Terms of Service

• Service - the C metrics automated website vulnerability scanning platform, including all associated tools, reports, and deliverables.
• Scan - an individual automated security assessment of a Target initiated through the Service.
• Target - the domain, subdomain, IP address, or URL submitted by Customer for scanning.
• Report - the scan results delivered via PDF, email, and/or shareable link generated by the Service.
• Customer - the individual or entity submitting a scan request and agreeing to these Terms.
• Authorized Representative - a person with legal authority to authorize security testing of a Target on behalf of its owner.
• Scan Profile - the tier of scanning selected by Customer (Quick, Standard, or Deep), each with different scope and depth.
• Prohibited Conduct - activities described in Section 5 of these Terms.

Customer represents and warrants that they are the legal owner of the Target domain or have obtained explicit, documented written authorization from the domain owner or an Authorized Representative before submitting any scan request.

Customer acknowledges that unauthorized scanning of computer systems may violate applicable laws, including but not limited to the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030), the UK Computer Misuse Act 1990, EU Directive 2013/40/EU on attacks against information systems, and equivalent legislation in other jurisdictions.

Customer accepts sole and exclusive responsibility for ensuring that their use of the Service complies with all applicable local, state, national, and international laws and regulations.

C metrics does not verify authorization claims and bears no responsibility for unauthorized scanning conducted through the Service. Customer agrees to retain proof of authorization and produce it upon request. False representation of authorization constitutes a material breach of these Terms.

The Service performs automated security assessments using a combination of passive reconnaissance, public threat intelligence sources, and active vulnerability scanning techniques. Scan depth and findings vary by the Scan Profile selected.

Scans are point-in-time snapshots. They reflect the security posture of the Target only at the moment the scan is performed and do not constitute ongoing monitoring or continuous assessment.

The Service is not a substitute for a comprehensive penetration test, a professional security audit, compliance certification (such as SOC 2, ISO 27001, or PCI DSS), or continuous security monitoring. Results depend on the Target’s configuration, network conditions, and response behavior at the time of scanning.

C metrics reserves the right to refuse, cancel, or terminate any scan at its sole discretion, without explanation or liability. Service availability is not guaranteed; scheduled or unscheduled downtime may occur.

Reports are generated by automated tools and algorithms. No human analyst reviews individual scan results unless separately arranged.

Reports may contain false positives (vulnerabilities reported that do not actually exist in the Target) and false negatives (actual vulnerabilities that are not detected by the scan). The absence of a vulnerability in a Report does not guarantee that the Target is secure. The presence of a vulnerability in a Report does not guarantee that the Target is actively exploitable.

Vulnerability severity ratings are derived from public databases such as the National Vulnerability Database (NVD) and CISA Known Exploited Vulnerabilities catalog. These ratings reflect general severity and may not accurately represent the actual risk within Customer’s specific environment, infrastructure, or business context.

Customer is solely responsible for independently verifying all findings before taking any remedial, business, or operational action. Reports should be evaluated by qualified security professionals before acting on findings. C metrics expressly disclaims any liability for decisions made, or not made, based on Report contents.

You agree not to:

• Submit scan requests for Targets you do not own or lack documented written authorization to test
• Use the Service for any illegal purpose or in violation of any applicable law or regulation
• Use scan results to exploit, attack, or gain unauthorized access to any system
• Use the Service to conduct reconnaissance for malicious purposes, including but not limited to planning cyberattacks, developing exploits, or facilitating unauthorized access by any party
• Attempt to disrupt, overload, reverse-engineer, decompile, or interfere with the Service or its underlying infrastructure
• Circumvent or attempt to circumvent any rate limiting, access controls, bot prevention, or security measures implemented by the Service
• Resell, redistribute, sublicense, or commercially exploit scan Reports without prior written consent (see Section 7)
• Use automated scripts, bots, or other programmatic means to submit bulk scan requests without prior written arrangement with C metrics
• Misrepresent your identity, affiliation, or authorization status when submitting scan requests
• Submit Targets that are known to serve malware, child exploitation material, or other illegal content
• Use the Service in any manner that could expose C metrics to civil or criminal liability in any jurisdiction

The C metrics platform, including its software, source code, algorithms, scanning methodology, scoring models, report templates, design elements, and brand identity, is the exclusive intellectual property of C metrics.

