Terms of Service

Effective Date: March 30, 2026

1. Introduction

Cipherline LLC (“Company”, “we”, “us”, “our”) operates the XploitScan security scanning platform available at xploitscan.com and through our CLI tool, GitHub Action, and API (collectively, the “Service”). These Terms of Service (“Terms”) govern your use of the Service. By accessing or using the Service, you agree to be bound by these Terms. If you do not agree to these Terms, please do not use the Service. Our Privacy Policy explains how we handle your data and is incorporated into these Terms by reference.

2. Service Description

XploitScan is a security scanning tool designed to identify vulnerabilities in AI-generated and human-written code. The Service analyzes your code for common security issues, provides plain-English explanations of findings, maps findings to compliance frameworks, and offers fix suggestions. XploitScan can be used via our web interface, our CLI tool (npx xploitscan scan .), our GitHub Action for CI/CD integration, or our API.

Compliance Mapping Disclaimer: The compliance mapping feature is provided for informational and educational purposes only. It maps scan findings to relevant compliance framework controls but does not constitute a compliance audit, certification, or legal opinion. Achieving compliance with SOC2, ISO 27001, or any other framework requires comprehensive organizational controls beyond code scanning. You should consult qualified compliance professionals for formal compliance assessments.

AI Disclaimer: XploitScan uses artificial intelligence to analyze code, detect vulnerabilities, generate fix suggestions, and map compliance controls. AI-generated results, explanations, and suggestions may contain errors or inaccuracies. You are responsible for independently verifying all findings and fixes before applying them. The Service is not a substitute for human security expertise, professional code review, or legal advice.

3. Accounts and Authentication

To use certain features of the Service, you must create an account. We use Clerk as our authentication provider. When you create an account, you agree to:

  • Provide accurate and complete information
  • Keep your login credentials secure
  • Notify us immediately of any unauthorized access to your account
  • Accept responsibility for all activity that occurs under your account

You may authenticate using email, social logins, or other methods supported by Clerk. We are not responsible for Clerk’s availability or security practices, though we have selected them as a trusted provider.

4. Plans, Pricing, and Billing

XploitScan offers the following plans:

  • Free Plan: Limited scans per day with core security rules. No credit card required.
  • Pro Plan: Unlimited scans, all available security rules, PDF reports, compliance mapping, webhook integrations, and priority support. Available with monthly or annual billing. Includes a 7-day free trial.
  • Team Plan: Everything in Pro, plus team seats, shared scan history, role-based access control, and team management. Additional seats available at an additional per-seat fee. Available with monthly or annual billing. Includes a 7-day free trial.

Current pricing is listed on our pricing page.

Paid subscriptions are processed through Stripe. New accounts that have never had a paid subscription are eligible for a one-time 7-day free trial. Each account is limited to one free trial — if you have previously subscribed to any plan (Pro or Team), new subscriptions will begin billing immediately without a trial period, regardless of which plan you select. At the end of your trial period, your payment method will be automatically charged the applicable rate (monthly or annual) unless you cancel before the trial ends. You may cancel your subscription at any time through the billing portal, and you will retain access to paid features until the end of your current billing period. Refunds are not provided for partial billing periods.

Plan Changes: You may upgrade or downgrade your plan or switch between monthly and annual billing at any time through your account settings. Plan changes take effect immediately. When switching plans or billing intervals, charges are prorated: you will receive credit for the unused portion of your current billing period and be charged for the new plan at the prorated rate.

Team Plan: Team members invited by a Team plan owner receive Pro-level access at no additional cost (up to the included seat limit). The team owner is solely responsible for billing and subscription management. Team members do not need their own paid subscription. If a team owner downgrades from Team to Pro or cancels their subscription, all team members will immediately lose their inherited access and be reverted to the Free plan.

We reserve the right to change our pricing with 30 days’ advance notice. Price changes will not affect your current billing period.

5. Referral Program

XploitScan offers a referral program that allows you to invite others to the Service. By participating in the referral program, you agree to the following:

  • The referral program is available only to users with active Pro or Team subscriptions who are team owners or admins
  • Each eligible user receives a unique referral code that can be shared
  • When a new user signs up using your referral link and subscribes to a paid plan, you receive a credit equal to one month of your current plan, applied to your next invoice via Stripe balance credit
  • Referral rewards are at the sole discretion of Cipherline LLC and may be modified or discontinued at any time
  • Self-referrals, fake accounts, or any form of referral fraud will result in disqualification and may lead to account termination
  • Referral links may not be distributed through spam, unsolicited messages, or any deceptive means

6. Data Retention and Cleanup

To maintain service quality and protect your privacy, we automatically clean up certain data:

  • Free plan scan data: Scan results for free-tier accounts are retained for 90 days and then automatically deleted.
  • Paid plan scan data: Scan results for Pro and Team accounts are retained indefinitely while the subscription is active.
  • Shared checklists: Shared checklist links expire after 30 days and the associated data is automatically deleted.
  • Audit logs: Activity logs are retained for 180 days and then automatically deleted.

7. Acceptable Use

You must be at least 18 years old to use the Service. By using the Service, you represent that you meet this age requirement. You agree not to use the Service to:

  • Violate any applicable law or regulation
  • Scan code that you do not have the legal right to analyze
  • Attempt to reverse-engineer, decompile, or disassemble the Service
  • Interfere with or disrupt the Service or its infrastructure
  • Use the Service to develop competing products
  • Automate access to the Service beyond what our API, CLI tool, and GitHub Action permit
  • Use scan results to exploit vulnerabilities in systems you do not own or have authorization to test
  • Use the Service to develop malware, exploits, or any tools intended to cause harm
  • Upload code containing live production credentials, secrets, or sensitive personal data
  • Share, resell, or sublicense access to the Service without authorization
  • Circumvent rate limits, scan quotas, or other usage restrictions

8. Intellectual Property

Your Code: You retain full ownership of any code you submit for scanning. XploitScan does not claim any ownership rights over your source code, repositories, or intellectual property. We do not use your code to train models or for any purpose beyond providing the scan results you requested.

