Acceptable Use Policy

Use BreachScope only for assets, accounts, repositories, applications, and networks you own or have explicit permission to test. You are responsible for documenting authorization before running scans, probes, sandbox testing, or integrations.

• Scanning, probing, exploiting, or collecting data from unauthorized systems.
• Credential theft, credential stuffing, phishing, token harvesting, or session abuse.
• Malware, persistence, destructive payloads, data exfiltration, or unauthorized privilege escalation.
• Bypassing rate limits, access controls, provider terms, or platform safeguards.
• Using integrations to spam, harass, impersonate, or send misleading incident notifications.
• Uploading unlawful content, sensitive data you are not authorized to process, or secrets that active testing does not require.

Sandbox features may run active probes inside isolated environments. Use them against disposable test environments or targets that explicitly allow that activity. Secrets are excluded by default; include real secrets only when the test is authorized and the environment is disposable.

You must follow the terms, acceptable use rules, rate limits, and security requirements of every connected provider. BreachScope does not grant permission to use Slack, GitHub, Jira, Linear, PagerDuty, OpenAI, Firecrawl, cloud, or repository services.

Activity that creates security risk, legal risk, service disruption, provider abuse, or harm to third parties may result in throttling, suspension, deletion, or referral to the appropriate contact path.