TrustCheck Legal

Security Testing Terms

Effective date: June 2, 2026. Version: 2026-06-02.

These pages are product policy templates for TrustCheck operations and user consent. They are not legal advice; have qualified counsel review them before production launch.

These Security Testing Terms apply when you run scans, request vetting, perform attack simulations, enable monitoring, upload source code, connect repositories, or authorize TrustCheck to assess any asset.

1. Authorization Requirement

You represent that you own, control, or are authorized to test every asset submitted to TrustCheck, including domains, subdomains, APIs, IP addresses, repositories, applications, cloud resources, social accounts, email domains, and brand identities.

2. Scope

You must define the allowed scope accurately. TrustCheck uses target URLs, asset records, verification status, restrictions, legal consents, signed scope documents, and authorization uploads to determine what can be tested.

3. Safe Testing Standards

Automated scans are intended to be non-destructive. Manual vetting, attack simulation, authenticated testing, social identity review, and deeper checks may require additional authorization, scope confirmation, scheduling, and rate limits.

4. Customer Responsibilities

5. Source Code And Repository Scanning

Only upload or connect source code and repositories you are authorized to scan. Remove secrets or sensitive personal data where possible before uploading. Findings may include snippets, file names, dependency details, and remediation notes.

6. Findings And Remediation

Security findings are provided for risk reduction and prioritization. You remain responsible for validating, remediating, accepting risk, marking false positives, and retesting issues.

7. Emergency Suspension

TrustCheck may pause or stop testing if it detects instability, scope uncertainty, abuse, legal concerns, third-party complaints, or risks to platform safety.