulation (EU) 2021/821)

If you are accessing the Service from a region subject to US sanctions — currently Iran, North Korea, Cuba, Syria, the Crimea region, and certain Russian territories — you are responsible for ensuring your use complies with all applicable laws in your jurisdiction. We display an informational notice for users connecting from these regions but do not technically block access.

You may not use the Service to test, probe, or attempt to access systems located in sanctioned territories unless you have a valid OFAC license or applicable exemption.

5. Disclaimers

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

We make no warranty that:

• The Service will be uninterrupted, timely, secure, or error-free;
• Results obtained from the Service will be accurate, complete, or reliable;
• Detection or non-detection by your security controls indicates the true effectiveness of those controls in production environments;
• The Service is suitable for compliance audits, regulatory attestation, or formal security assessments without independent verification.

6. Limitation of Liability

To the maximum extent permitted by law, in no event shall ITSecTools, its operators, contributors, or affiliates be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, goodwill, or other intangible losses, arising from or related to your use of (or inability to use) the Service.

You are solely responsible for the consequences of running security tests against your own infrastructure, including any disruption, outage, alerting, or operational impact such testing may cause.

7. Acceptable Use

You will not:

• Attempt to overload, disrupt, reverse-engineer, or bypass the Service's rate limits or infrastructure;
• Use the Service as a redirection target, attack-staging platform, or part of automated tooling directed at third parties;
• Scrape, harvest, or replicate the Service for commercial resale without prior written permission;
• Use the Service in any manner that violates the acceptable use policies of our underlying infrastructure providers (Cloudflare, Google Cloud).

8. Changes to These Terms

We may update these Terms from time to time. Material changes will be reflected in the "Last updated" date above. Continued use of the Service after changes are posted constitutes acceptance of the revised Terms. Significant changes to consent-relevant provisions will trigger a fresh consent prompt the next time you access protected features.

9. Contact

Questions about these Terms or the Service can be directed to our contact page.