Safe Scanning Policy

1. Non‑Invasive Charter

ThreatSpot AI is not a penetration testing service. Our scans are designed to be non‑invasive and focus on public‑facing configuration and metadata only.

2. Scope of Scanning

Typical checks include:

• Public HTTP/HTTPS endpoints and response headers.
• Publicly visible configuration and metadata.
• Known software versions and public vulnerability data where applicable.

3. What We Do Not Do

• We do not exploit vulnerabilities or attempt to bypass authentication.
• We do not perform destructive testing that is likely to cause outages.
• We do not attempt to access non‑public data.

4. Customer Responsibilities

• Confirm that you own or are authorized to scan each target.
• Ensure your internal policies and contracts allow this type of testing.
• Notify us if your environment is unusually sensitive to automated traffic.