Legal, Privacy, and Terms

By using Endolum Sentinel ("the Service"), you agree to the following terms.

Authorized Use. The Service is designed to scan IP addresses and networks that you own or are explicitly authorized to test. For the free tier, the Service automatically detects your public IP address from your connection and only scans that address. You confirm that you are the owner or authorized operator of the network behind the detected IP address.

Credential Testing. The scan includes testing detected services for default and weak credentials using common password lists. By initiating a scan, you explicitly authorize this testing. The Service stops at the first successful credential match per service and does not access the service further.

Prohibited Use. You may not use the Service to scan, test, or assess infrastructure that you do not own or are not authorized to test. Attempting to circumvent IP verification, rate limiting, or other technical controls is prohibited. Violation of these terms may result in service termination and referral to law enforcement.

Limitation of Liability. The Service is provided as is, without warranty. Endolum is not liable for any damages arising from the use of the Service, including but not limited to data loss, service interruption, or reliance on scan results. Scan results are informational and do not constitute a professional security audit.

Business Accounts. Business customers operate under a separate service agreement provided upon account activation. Business accounts are activated manually after payment processing.

Data We Collect. When you use the free scan, we collect: your IP address (from the connection), your email address (for report delivery), user agent string, and the scan results. For business accounts, we additionally collect: company name, contact name, and account credentials.

How We Use Data. IP addresses are used solely to perform the requested vulnerability scan and verify residential ISP ownership. Email addresses are used to deliver scan reports. We do not use your data for marketing or share it with third parties.

Data Retention. Free tier scan data (results, IP address) is permanently deleted 24 hours after the scan completes. Email addresses are retained for report delivery only and can be deleted on request. Business tier data is retained for the duration of the subscription. Consent records are retained for legal compliance purposes.

Data Security. All data is encrypted in transit (TLS). Database backups are encrypted. Access to production systems is restricted to authorized personnel.

Your Rights. You may request deletion of your data at any time by contacting sentinel@endolum.io. We will process your request within 30 days.

Cookies We Set. The Service sets one cookie directly:

• access_token — A session cookie used to authenticate business dashboard users. This cookie is set when you log in and cleared when you log out. It is strictly necessary for the authentication system to function.

We also store a cookie_consent entry in your browser's localStorage to record that you have acknowledged this policy. This is not a cookie and contains no personal data.

Third-Party Cookies. The free scan form uses Google reCAPTCHA for abuse prevention. Google may set cookies (including _GRECAPTCHA and others) in your browser to verify that requests are legitimate. These cookies are classified as strictly necessary for service security. Google's use of these cookies is governed by the Google Privacy Policy.

What We Do Not Use. This site does not use analytics cookies, advertising cookies, or tracking pixels of any kind.

Managing Cookies. You can clear cookies at any time through your browser settings. Clearing the access_token cookie will log you out of the business dashboard. Clearing localStorage will reset your cookie consent preference and the banner will appear again on your next visit.

The following activities are prohibited:

• Scanning IP addresses or networks you do not own or are not authorized to test
• Circumventing IP verification or rate limiting controls
• Using VPN, proxy, or tunnel services to mask your origin for the purpose of scanning a different target
• Automated or scripted access to the free tier scan endpoint
• Using scan results to conduct unauthorized access against any system
• Reselling or redistributing scan reports without authorization

Violations will result in immediate service termination. Serious violations may be reported to law enforcement.