Reports generated through the Service are created using C metrics’ proprietary methodology. Customer receives a limited, non-exclusive, non-transferable, revocable license to use Report contents solely for the purpose of evaluating and improving the security posture of the scanned Target. No rights are granted to reproduce, modify, or create derivative works from the platform, its methodology, or its scoring algorithms.

All trademarks, logos, and service marks displayed on the platform are the property of C metrics and may not be used without prior written consent.

Customer may not resell, redistribute, sublicense, publish, or share Reports with any third party without C metrics’ prior written consent. This prohibition includes, but is not limited to:

• Selling or providing Reports as part of a consulting, managed security, or advisory engagement
• Bundling Report contents into third-party security offerings or products
• Posting Report contents, findings, or shareable links publicly on websites, social media, or forums
• Sharing Report URLs or contents with unauthorized parties
• Using Report data to market, operate, or enhance competing security services

Violation of this section constitutes a material breach of these Terms, entitling C metrics to immediately terminate access to the Service, revoke all active Report links, and pursue injunctive relief and damages.

Limited exception: Customer may share Reports with their own employees, contractors operating under a non-disclosure agreement, or professional advisors (such as legal counsel or auditors) who require access for Customer’s internal security purposes only.

C metrics maintains a zero-tolerance policy for abuse or misuse of the Service. If C metrics determines, in its sole discretion, that Customer has engaged in Prohibited Conduct, C metrics may take any or all of the following actions without prior notice:

• Immediately suspend or permanently terminate Customer’s access to the Service
• Revoke all active Report links associated with the Customer
• Retain relevant logs, scan data, and other evidence for investigative purposes
• Report the activity to appropriate law enforcement authorities

C metrics will fully cooperate with law enforcement agencies, regulatory bodies, and judicial authorities investigating suspected abuse, unauthorized scanning, cyberattacks, or other illegal activity facilitated through the Service.

C metrics may disclose Customer information, including email address, IP address, scan targets, scan results, and associated metadata, in response to valid legal process (including subpoenas, court orders, and warrants), law enforcement requests related to suspected criminal activity, or as otherwise required by applicable law.

C metrics is not responsible for, and expressly disclaims all liability arising from, Customer’s misuse of the Service, any third party’s misuse of information obtained through the Service, or any consequences resulting from abuse of scan results.

Customer agrees to indemnify, defend, and hold harmless C metrics, its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising from or related to:

• Customer’s use of the Service, including any scan initiated by Customer
• Customer’s violation of these Terms or any applicable law
• Customer’s scanning of any Target without proper authorization
• Any claim by a third party that Customer’s use of the Service infringed their rights, disrupted their systems, or violated applicable law
• Customer’s reliance on or use of Report contents

This indemnification obligation survives termination of these Terms and any cessation of Customer’s use of the Service.

To the maximum extent permitted by applicable law, C metrics’ total aggregate liability arising from or related to these terms or the service shall not exceed the greater of (a) the total amount paid by customer to C metrics in the twelve (12) months immediately preceding the event giving rise to the claim, or (b) fifty United States dollars (USD $50).

In no event shall C metrics be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to: loss of profits, revenue, or business; loss of data or data breach costs; loss of goodwill or reputation; cost of procurement of substitute services; security breaches occurring despite or because of scan results; damages arising from false positives or false negatives in reports; or damages arising from unauthorized scanning by customer.

These limitations apply regardless of the legal theory upon which damages are sought, whether in contract, tort, negligence, strict liability, or otherwise, and even if C metrics has been advised of the possibility of such damages.

Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, C metrics’ liability shall be limited to the minimum extent permitted by applicable law.

The service is provided “as is” and “as available” without warranties of any kind, whether express, implied, statutory, or otherwise. C metrics expressly disclaims all implied warranties, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, reliability, title, and quiet enjoyment.

C metrics does not warrant that: the service will be uninterrupted, error-free, or secure; scan results will be accurate, complete, or current; the service will detect all vulnerabilities present in a target; the service will be compatible with all targets or network configurations; or that defects in the service will be corrected.

Customer assumes all risk associated with the use of the Service and the interpretation of Report contents. No information or advice, whether oral or written, obtained from C metrics or through the Service shall create any warranty not expressly stated in these Terms.

