Opzyai
Legal

Acceptable Use Policy

Last updated June 15, 2026Draft — pending legal review

Opzyai is a security-testing tool. The single most important rule of using it is also the simplest: you may only test systems you own or are explicitly, demonstrably authorized to test. This policy is binding and is incorporated into the Terms of Service.

1. Authorization is mandatory

You may submit an asset (a domain, URL, or code repository) to Opzyai only if you own it or have explicit, current, written authorization from its owner to perform security testing. By adding an asset and proving control of it, you represent and warrant that you have that authority. Opzyai verifies control of every asset (DNS record, well-known file, or GitHub App installation) and re-checks it live before every scan — but that technical control is not a substitute for your legal authorization, which remains your responsibility.

2. Prohibited uses

You must not use Opzyai to:

  • test, scan, or probe any system you do not own or are not authorized to test;
  • attempt to circumvent, disable, or defeat the scope guard, ownership verification, or any other safety control;
  • conduct denial-of-service, destructive, or disruptive activity, or attempt to exploit, persist on, or exfiltrate data from any target;
  • use findings to attack, extort, or harm any person or organization;
  • violate any applicable law, regulation, or third-party rights, including computer-misuse, privacy, and data-protection laws;
  • upload malware, or use the service to develop, store, or distribute offensive payloads;
  • resell, sublicense, or provide the service to third parties without our written agreement, or test on behalf of a third party without their authorization;
  • interfere with the integrity or performance of Opzyai, or attempt unauthorized access to other tenants’ data.

3. Non-destructive by design

Opzyai is built for non-destructive, detection-only testing and excludes intrusive and disruptive checks by default. You must not configure, script, or attempt to use the service in a way that makes testing destructive or that targets production systems with intrusive techniques without appropriate authorization and safeguards.

4. Your responsibilities

  • Keep your account credentials secure and your asset authorizations current and accurate.
  • Ensure that testing of your assets is permitted by any applicable hosting, cloud, or third-party terms.
  • Promptly remove any asset you no longer own or are no longer authorized to test.

5. Enforcement

We may suspend or terminate access, remove assets, and preserve records where we reasonably believe this policy has been violated — including via the platform and per-tenant kill switches — with or without notice where the risk is serious. We may report unlawful activity to the relevant authorities. Violations may also be a breach of the Terms of Service.

6. Reporting abuse or vulnerabilities

To report misuse of Opzyai, or a security issue in Opzyai itself, contact us via the details in our security.txt or the contact page.

Acceptable Use Policy · Opzyai