Acceptable Use Policy

You may only use FixVibe to scan applications and services that you own, operate, or have express written permission from the owner to test. Running active security testing against a system you do not own may violate:

• the U.S. Computer Fraud and Abuse Act (18 U.S.C. § 1030);
• the U.K. Computer Misuse Act 1990;
• the EU NIS2 Directive (Directive 2022/2555);
• state-level computer-trespass laws;
• and similar laws in other jurisdictions.

You — not EGO HERO LLC — are responsible for confirming you have authority to test every URL you submit. Domain-ownership verification within FixVibe proves only that you control DNS or the response of the target host; it does not establish legal or contractual authority to test (for example, an application you host on a SaaS platform may still be subject to that platform's acceptable-use rules).

Passive scans (HTTP header analysis, public JS bundle inspection, public BaaS configuration probing, DNS enumeration) make only the requests a normal browser would make. They are permitted against any URL you submit, subject to the prohibitions in §3.

Active scans require completion of our domain-ownership verification flow (DNS TXT record, HTTP file at /.well-known/fixvibe-verify.txt, or matching email domain). Active scans must additionally be authorized by you at the moment of submission via the in-app attestation. Submitting an active scan without proper authority is a material breach of these terms.

You will not use FixVibe against any of the following, regardless of mode:

• government, military, intelligence, law-enforcement, or critical-infrastructure systems you do not own;
• healthcare, banking, payment-processor, or election systems you do not own;
• systems publishing a /.well-known/security.txt with policies that exclude automated testing;
• systems whose terms of service prohibit security testing;
• systems controlled by a person or entity to which you are subject to a non-compete, non-disclosure, or similar restriction inconsistent with testing;
• systems located in any jurisdiction subject to comprehensive U.S. or EU sanctions (currently Cuba, Iran, North Korea, Syria, and the Crimea, DNR, and LNR regions of Ukraine);
• any system you do not have written authorization to test.

You will not, and will not permit any other person to:

• circumvent the domain-verification flow or our rate limits;
• use FixVibe to facilitate unauthorized access, denial of service, data exfiltration, ransomware deployment, or any other criminal act;
• resell, sub-license, or repackage FixVibe's output as your own service without our written consent;
• scrape, mirror, or systematically extract data from FixVibe;
• reverse-engineer, decompile, or attempt to derive the source code of our scanner, except to the extent expressly permitted by mandatory law;
• upload viruses, worms, or other malicious code intended to disrupt FixVibe;
• impersonate any person or entity, or misrepresent your affiliation;
• use FixVibe to harass, defame, or threaten any person.

FixVibe limits requests to a sustained 10 per second per target, with a burst ceiling of 20. We identify ourselves with a FixVibeScanner/1.0 (+https://fixvibe.app/bot) User-Agent. We honor robots.txt during the discovery phase but not during active testing of a verified domain (robots.txt is an SEO directive, not a security boundary).

If you believe FixVibe is being used to scan a system you operate without authorization, contact support@fixvibe.app with details (target hostname, approximate time, request signature). We log every scan with the originating user, IP address, target, and timestamps. We cooperate with valid legal process and will respond to verified abuse complaints within five business days.

We may suspend or terminate access without notice for any violation of this policy. Repeat violations result in permanent termination and may be reported to law enforcement. We reserve the right to preserve scan logs, account metadata, and IP information for as long as reasonably necessary to support a response to law-enforcement requests.

FixVibe is operated by EGO HERO LLC. For acceptable-use questions, write to support@fixvibe.app.