legal

Terms of Service

Last updated: December 28, 2025

1. Acceptance of Terms

By accessing or using Website Defender ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use the Service.

2. Description of Service

Website Defender is a passive security scanning service that analyzes websites for vulnerabilities, misconfigurations, and security issues. The Service includes:

  • Free one-time website security scans
  • Paid subscription plans with ongoing monitoring
  • Security reports and recommendations
  • AI-generated remediation suggestions
  • Email alerts for new findings

Subscription Tiers

We offer the following paid subscription plans:

  • Essential Plan: 1 domain, weekly automated security scans, AI-generated remediation suggestions, and email alerts for new findings.
  • Pro Plan: Up to 3 domains (expandable with add-ons), daily automated security scans, 10 manual scans per month, AI-generated remediation suggestions, email alerts for new findings, and downloadable PDF security reports.
  • Agency Plan: Up to 20 domains (expandable with add-ons), daily automated security scans, 50 manual scans per month, AI-generated remediation suggestions, email alerts for new findings, downloadable PDF security reports, and team collaboration with up to 3 seats.

AI-Generated Content

Remediation suggestions and scan summaries are generated using third-party artificial intelligence services (currently Anthropic via OpenRouter). AI-generated content is provided for informational purposes only and should be reviewed by qualified professionals before implementation. We do not guarantee the accuracy, completeness, or suitability of AI-generated recommendations for your specific situation.

Scanning Behaviour

Free Scans

Free scans perform passive, non-invasive checks using HTTP GET, HEAD, and POST requests. We do not:

  • Submit forms or credentials to your website
  • Modify, delete, or write any data to your website
  • Perform exploitation, fuzzing, or brute-force attacks
  • Bypass authentication or access controls

Verified Domain Scanning

For verified domains on paid plans, we perform comprehensive security scanning that includes:

  • All checks included in free scans
  • Known CVE detection through version fingerprinting
  • Exposed panel and admin interface detection
  • Security misconfiguration detection
  • Exposed configuration and backup file detection
  • Subdomain takeover vulnerability detection

Domain verification serves as consent for comprehensive security scanning. By verifying a domain, you confirm you own or have permission to scan the website and accept that these scans may trigger security alerts in your WAF or server logs.

All scans are rate-limited to minimise impact on your website's performance. We never delete, modify, or write data to your website.

Outreach Scans

We may perform non-invasive external scans on publicly accessible websites for outreach and lead generation purposes. These scans:

  • Use the same passive, non-invasive techniques described above (GET, HEAD, and POST requests)
  • Are no different from checks performed by search engines or security researchers
  • Do not require prior permission as they only access publicly available information
  • May result in a security report being shared via email

If you receive an outreach email and do not wish to be contacted again, you can unsubscribe using the link in the email. We will not scan your domain for outreach purposes again.

3. Account Registration

To access certain features, you must create an account. You agree to:

  • Provide accurate and complete registration information
  • Maintain the security of your account credentials
  • Notify us immediately of any unauthorized access
  • Accept responsibility for all activities under your account

4. Acceptable Use

You agree to use the Service only for lawful purposes. You must:

  • Only scan domains you own or have explicit permission to scan.This applies to scans you initiate through your account. Unauthorized scanning of third-party websites may violate laws and these Terms.
  • Not attempt to circumvent rate limits or usage restrictions
  • Not use the Service to harass, abuse, or harm others
  • Not reverse engineer or attempt to extract source code
  • Not resell or redistribute the Service without authorization

5. Domain Verification

Initial Verification

For paid subscription plans, you must verify ownership of domains you wish to monitor before scanning begins. Verification methods include:

  • DNS TXT record
  • HTML file upload to your website
  • HTML meta tag on your homepage

We reserve the right to suspend scanning if ownership cannot be verified.

Re-verification

To ensure continued domain ownership, we require re-verification every 180 days (approximately 6 months). You will receive an email reminder 14 days before re-verification is due. If re-verification is not completed, security scans will be paused until ownership is confirmed. A new verification token will be generated for each re-verification cycle.

6. Free Scans

Free scans are provided subject to the following conditions:

  • Limited to 5 scans per IP address per hour
  • Limited to 5 scans per email address per day
  • Limited to 1 scan per domain per day
  • Results are stored for 48 hours only, then permanently deleted
  • Reduced scan depth compared to paid plans (no sensitive file detection)
  • No AI-generated remediation for individual findings
  • We may modify or discontinue free scans at any time without notice

7. Subscription and Billing

Plans and Pricing

Paid plans are billed monthly or annually. Current pricing is displayed on our website and may be updated with 30 days notice to existing subscribers.

