Legal

Acceptable Use Policy

Last updated: April 2026

By using the DevSecOps Platform ("Platform"), you agree to this Acceptable Use Policy. This policy is designed to protect our users, our infrastructure, and third parties from abuse. Violation of this policy may result in immediate account termination and legal action.

Authorization Required for All Scans

This is the most important rule on our platform.

You may only scan targets (web applications, APIs, servers, cloud accounts, or any other systems) that:

  • You own directly, or
  • Your organization owns and operates, or
  • You have explicit written permission from the owner to test.

Scanning systems without authorization is illegal under the Computer Fraud and Abuse Act (CFAA), the Information Technology Act 2000 (India), the Computer Misuse Act (UK), and similar laws in most jurisdictions.

1. Prohibited Uses

You agree NOT to use the Platform to:

Scan systems you do not own or have permission to test
Launch denial-of-service (DoS) attacks
Distribute malware, viruses, or exploits
Conduct unauthorized penetration testing
Violate any applicable law or regulation
Infringe on intellectual property rights
Engage in phishing or social engineering
Circumvent rate limits or usage controls
Reverse engineer the Platform
Share or resell scan results without consent
Harvest data from scanned systems
Use findings to extort or blackmail

2. Platform Responsibility

The DevSecOps Platform provides automated security scanning tools. We:

  • Log all scans with timestamps, targets, and initiating user
  • Cooperate with law enforcement on abuse investigations
  • Reserve the right to block targets that report abuse
  • Do not scan on your behalf — you initiate every scan
  • Are not liable for damages caused by misuse of our tools

3. Scanner IP Whitelisting

To scan your own systems that are protected by a firewall or WAF, you must whitelist our scanner IP addresses. These are published publicly for transparency.

View Scanner IPs

4. Abuse Reporting

If you believe your systems have been scanned without authorization from our platform, please report the incident to us within 48 hours. Include:

  • The target URL or IP that was scanned
  • Date and time of the scan (with timezone)
  • Source IP (should be our scanner IP)
  • Request logs or screenshots if available
  • Your contact information

Contact: abuse@harshal.cloud

We investigate all reports within 24 hours and cooperate with affected parties to identify the responsible user. Confirmed abuse results in immediate account termination and reporting to law enforcement.

5. Enforcement

Violations of this policy may result in:

Warning

First-time minor violations receive a warning and education

Account Suspension

Repeated or serious violations result in immediate suspension

Legal Action

Criminal activity is reported to law enforcement with all logs

6. No Warranty

The Platform is provided "as is" without warranty of any kind. Automated security scanning has inherent limitations and is not a substitute for comprehensive manual penetration testing. We make no guarantees about the accuracy or completeness of scan results. For compliance-critical assessments, supplement automated testing with periodic manual penetration testing by qualified professionals.

7. Changes to this Policy

We may update this policy at any time. Material changes will be communicated via email to organization owners at least 30 days before taking effect. Continued use of the Platform after changes constitutes acceptance of the updated policy.

Questions?

Email legal@harshal.cloud for legal questions, abuse@harshal.cloud for abuse reports, or support@harshal.cloud for general support.