Our Service: The XploitScan platform, including its software, design, branding, documentation, security rules, compliance mappings, and scan analysis algorithms, is owned by Cipherline LLC and protected by intellectual property laws. These Terms do not grant you any rights to our trademarks, logos, or brand assets.

Feedback: If you provide us with suggestions, feature requests, or other feedback about the Service, you grant Cipherline LLC a non-exclusive, royalty-free, perpetual, irrevocable, worldwide license to use, modify, and incorporate that feedback into the Service without any obligation or compensation to you.

9. Code Handling and Data Practices

We take the security of your code seriously. When you submit code for scanning, it is processed in memory, analyzed for vulnerabilities, and then immediately deleted. We do not store your source code on our servers, in our database, or in any persistent storage. The only data we retain from a scan is the metadata (such as scan date, number of findings, and severity levels) and the results themselves (including finding details, affected file paths, line numbers, and fix suggestions). Your actual source code is never stored.

10. Email Communications

By creating an account, you agree to receive transactional emails related to the Service, including welcome emails, scan completion notifications, team invitations, and billing-related communications. You may manage your email preferences through your account settings to opt out of non-essential notifications (such as scan completion alerts and weekly digests). You cannot opt out of essential transactional and security-related emails (such as billing confirmations, breach notifications, and Terms updates).

11. Limitation of Liability

XploitScan is a tool that provides security suggestions and recommendations. It is important to understand that:

  • Scan results are suggestions, not guarantees. We do not guarantee that our scans will identify every vulnerability in your code.
  • XploitScan is not a substitute for professional security audits, penetration testing, or code review by qualified security engineers.
  • Compliance mappings are informational only and do not constitute compliance certification or legal advice.
  • We are not liable for any damages, losses, or security incidents that arise from relying on XploitScan scan results or compliance mapping information.
  • The Service is provided “as is” and “as available” without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

To the maximum extent permitted by law, in no event shall Cipherline LLC be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or security incidents arising from missed vulnerabilities, regardless of the cause of action or theory of liability. Our total liability for any claims arising from your use of the Service is limited to the amount you paid us in the 12 months preceding the claim, or $100, whichever is greater.

12. Termination

You may stop using the Service and close your account at any time. We may suspend or terminate your access to the Service if:

  • You violate these Terms
  • You engage in activity that could harm the Service or other users
  • We are required to do so by law
  • We decide to discontinue the Service (with reasonable notice)

Upon termination, your right to use the Service ends immediately. If you are a Team plan owner, all team members will lose access upon your termination. Any provisions of these Terms that should reasonably survive termination (such as limitation of liability, intellectual property, indemnification, and dispute resolution) will continue to apply.

13. Changes to These Terms

We may update these Terms from time to time. When we make significant changes, we will notify you by email or through the Service and update the effective date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the updated Terms. We encourage you to review these Terms periodically.

14. Governing Law

These Terms and any disputes arising out of or related to them or the Service shall be governed by and construed in accordance with the laws of the State of Connecticut, USA, without regard to its conflict of law provisions. The courts located in Connecticut shall have exclusive jurisdiction over any disputes arising under these Terms.

15. Dispute Resolution and Class Action Waiver

In the event of any dispute, claim, or controversy arising out of or relating to these Terms or the Service, the parties agree to first attempt to resolve the matter through good-faith negotiation. If the dispute cannot be resolved through negotiation within thirty (30) days, it shall be settled by binding arbitration conducted in the State of Connecticut, in accordance with the rules of the American Arbitration Association. The arbitrator’s decision shall be final and binding on both parties.

CLASS ACTION WAIVER: All claims must be brought in the parties’ individual capacity only, and not as a plaintiff or class member in any purported class, consolidated, or representative proceeding. The arbitrator may not consolidate more than one person’s claims and may not otherwise preside over any form of a representative or class proceeding. You acknowledge that by agreeing to these Terms, you and the Company are each waiving the right to a trial by jury and the right to participate in a class action.

16. Indemnification

You agree to indemnify, defend, and hold harmless Cipherline LLC, its officers, directors, employees, agents, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of or in connection with your use of the Service, your violation of these Terms, or your violation of any rights of a third party.

17. Force Majeure

Cipherline LLC shall not be liable for any failure or delay in performing its obligations under these Terms where such failure or delay results from circumstances beyond its reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, pandemic, power outages, internet or telecommunications failures, government actions, or failures of third-party service providers (including but not limited to hosting, authentication, payment processing, and email delivery services).

18. Severability

If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be limited or eliminated to the minimum extent necessary so that the remaining provisions of these Terms shall remain in full force and effect.

19. Waiver

The failure of Cipherline LLC to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver of any provision of these Terms will be effective only if in writing and signed by Cipherline LLC.

20. Assignment

You may not assign or transfer these Terms, or any rights or obligations hereunder, without the prior written consent of Cipherline LLC. Cipherline LLC may assign these Terms, in whole or in part, without restriction, including in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Subject to the foregoing, these Terms shall bind and inure to the benefit of the parties and their respective successors and permitted assigns.

21. Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and Cipherline LLC regarding your use of the Service and supersede all prior agreements, representations, and understandings.

22. Contact

If you have questions about these Terms, please reach out to Cipherline LLC at admin@xploitscan.com.