Terms of Use — Website Security Scanner

Effective date: 9 April 2026

1. Acceptance of Terms

By using the Wolds Cyber website security scanner ("the Scanner"), you agree to these terms. If you do not agree, do not use the Scanner.

2. Authority to Scan

You warrant and represent that you have lawful authority to scan the domain you submit. You must be the domain owner, an authorised administrator, or hold explicit written permission from the domain owner to conduct security scanning.

You acknowledge that submitting a domain for scanning without proper authorisation may constitute an offence under the Computer Misuse Act 1990. Wolds Cyber Ltd accepts no responsibility for any unauthorised use of the Scanner.

3. Nature of Scans

All scans performed by the Scanner are:

• Non-destructive — no data is modified, deleted, or exploited
• Read-only — the Scanner only retrieves publicly accessible information
• Non-intrusive — no authentication is attempted, no payloads are delivered, no exploitation occurs
• External only — the Scanner checks publicly-facing configuration and does not access internal networks

The Scanner performs checks equivalent to what any web browser or search engine crawler would do: requesting HTTP headers, checking TLS certificates, querying public DNS records, and requesting known file paths.

4. Limitation of Liability

The Scanner is provided "as is" without warranty of any kind, express or implied. Wolds Cyber Ltd:

• Does not guarantee the accuracy, completeness, or reliability of scan results
• Is not liable for any loss, damage, or consequence arising from the use of scan results
• Does not guarantee that all vulnerabilities will be detected
• Is not responsible for actions taken based on scan results

The Scanner is a free informational tool only. It is not a substitute for a professional security audit or penetration test.

5. Acceptable Use

You agree not to:

• Scan domains you do not own or have authority to test
• Attempt to circumvent rate limits or abuse the service
• Use the Scanner for any unlawful purpose
• Automate scans using bots or scripts without prior written consent
• Use scan results to attack, exploit, or cause harm to the scanned domain or its users

6. Restricted Domains

The Scanner will refuse to scan certain categories of domains, including but not limited to: government domains (.gov.uk), military domains (.mil), NHS domains (.nhs.uk), police domains (.police.uk), and major financial institution domains. This restriction exists to prevent any potential misuse or misunderstanding, regardless of authorisation status.

7. Data Processing and Privacy

What we collect and store:

• Hashed IP address — your IP address is hashed with SHA-256 and a salt before storage. We never store your raw IP address.
• Scanned URL — the domain you submitted for scanning
• Scan results — the findings generated by the scan
• Account information (if you create an account) — name, company email, company name, phone number (optional)
• Session cookies — a session identifier stored in your browser for rate limiting purposes (24-hour expiry)

Data retention:

• Anonymous scan data: 90 days
• Account-linked scan data: 1 year
• Shared result links: 7 days

Lawful basis: We process your data on the basis of consent (Article 6(1)(a) GDPR). By using the Scanner, you consent to the processing described above. For account holders, processing is also necessary for the performance of a contract (Article 6(1)(b) GDPR).

Your rights under GDPR:

• Right of access — request a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion of your data
• Right to data portability — receive your data in a structured format
• Right to withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, email [email protected].

Data controller: Wolds Cyber Ltd, Company No. 17143627, registered office: 61 Bridge Street, Kington, HR5 3DJ.

8. Indemnification

You agree to indemnify and hold harmless Wolds Cyber Ltd, its directors, employees, and agents from any claims, damages, or expenses arising from your use of the Scanner, including any claim that you scanned a domain without proper authorisation.

9. Changes to These Terms

We may update these terms at any time. Continued use of the Scanner after changes constitutes acceptance of the updated terms.

10. Governing Law

These terms are governed by and construed in accordance with the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

11. Contact

For questions about these terms or the Scanner, contact us at [email protected].