Acceptable Use Policy

You may only use FixWeb to scan applications, websites, and services that you own, operate, or have express written permission from the owner to test. Owner-depth scans may crawl private or authenticated routes when you provide a short-lived test-account header, so they require verified ownership and authorization.

• the U.S. Computer Fraud and Abuse Act (18 U.S.C. § 1030);
• the U.K. Computer Misuse Act 1990;
• the EU NIS2 Directive (Directive 2022/2555);
• state-level computer-trespass laws;
• and similar laws in other jurisdictions.

You — not EGO HERO LLC — are responsible for confirming you have authority to test every URL you submit. Domain-ownership verification within FixWeb proves only that you control DNS or the response of the target host; it does not establish legal or contractual authority to test (for example, an application you host on a SaaS platform may still be subject to that platform's acceptable-use rules).

Passive scans render public pages like a normal browser and inspect crawlability, search presentation, structured content, media, performance, accessibility, forms, mobile/i18n/PWA basics, and runtime signals. They are permitted against any URL you are authorized to scan, subject to the prohibitions in §3.

Owner-depth scans run only against verified hostnames and may use an owner-provided header to crawl private pages. Use a least-privileged test account, avoid destructive workflows, and remove the header after the scan if you issued it only for FixWeb.

You will not use FixWeb against any of the following, regardless of mode:

• government, military, intelligence, law-enforcement, or critical-infrastructure systems you do not own;
• healthcare, banking, payment-processor, or election systems you do not own;
• systems publishing a /.well-known/security.txt with policies that exclude automated testing;
• systems whose terms of service prohibit automated scanning;
• systems controlled by a person or entity to which you are subject to a non-compete, non-disclosure, or similar restriction inconsistent with testing;
• systems located in any jurisdiction subject to comprehensive U.S. or EU sanctions (currently Cuba, Iran, North Korea, Syria, and the Crimea, DNR, and LNR regions of Ukraine);
• any system you do not have written authorization to test.

You will not, and will not permit any other person to:

• circumvent the domain-verification flow or our rate limits;
• use FixWeb to facilitate unauthorized access, denial of service, data exfiltration, ransomware deployment, or any other criminal act;
• resell, sub-license, or repackage FixWeb's output as your own service without our written consent;
• scrape, mirror, or systematically extract data from FixWeb;
• reverse-engineer, decompile, or attempt to derive the source code of our scanner, except to the extent expressly permitted by mandatory law;
• upload viruses, worms, or other malicious code intended to disrupt FixWeb;
• impersonate any person or entity, or misrepresent your affiliation;
• use FixWeb to harass, defame, or threaten any person.

FixWeb limits crawler requests to a sustained 10 per second per target, with a burst ceiling of 20. We identify ourselves with a FixWebScanner/1.0 (+https://fixweb.app/bot) User-Agent. We honor robots.txt during public discovery. Owner-depth scans are restricted to verified domains and should use safe test-account context.

If you believe FixWeb is being used to scan a system you operate without authorization, contact support@fixweb.app with details (target hostname, approximate time, request signature). We log every scan with the originating user, IP address, target, and timestamps. We cooperate with valid legal process and will respond to verified abuse complaints within five business days.

We may suspend or terminate access without notice for any violation of this policy. Repeat violations result in permanent termination and may be reported to law enforcement. We reserve the right to preserve scan logs, account metadata, and IP information for as long as reasonably necessary to support a response to law-enforcement requests.

FixWeb is operated by EGO HERO LLC. For acceptable-use questions, write to support@fixweb.app.