These Security Testing Terms apply when you run scans, request vetting, perform attack simulations, enable monitoring, upload source code, connect repositories, or authorize TrustCheck to assess any asset.
1. Authorization Requirement
You represent that you own, control, or are authorized to test every asset submitted to TrustCheck, including domains, subdomains, APIs, IP addresses, repositories, applications, cloud resources, social accounts, email domains, and brand identities.
2. Scope
You must define the allowed scope accurately. TrustCheck uses target URLs, asset records, verification status, restrictions, legal consents, signed scope documents, and authorization uploads to determine what can be tested.
3. Safe Testing Standards
Automated scans are intended to be non-destructive. Manual vetting, attack simulation, authenticated testing, social identity review, and deeper checks may require additional authorization, scope confirmation, scheduling, and rate limits.
4. Customer Responsibilities
- Back up systems and notify internal teams before testing critical assets.
- Exclude fragile, regulated, or third-party systems that should not be tested.
- Provide test accounts, credentials, or tokens only when authorized and necessary.
- Keep emergency points of contact current during active tests.
- Ensure testing does not violate contracts, laws, hosting terms, or third-party policies.
5. Source Code And Repository Scanning
Only upload or connect source code and repositories you are authorized to scan. Remove secrets or sensitive personal data where possible before uploading. Findings may include snippets, file names, dependency details, and remediation notes.
6. Findings And Remediation
Security findings are provided for risk reduction and prioritization. You remain responsible for validating, remediating, accepting risk, marking false positives, and retesting issues.
7. Emergency Suspension
TrustCheck may pause or stop testing if it detects instability, scope uncertainty, abuse, legal concerns, third-party complaints, or risks to platform safety.