Splorix
Start 3-Day Trial

Authorized Domain Testing Policy

Last updated: May 18, 2026

Splorix is a security platform designed to help users monitor, analyze, and test external attack surfaces, including domains, subdomains, APIs, ports, exposed services, and other internet-facing assets.

1. Authorized Use Only

This Authorized Domain Testing Policy explains the responsibilities of users when adding domains or assets to Splorix and using the platform for security testing, monitoring, scanning, or analysis.

By using Splorix, adding a domain, launching a scan, or using any security testing feature, you agree to this policy and confirm that you have the required authorization to test the assets you add to the platform.

Splorix must only be used on domains, systems, applications, APIs, infrastructure, IP addresses, or other assets that you are authorized to test, scan, monitor, or analyze.

You must not use Splorix to scan, test, monitor, or analyze any domain or system without proper authorization.

  • You own the asset
  • You manage the asset on behalf of your company
  • You have been explicitly authorized by the asset owner
  • You are performing security work for a client who has given you permission
  • You have a valid contract, statement of work, bug bounty scope, or written authorization allowing you to perform security testing

2. User Responsibility

You are solely responsible for every domain, subdomain, API, IP address, service, application, or asset that you add to Splorix.

You are also solely responsible for any scans, tests, monitoring activities, reports, findings, alerts, or actions performed through your Splorix account.

If you are testing assets on behalf of a client, you are responsible for obtaining proper authorization from that client before adding their domains or systems to Splorix.

  • You have the legal right to test the asset
  • Your authorization is valid and up to date
  • Your authorization covers the type of testing performed through Splorix
  • Your use of Splorix complies with all applicable laws, contracts, internal policies, and third-party terms
  • The asset owner understands and accepts the potential risks of security scanning and testing

3. Client Domains and Third-Party Assets

Splorix may be used by security consultants, agencies, managed service providers, freelancers, internal security teams, and other professionals to monitor or test domains belonging to their clients.

If you add a client’s domain or third-party asset to Splorix, you confirm that the testing is authorized and within scope.

Splorix does not verify the ownership or authorization of every domain added to the platform unless we decide to do so for security, abuse prevention, compliance, or legal reasons.

We may request proof of authorization at any time. Failure to provide sufficient proof may result in account suspension or termination.

  • Your client has authorized you to perform security testing or monitoring
  • The domain or asset is within the authorized scope
  • The testing performed through Splorix is permitted under your agreement with the client
  • You are responsible for communicating the nature and potential risks of the testing to your client
  • You will not exceed the scope of your authorization

4. Potential Risks of Security Testing

Security scanning, vulnerability testing, exposure monitoring, and external attack surface analysis may involve risks.

By using Splorix, you acknowledge that security testing may have unintended effects and that you are responsible for evaluating whether the assets you add can safely be tested.

  • Service instability
  • Temporary downtime
  • Rate limiting or blocking by hosting providers
  • Security alerts triggered by firewalls, WAFs, EDRs, SIEMs, or monitoring tools
  • Increased server load
  • False positives or false negatives
  • Unexpected behavior from fragile or misconfigured systems
  • Interruption of third-party services
  • Detection by cloud providers, hosting providers, or security vendors

5. No Responsibility for Unauthorized or Improper Testing

Splorix provides tools for authorized security monitoring and testing. Splorix does not control which domains users add to their accounts, nor does Splorix independently verify every authorization before testing begins.

To the maximum extent permitted by law, Splorix is not responsible for any damage, loss, claim, dispute, penalty, interruption, downtime, data loss, legal consequence, or third-party complaint resulting from unauthorized or improper testing.

Users remain fully responsible for their use of Splorix and for the consequences of any testing, scanning, monitoring, or analysis performed through their account.

