Terms of Use

Updated: February 26, 2023

XSSeeker LLC ("XSSeeker", "we", "our", "us") is a limited liability corporation located in the United States of America that operates the XSSeeker website at xsseeker.com (https://www.xsseeker.com) and associated websites and applications (collectively our “Services”).

An XSSeeker user ("you", "your", "user", "Services user") is any person who has registered, paid for, reviewed these Terms of Use, and had an account activated for use with our Services.

This XSSeeker Terms of Use (“Terms of Use”, "Agreement") is meant to outline the relationship and responsibilities between us and you. If you don't agree to these Terms of Use do not use our Services.

An XSSeeker third party ("third party", "your customer(s)", "your client(s)") is any organization, business or person with whom you have a contractual agreement for bug bounty services, information security services, penetration testing, consulting services or any other related activity.

An XSSeeker unauthorized third party ("unauthorized third party", "not your customer(s)", "not your client(s)") is any organization, business or person with whom you do not have a contractual agreement to provide bug bounty services, information security services, penetration testing, consulting services or any other related activity.

The XSSeeker Privacy Policy (our “Privacy Policy”) explains how we collect, use, process, and disclose personal information when you use our Services and is viewable at https://www.xsseeker.com/privacy.

Our Data is any information, source code, application programming interface, images, processes, design, intellectual property, functionality or features of our Services.

These Terms of Use are guided by these underlying principles:
1. We will respect your privacy.
2. You will respect the integrity, security, and privacy of our Services and our Data.
3. You have permission to use our Services with your customer(s).

Any future changes to these Terms of Use will be posted on our Services for review.


We will respect your privacy.

Through the normal course of business we will use, view, modify, or delete your Contact Data, Account Data, and Log Data as defined in our Privacy Policy. Examples of this could include creating and managing your XSSeeker subdomains and teams or reviewing access logs.

We will not use, view, modify, or delete your Probe Data. The exceptions to this are as follows:
* When required by law or valid government order.
* When investigating a violation of these Terms of Use.
* To protect the health and safety of our Services and other users of our Services.
* To investigate fraud, security or technical issues with our Services.
* When you direct us to.

If we are permitted to, you will be notified of any examination of your Probe Data.


You will respect the integrity, security, and privacy of our Services and Data.

You agree you will not publicly or privately disclose our Data without our consent.

You are permitted to look for and identify vulnerabilities in our Services using industry standard techniques. You are not permitted to perform invasive or destruction testing including, but not limited to denial of service, intentional account lockouts, lateral movement, SQL injection on database inserts/deletes etc. Do not access the data of any other XSSeeker user anymore than is necessary to validate a vulnerability exists. You are not permitted to publicly disclose any suspected or confirmed vulnerabilities of our Services without our consent.

You are permitted to use your Probe Data in reports you provide to your customers.


You have permission to use our Services with your customer.

You understand that using our Services could have legal ramifications including criminal and civil penalties. We do not accept any criminal or civil liability for how you use our Services.

You must have a contractual agreement with your customer prior to using our Services to test your customer's websites, applications, information systems or services. In short you must have permission from your customer.

You can't use our Services to test the websites, applications, information systems or services of an unauthorized third party. In short you must first obtain permission via a contractual agreement.

You must configure your XSSeeker account so that it is in compliance with the contractual obligations you have with your customer. XSSeeker provides multiple configuration parameters (including client side PGP encryption) to respect a wide array of customer data handling requirements. You can utilize multiple XSSeeker subdomains in order to meet the different privacy requirements of your customer(s).

You agree to retain Probe Data on our Services only as long as necessary to meet your contractual obligations with your customer(s). You agree once Probe Data is removed (e.g. copy/paste, API request, screenshot) from our Services it is your responsibility to handle it in accordance with your contractual obligations with your customer(s).


Violations

We will investigate abuse complaints and violations of this Agreement. This may include examination of your Account Data, Probe Data or Log Data. If permitted you will be notified of any examination of your Probe Data.

Any repeated, egregious, willful or intentional abuse or misuse of our Services by you will result in termination of your XSSeeker account. Your Account Data, Probe Data or Log Data will be retained in accordance with our Privacy Policy. We will refund a pro rated amount of your annual subscription fee.


Limitations

You agree that the jurisdiction for any disputes which arise from your use of our Services will be resolved in the USA state where our offices are located. You also agree that if any of the provisions of this Agreement are found to be invalid, illegal or unenforceable the remaining provisions remain unmodified.

You agree to hold XSSeeker harmless and release us from any liability if you don't use our Services in compliance with the contractual obligations you have with your customer(s).

You agree to hold XSSeeker harmless and release us from any liability if you use our Services in any way with an unauthorized third party.

You agree that our limitation of liability for a breach of this Agreement by us is a refund of a pro rated amount of your annual subscription fee.

You agree that we make no warranties or guarantees on the lifetime, features or availability (uptime) of our Services. In the event our Services become permanently unavailable, we will refund a pro rated amount of your annual subscription fee.

You agree that the limitations in this Agreement are your sole remedy for any breach of this Agreement by us.

You agree that our liability for any damages caused by your use of our Services is limited to your annual subscription fee.