Free Trial

New users receive a 14-day free trial with Essential plan features. During the trial, you may add one domain and receive weekly automated scans. No payment information is required to start your trial. If you do not subscribe before your trial ends, your scans will be paused but your data will be retained for 90 days.

Domain Limits

  • Essential Plan: 1 domain
  • Pro Plan: 3 domains included, with option to add more
  • Agency Plan: 20 domains included, with option to add more

Essential users must upgrade to Pro or Agency for additional domains. Pro and Agency users can purchase domain add-ons for additional capacity.

Manual Scans

In addition to automated scheduled scans, Pro and Agency users may trigger manual scans subject to the following monthly limits:

  • Essential Plan: No manual scans (automated weekly scans only)
  • Pro Plan: 10 manual scans per month
  • Agency Plan: 50 manual scans per month

Manual scan quotas reset on your billing cycle date each month.

Payment

Payment is processed by Stripe. By subscribing, you authorize us to charge your payment method on a recurring basis. You are responsible for keeping payment information current.

Payment Failures

If we cannot process your payment:

  • We will attempt to charge your payment method again
  • You will receive an email notification of the failure
  • A 7-day grace period begins, during which your scans will continue
  • After 7 days without successful payment, your scans will be paused
  • Your data is retained for 90 days after your subscription lapses

Cancellation

You may cancel your subscription at any time through your account settings or the Stripe billing portal. Cancellation takes effect at the end of the current billing period. No prorated refunds are provided for unused time.

Refunds

If you are dissatisfied within the first 14 days of a paid subscription, contact us for a full refund. After 14 days, refunds are provided at our discretion.

Data Retention After Cancellation

After your subscription ends (through cancellation or expiry), your domains and scan history are retained in read-only mode for 90 days. After 90 days, your data will be permanently deleted. You will receive a warning email 30 days before deletion.

8. Security and Bot Protection

We use Google reCAPTCHA v3 to protect our Service from automated abuse and fraudulent activity. By using Website Defender, you agree to Google's Terms of Service and Privacy Policy.

For your security, your account may be temporarily locked after 10 failed login attempts within 15 minutes. Account lockouts automatically expire after 15 minutes, or you may reset your password to regain access immediately.

9. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted service. The Service may be temporarily unavailable due to:

  • Scheduled maintenance (with advance notice when possible)
  • Emergency repairs or security updates
  • Factors beyond our control (e.g., internet outages)

10. Intellectual Property

The Service, including its code, design, features, and documentation, is owned by Website Defender and protected by intellectual property laws. You may not:

  • Copy, modify, or create derivative works
  • Reverse engineer or decompile the Service
  • Remove or alter proprietary notices
  • Use our trademarks without permission

11. Disclaimers

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED.

We specifically disclaim:

  • No guarantee of security: Our scans identify known vulnerabilities but cannot guarantee your website is secure. New vulnerabilities may exist that our scans do not detect.
  • No guarantee of accuracy: While we strive for accuracy, scan results may contain false positives or miss certain issues.
  • Scanning limitations: Even comprehensive scans cannot detect all vulnerability types. We do not perform exploitation, authenticated testing, or manual penetration testing.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WEBSITE DEFENDER SHALL NOT BE LIABLE FOR:

  • Any indirect, incidental, special, or consequential damages
  • Loss of profits, data, or business opportunities
  • Security breaches or attacks on your website
  • Actions taken based on scan results

Our total liability shall not exceed the amount you paid us in the 12 months preceding the claim.

13. Indemnification

You agree to indemnify and hold harmless Website Defender from any claims, damages, or expenses arising from:

  • Your use of the Service
  • Your violation of these Terms
  • Scanning websites without authorization
  • Your website's security vulnerabilities

14. Termination

We may suspend or terminate your account if you:

  • Violate these Terms of Service
  • Engage in fraudulent or illegal activity
  • Abuse the Service or other users
  • Fail to pay subscription fees

Upon termination, your right to use the Service ceases immediately. We may retain your data as required by law.

15. Governing Law

These Terms are governed by the laws of England and Wales. Any disputes shall be resolved in the courts of England and Wales.

16. Changes to Terms

We may modify these Terms at any time. Material changes will be communicated via email or website notice at least 30 days before taking effect. Continued use after changes constitutes acceptance.

17. Severability

If any provision of these Terms is found unenforceable, the remaining provisions remain in full effect.

18. Contact

For questions about these Terms, contact us: