Skip to main content
Vantyris

Legal

Acceptable Use Policy

Effective 2026-05-23.

This policy is the foundation of how Vantyris operates safely and within the law. By creating an account you agree to these rules. Breaching them is grounds for immediate termination, retention of audit logs for investigation, and (where the law requires) notification to a relevant authority.

1. The core rule

Scan only systems you own or have been explicitly authorised to scan. The UK Computer Misuse Act 1990 (and similar laws elsewhere) criminalises unauthorised access to computer material. The same applies to active scanning of someone else's systems without permission. Vantyris is a tool; the responsibility for who you point it at is yours.

2. The verification gate

We require you to verify ownership of each target domain before any verified standard scan runs against it. The verification methods are:

  • DNS TXT record, add _vantyris.<domain> with the token we provide.
  • File, place a small text file at /.well-known/vantyris-verification.txt on your site.
  • Meta tag, add a <meta name="vantyris-verification" content="…"> tag to the homepage.

Tokens are single-use, time-limited, and target-scoped. You cannot bypass the verification gate. Attempts to do so will be logged and may result in account suspension.

3. Scanning on behalf of a client (agencies, MSPs, consultants)

If you are scanning a target on behalf of a client:

  • You must hold a current, written authorisation from the client (an authorisation letter, a signed scope-of-work, an email confirmation).
  • The client must be the owner or have explicit, lawful authority over the target system.
  • You agree, on request, to provide that authorisation to us within five (5) business days. Failure to produce evidence may result in immediate suspension.
  • We provide a template authorisation letter you can use, email help@vantyris.com if you'd like a copy.

4. What you may not do with Vantyris

  • Scan systems you do not own or have not been authorised to scan.
  • Scan government, critical-infrastructure, or third-party assets without permission.
  • Attempt to circumvent the verification gate, rate limits, or other safety controls.
  • Use Vantyris to launch an attack, exploit a vulnerability, exfiltrate data, or perform any unauthorised action against any system.
  • Reverse-engineer the service to discover internal implementations, except as expressly permitted by law.
  • Resell access to the service without a separate agreement with us.
  • Use the service to violate the law of England and Wales, your own jurisdiction, or the jurisdiction of the target.

5. Safe-scanning controls (what we do)

To keep the service safe, Vantyris:

  • Scans only public-internet targets. Private IP addresses (RFC 1918), link-local addresses, cloud-metadata endpoints (169.254.169.254), and loopback are explicitly blocked.
  • Re-resolves DNS during a scan to detect DNS rebinding and aborts on mismatch.
  • Runs each scan job in an isolated container with an egress allow-list.
  • Never runs exploit frameworks, credential stuffing, brute force, or user-supplied Nuclei templates.
  • Uses signed, pinned Nuclei template bundles only.
  • Applies per-target, per-workspace, and per-IP rate limits to remain polite.

6. Abuse, throttling, and termination

We monitor for abuse signals, anomalous scan patterns, repeated failed verifications, scanning of likely-third-party assets. Suspicious accounts may be throttled, paused, or terminated. Audit logs are retained for the period stated in the Privacy Policy, and we will cooperate with any lawful authority's investigation.

7. Reporting concerns

If you believe Vantyris is being misused, or your domain has been scanned without your authorisation, please contact help@vantyris.com. We investigate every credible report.

8. Contact

help@vantyris.com · Shield Trust Holdings · Governed by the law of England and Wales.