Acceptable Use Policy
This Acceptable Use Policy ("AUP") governs how you may use Bug Circuit's website, platform, and security-testing services (the "Services"). It exists to keep our testing lawful and authorized, protect the platform and its users, and set out the rules that everyone who uses Bug Circuit must follow.
Last updated: 6 July 2026
1.Scope and Acceptance
This AUP applies to everyone who accesses or uses Bug Circuit, whether on a free or paid plan. It forms part of, and should be read alongside, our Terms of Service, Privacy Policy, and the Authorization to Test. By creating an account, submitting a domain, purchasing a plan, or otherwise using the Services, you agree to comply with this AUP.
Bug Circuit is a security-testing product. Because our Services actively probe websites for vulnerabilities, misuse can cause real harm to real systems and can be illegal. The rules below are therefore strict and are enforced. If you do not agree to them, do not use the Services.
In this AUP, "you" means the individual and the organization on whose behalf they act; "domain" means an internet domain or the website served from it that you submit for reconnaissance or testing.
4.Prohibited Uses
You must not do any of the following, and must not permit or help anyone else to do them:
Unauthorized and unlawful testing
- Submit, scan, or request testing of any domain you do not own or are not explicitly authorized to test.
- Use Bug Circuit to conduct any activity that is illegal, or that violates the rights of any person or organization or the terms of any third party.
- Use reconnaissance data, scan findings, reports, or any other output from the Services to attack, gain unauthorized access to, disrupt, or otherwise compromise any system, whether or not that system was the subject of your scan.
Attacks on the platform and other users
- Attempt to access accounts, tenants, data, findings, chat transcripts, audit logs, or other information that does not belong to you, or attempt to circumvent tenant isolation or row-level security.
- Probe, scan, or attempt to penetrate, reverse-engineer, or interfere with the Bug Circuit platform or its infrastructure itself (as opposed to the domains you are authorized to test), except through an authorized responsible-disclosure channel.
- Launch or facilitate any denial-of-service or distributed-denial-of-service activity, flood, or volumetric attack against the platform, our providers, or any third party.
- Upload, host, transmit, or link to malware, ransomware, exploits, or other malicious code through the Services, including in scan requests, live chat, or any other input.
- Interfere with, degrade, or disrupt the integrity, performance, or availability of the Services, or the servers and networks connected to them.
Abuse of plans, access, and content
- Circumvent, or attempt to circumvent, plan limits (each plan covers a single domain), domain verification, authorization checks, discount vouchers, payment, rate limits, or any other technical or contractual control.
- Share, sell, transfer, or provide access to your account, or use another person's account; each account is for the authorized user and organization to whom it is issued.
- Resell, sublicense, or commercially exploit the Services, or provide testing to third parties, without our prior written agreement.
- Scrape, crawl, harvest, or use bots or automated means to extract content or data from the Services, or copy, republish, or redistribute reports or other materials except as permitted for your own authorized use.
- Misuse the AI chat assistant, live chat, or support channels — for example by attempting to extract other customers' data, submitting deliberately harmful prompts, or using them for anything other than legitimate product questions and support.
- Provide false, misleading, or fraudulent information, including in domain submissions, ownership proofs, the Authorization to Test, payment, or identity.
5.Your Responsibilities
You are responsible for all activity that occurs under your account and for the accuracy of everything you submit. In particular, you must:
- Keep your login and account access secure, and promptly report any suspected compromise or unauthorized use to [email protected].
- Ensure that every domain you submit is one you are entitled to have tested, and keep that authorization current.
- Use scan findings and reports only for legitimate defensive purposes — remediating and improving the security of the domains you are authorized to test.
- Comply with all applicable laws and with the Terms of Service, Privacy Policy, and Authorization to Test.
6.How Bug Circuit Tests
For transparency: all security testing on Bug Circuit is performed manually by human security engineers. Only the initial reconnaissance — subdomain discovery, technology fingerprinting from a single homepage request, and DNS/email posture checks — is automatic, and that reconnaissance is passive and never attacks the site.
This does not narrow your obligations. Whether an activity is passive reconnaissance or active manual testing, it is directed at a domain at your request, and every rule in this AUP — above all the requirement of ownership or explicit authorization — applies in full.
7.Reporting Violations
If you become aware of any actual or suspected violation of this AUP — including unauthorized testing of a domain, misuse of findings, or a security issue in the platform — please report it promptly to [email protected]. We investigate credible reports and take appropriate action.
If you are the owner of a domain and believe it has been submitted to Bug Circuit without your authorization, contact [email protected] so we can investigate and, where appropriate, suspend the activity.
8.Enforcement and Consequences
We may take any action we consider appropriate in response to an actual or suspected violation of this AUP, at our discretion and without prior notice where the circumstances warrant. Depending on the severity and nature of the violation, this may include:
- Removing, blocking, or refusing to process a domain, scan request, or other content;
- Cancelling in-progress or queued testing and withholding results;
- Suspending or restricting your access to some or all of the Services;
- Terminating your account and any associated plans or security cover;
- Preserving relevant records, including the append-only audit log, for investigation.
Suspension or termination for a violation does not entitle you to a refund and does not limit any other rights or remedies available to us. You remain responsible for any losses, claims, or costs arising from your violation, as further described in the Terms of Service.
9.Changes to This Policy
We may update this AUP from time to time to reflect changes in the Services, our practices, or legal requirements. When we make material changes, we will update the "last updated" date and, where appropriate, provide additional notice. Your continued use of the Services after an update takes effect means you accept the revised AUP.
10.Contact and Company Details
Questions about this AUP or how it applies to you can be sent to the appropriate contact below:
- Security and abuse reports: [email protected]
- Legal matters: [email protected]
- Privacy matters: [email protected]
- General questions and support: [email protected]
The Services are operated by WEB CODE STORE (PVT) LTD, a company registered in Sri Lanka, company registration number PV 00318975. This AUP is governed by the laws of Sri Lanka, without regard to its conflict-of-laws rules.