Terms of Service

By using DidIShipThis (“the Service”), you agree to these Terms. If you do not agree, do not use the Service. These Terms apply to both the free passive scan and the paid full pentest.

You must own or have explicit written authorization to scan any URL you submit. Submitting a URL is your declaration that you have the right to run security tests against that target. Scanning a website you do not own or have permission to test is illegal in most jurisdictions (including under the Computer Fraud and Abuse Act in the US, and equivalent laws elsewhere) and is a breach of these Terms.

We reserve the right to terminate your access and report suspected unauthorized scanning to relevant authorities.

DidIShipThis runs automated, read-only security checks against the URL you provide. The free scan performs passive reconnaissance (headers, exposed files, SSL). The paid full scan adds active checks (injection testing, port scanning, credential probing, and more).

All checks are non-destructive. We do not write data to, delete from, or modify any system we scan.

Security scanning is not a guarantee of security. Our results represent a point-in-time automated assessment. We may miss vulnerabilities, and our findings should not be taken as a comprehensive security audit. We strongly recommend engaging a qualified human penetration tester for critical systems.

The full pentest is a one-time payment of $19 USD, processed by Stripe. Payment is non-refundable once the scan has been queued. If the scan fails to complete due to a fault on our side, we will rerun it or issue a refund at our discretion.

Scan results are delivered to the email address you provide. You are responsible for keeping your results confidential. We store scan data for up to 90 days, after which it is deleted.

• Scanning URLs you do not own or have explicit permission to test
• Using scan results to attack, exploit, or disclose vulnerabilities in third-party systems
• Automated or bulk scanning via the API without prior written agreement
• Attempting to circumvent rate limiting or access controls on our platform

The Service is provided “as is” without warranty of any kind. To the maximum extent permitted by law, DidIShipThis shall not be liable for any indirect, incidental, or consequential damages arising from your use of the Service or reliance on scan results.

We may update these Terms from time to time. Continued use of the Service after changes are posted constitutes acceptance of the updated Terms. Material changes will be notified by email if you have an active paid scan.

Questions about these Terms? Email us at hello@didishipthis.com