The Service integrates with and relies upon third-party tools, databases, and data sources that are outside C metrics’ control. These include, but are not limited to, public vulnerability databases, threat intelligence feeds, certificate transparency logs, and domain registration data.

C metrics makes no representations or warranties regarding the accuracy, availability, or reliability of any third-party data, tools, or services. Changes to, discontinuation of, or errors in third-party services may affect scan results, Report accuracy, or Service availability without notice.

Customer acknowledges and accepts this dependency as an inherent characteristic of the Service.

By using the Service, Customer provides a Target URL and email address. The collection, use, retention, and deletion of this data are governed by our Privacy Policy, which forms part of these Terms.

C metrics retains scan data for 90 days unless earlier deletion is requested by Customer. As described in Section 8, C metrics may disclose Customer data to law enforcement or judicial authorities as required by law or valid legal process.

Customer consents to the processing of submitted data in accordance with the Privacy Policy and these Terms.

Certain Scan Profiles require payment. All applicable fees are displayed at the time of submission and must be paid before the scan is initiated.

Payments are processed by third-party payment processors. C metrics does not store, process, or have access to payment card data. Customer’s use of payment services is subject to the applicable payment processor’s terms of service.

All sales are final. No refunds will be issued for completed scans, regardless of Report contents, perceived accuracy, or Customer satisfaction with results. If a scan fails to complete due to a Service error, C metrics may, at its sole discretion, offer a re-scan or credit.

C metrics reserves the right to modify pricing at any time. Price changes apply to future scans only and do not affect previously completed transactions. Free-tier scans may be modified, rate-limited, or discontinued at C metrics’ sole discretion at any time.

C metrics may refuse, suspend, or terminate Customer’s access to the Service at any time, for any reason or no reason, at its sole discretion, without prior notice or liability.

Upon termination, Customer’s license to use Reports may be revoked. C metrics may revoke access to shareable Report links at any time, with or without cause.

The following sections survive termination of these Terms: Sections 2 (Authorization), 4 (Report Accuracy), 6 (Intellectual Property), 7 (No Resale), 8 (Abuse and Law Enforcement), 9 (Indemnification), 10 (Limitation of Liability), 11 (Disclaimers), and 16 (Governing Law).

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which C metrics is incorporated or primarily operates, without regard to its conflict of law provisions.

Any dispute, claim, or controversy arising from or relating to these Terms or the Service shall first be attempted to be resolved through good-faith negotiation between the parties for a period of at least thirty (30) days. If the dispute cannot be resolved through negotiation, it shall be submitted to binding arbitration in accordance with the rules of a recognized arbitration body in the applicable jurisdiction.

Customer waives any right to participate in a class action lawsuit, class-wide arbitration, or any other representative proceeding against C metrics. The prevailing party in any dispute shall be entitled to recover reasonable attorneys’ fees and costs.

Nothing in this section prevents C metrics from seeking injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property or prevent unauthorized use of the Service.

• Severability: If any provision of these Terms is held to be unenforceable or invalid, the remaining provisions shall remain in full force and effect.
• Entire Agreement: These Terms, together with the Privacy Policy, constitute the entire agreement between Customer and C metrics regarding the Service and supersede all prior agreements, understandings, and communications.
• Waiver: The failure of C metrics to enforce any provision of these Terms shall not constitute a waiver of that provision or the right to enforce it at a later time.
• Assignment: Customer may not assign or transfer these Terms or any rights hereunder without C metrics’ prior written consent. C metrics may assign these Terms freely without restriction.
• Force Majeure: C metrics shall not be liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including but not limited to natural disasters, acts of government, internet outages, or third-party service failures.
• Notices: Communications from C metrics to Customer will be sent to the email address provided at the time of scan submission.
• Headings: Section headings are for convenience and reference only and shall have no legal or contractual effect.

C metrics reserves the right to update or modify these Terms at any time by posting the revised version on this page. The “Last updated” date at the top of this page reflects the most recent revision.

Continued use of the Service after changes are posted constitutes Customer’s acceptance of the revised Terms. Customer is responsible for reviewing these Terms periodically. Material changes will be reflected in the updated date.

Questions about these Terms? Contact us at hello@cmetrics.info.

To report suspected abuse of the Service, contact hello@cmetrics.info.