Acceptable Use Policy

Effective Date: March 2025 | Last Updated: March 2026

This Acceptable Use Policy ("AUP") defines the boundaries of permitted use of RedSight. By using the Service, you agree to comply with this policy. Violations may result in account suspension or termination.

1. Permitted Use

• Scanning web applications you own
• Scanning applications you have explicit written authorization to test
• Security assessments of your own infrastructure
• Educational and research purposes on systems you control
• Using scan results to improve the security of your applications

2. Prohibited Use

The following activities are strictly prohibited:

• Unauthorized scanning: Scanning any application, website, or system without the explicit permission of the owner
• Malicious intent: Using scan results to exploit, attack, or compromise any system
• Denial of service: Using the Service to generate excessive traffic against any target, or to disrupt the availability of any system
• Platform abuse: Attempting to bypass rate limits, authentication, access controls, or domain verification on RedSight itself
• Redistribution: Reselling, publicly disclosing, or redistributing another user's scan results without their consent
• Sensitive targets: Scanning government, military, critical infrastructure, healthcare, or financial systems without proper authorization and legal clearance
• Automated abuse: Mass-scanning URLs beyond your plan limits, scraping the Service, or using automated tools to abuse the platform

3. Responsible Disclosure

If you discover a vulnerability in a third-party application through our Service (e.g., a client's site you are authorized to test), you are expected to follow responsible disclosure practices. Do not publicly disclose vulnerabilities without giving the affected party reasonable time to remediate.

4. Rate Limits & Fair Use

RedSight enforces rate limits to ensure platform stability for all users. These limits vary by plan. Attempting to circumvent rate limits — through multiple accounts, IP rotation, or any other means — is a violation of this policy.

5. Enforcement

Violations of this policy may result in:

• Temporary suspension of scanning privileges
• Permanent account termination without refund
• Reporting to relevant law enforcement authorities where applicable

We investigate all reported violations. Enforcement decisions are at our sole discretion.

6. Reporting Abuse

If you believe someone is using RedSight in violation of this policy, or if your systems are being scanned without your authorization, contact us immediately at abuse@redsight.app. We take all reports seriously and will investigate promptly.