  • Domains or assets added without proper authorization
  • Testing performed outside the authorized scope
  • Testing performed on client domains without valid client permission
  • Misuse of the Splorix platform
  • Incorrect, incomplete, expired, or invalid authorization
  • User negligence
  • Failure to inform a client or asset owner about the risks of testing
  • Violation of laws, contracts, terms of service, or internal policies
  • Any action taken by a user based on Splorix reports, findings, alerts, or recommendations

6. Prohibited Use

You must not use Splorix for unauthorized, abusive, or harmful purposes.

Any prohibited use may result in immediate account suspension or termination, without refund, and may be reported to affected parties, service providers, law enforcement, or legal authorities where appropriate.

  • Test domains, systems, or assets without authorization
  • Scan or monitor third-party assets without permission
  • Attack, exploit, disrupt, damage, or compromise any system
  • Access, modify, delete, or exfiltrate data without permission
  • Perform denial-of-service attacks or resource exhaustion
  • Bypass authentication, authorization, rate limits, or security controls
  • Conduct phishing, spam, malware distribution, credential theft, or social engineering
  • Use Splorix for illegal, malicious, abusive, or harmful purposes
  • Misrepresent your identity, role, authorization, or relationship with an asset owner
  • Exceed the scope of a client agreement, bug bounty program, or authorized testing engagement

7. Proof of Authorization

Splorix may request proof that you are authorized to test a domain or asset added to your account.

If you cannot provide sufficient proof of authorization, we may suspend or remove the asset, restrict scanning features, suspend your account, or terminate your access to Splorix.

  • Proof of domain ownership
  • A written authorization from the asset owner
  • A client agreement
  • A statement of work
  • A penetration testing agreement
  • An internal authorization document
  • A bug bounty or vulnerability disclosure scope
  • Any other document showing that you are allowed to test the asset

8. Customer and Client Communication

If you use Splorix to test or monitor domains belonging to your clients, you are responsible for clearly informing them about the nature and impact of the testing.

Splorix is not responsible for disputes between users and their clients regarding authorization, scope, testing impact, or interpretation of results.

  • The type of testing or monitoring being performed
  • The assets included in the testing scope
  • The potential risks of security scanning
  • The expected frequency of scans
  • The possible impact on systems, services, logs, alerts, or infrastructure
  • The fact that Splorix may generate reports, findings, evidence, and remediation recommendations

9. Reports, Findings, and Recommendations

Splorix may generate reports, vulnerability findings, severity levels, technical evidence, remediation guidance, and security recommendations.

These outputs are provided for informational and operational purposes only.

Splorix does not guarantee that all vulnerabilities, exposures, misconfigurations, or risks will be detected.

Splorix is not responsible for false positives, false negatives, missed vulnerabilities, incorrect interpretation of reports, or decisions made based on platform outputs.

  • Reviewing and validating findings
  • Confirming whether a vulnerability is real
  • Prioritizing remediation
  • Communicating findings to clients or internal teams
  • Taking appropriate action based on the results
  • Ensuring that remediation steps are suitable for the affected environment

10. Account Suspension and Enforcement

We reserve the right to suspend or terminate any account that violates this policy, our Terms and Conditions, or applicable law.

In serious cases, we may cooperate with affected parties, hosting providers, infrastructure providers, payment providers, law enforcement, or legal authorities.

  • Unauthorized scanning or monitoring
  • Testing client assets without permission
  • Abuse of the platform
  • Fraudulent or misleading activity
  • Failure to provide proof of authorization
  • Repeated complaints from asset owners or third parties
  • Any use that may harm Splorix, other users, third parties, or the reputation of the service

11. Acceptance of Responsibility

By adding a domain, launching a scan, enabling monitoring, or using any security testing feature in Splorix, you acknowledge and agree that responsibility for authorization and lawful use remains with you.

  • You are authorized to test the assets you add
  • You are solely responsible for your use of Splorix
  • You understand the potential risks of security testing
  • You accept responsibility for any consequences resulting from your scans, tests, monitoring, or actions
  • Splorix is not responsible for unauthorized, improper, negligent, or unlawful testing performed through your account

12. Contact

If you have questions about this Authorized Domain Testing Policy, please contact us at contact@splorix.com.