Acceptable Use Policy
Last updated: June 24, 2026
1. Overview
This Acceptable Use Policy ("AUP") defines the rules and restrictions governing the use of the SiteLeak security scanner and subscription services at siteleak.com. By using the Service, you agree to comply with this policy in full.
SiteLeak is designed solely as a preventative tool to help webmasters, developers, and security auditors verify that their own sites do not accidentally expose sensitive configurations (such as .env files, .git repository details, API keys, or AI prompt files). Unauthorized usage of this scanner against target networks you do not operate is strictly regulated.
2. Authorization Requirements
You may only initiate scans against domains or networks for which you are the owner, administrative operator, or have received explicit written consent from the authorized owner. Scanning third-party sites without authorization is strictly prohibited.
By initiating a scan, you warrant and represent that you have the legal right to audit the specified target domain and that doing so does not violate local hacking or computer crime statutes (such as the United States Computer Fraud and Abuse Act or the European Convention on Cybercrime).
3. Prohibited Activities
When accessing or using SiteLeak, you agree not to engage in any of the following restricted activities:
- Illegal Reconnaissance: Gathering vulnerability lists for third-party domains you do not own, with the intent to harvest leaks, exploit, or disclose finding records maliciously.
- Automated Gating Abuse: Attempting to bypass our browser fingerprinting or Turnstile protection systems to run high-volume, automated scans.
- Scraping and Result Harvesting: Building a database of findings by programmatically scraping our scan results pages (`/api/scan/*`) or automating query parameter inputs.
- Free Tier Farming: Rotating IP addresses, residential proxy lists, or modifying HTTP request headers to bypass our guest scan rate limit of 2 free scans per day.
- Denial of Service (DoS): Flooding our servers or scanning engine with thousands of concurrent scan requests to degrade service performance for other users.
- Phishing & Social Engineering: Using share links of scan reports to impersonate support or solicit payments/login credentials from domain owners.
4. Scanner Limits and Enforcement
To preserve server resources and deter bot farming, we enforce the following system limits:
- Guest (Unauthenticated) limit: Maximum of **2 scans per 24 hours** per client browser fingerprint.
- Registered (Free tier) limit: Maximum of **5 scans per 24 hours** (requires a free account registration).
- Paid (Pro/Agency) limit: Up to 500 scans per day, subject to fair-use thresholds.
- Scan Cooldown: A cooldown period of 60 seconds is enforced between consecutive scan requests.
5. Policy Violations and Termination
We reserve the right to monitor scan query volume and target distributions. If we detect violations of this AUP, we may immediately:
- Block your IP address, browser fingerprint, or email address from executing scans.
- Suspend or terminate your user account without a refund.
- Report malicious activity or unauthorized scanning behavior to ISPs, upstream hosting providers, or law enforcement authorities.
6. Contact Us
If you suspect that our scanner is being abused or used to perform unauthorized checks on your domain, please notify us immediately at [email protected], and we will block future scan requests against your domain.