Legal

Terms of Service

The rules that apply when you browse Voretix, scan URLs, search the community dataset or build on the API — including what you may not use the scanner for, and what happens when someone abuses it.

Last updated: July 9, 2026 Applies to voretix.com & api.voretix.com

1. Acceptance of These Terms

These Terms of Service ("Terms") are an agreement between you and Voretix ("Voretix", "we", "us" or "our") and govern your use of voretix.com and api.voretix.com, together with their subdomains and any other websites, APIs and endpoints operated by Voretix (together, the "Service"). By creating an account, submitting a scan, using the API or otherwise using the Service, you accept these Terms and our Privacy Policy. If you do not agree, do not use the Service. If you use the Service on behalf of an organization, you confirm that you are authorized to bind that organization to these Terms, and "you" includes that organization.

2. The Service

Voretix analyzes domains and URLs for malicious threats. When you submit a URL, scanners running on Voretix-operated infrastructure visit it, record technical evidence (page content, screenshots, HTTP responses, redirects, WHOIS, DNS, TLS and detected technologies) and produce a scan report with automated verdicts. Depending on the options you choose, scans can originate from different geographic locations, emulate different platforms, browsers and languages, or route through the Tor network. The Service also includes a searchable community dataset of public scans, hunting tools, monitoring and alerting features, a public API, scan history, comments and reports, documentation and a blog. Features vary by plan and may change over time.

Understand what a scan is: submitting a URL causes real network requests to be sent from our infrastructure to the target you chose, on your instruction. Voretix is an analysis tool operated at your direction — it is not an anonymization service, a load-testing service or an attack platform, and section 7 prohibits every use of it as one.

3. Accounts and Eligibility

  • You must be at least 16 years old to use the Service.
  • Registration information (name, username, email) must be accurate, and you must keep it up to date. Accounts created with false identities to conceal abusive activity may be terminated.
  • You are responsible for everything that happens under your account and API keys — including scans launched by anyone you share credentials with, and by any application or script using your keys. Keep your password and keys secret; notify us immediately at [email protected] if you suspect unauthorized use. Activity under your account is attributed to you until you report the compromise.
  • One person or organization may not hold multiple free accounts to multiply quotas, evade rate limits or evade an enforcement action taken against another account.
  • If your account is terminated for abuse, you may not create a new account without our written permission.

4. Plans, Quotas and Billing

The free plan includes a monthly scan allowance; paid personal and enterprise plans offer higher scan volumes, API rate limits and additional features as described on the pricing page. Monthly allowances reset each billing cycle and unused quota does not roll over. Quotas and rate limits are enforced automatically, and we may adjust plan contents, limits and prices; changes to paid plans take effect at your next billing period.

Payments for paid plans are processed by third-party payment providers — we do not store full card numbers ourselves. Subscriptions renew automatically until cancelled; cancelling stops the next renewal and your plan remains active until the end of the period already paid. Except where required by law, payments are non-refundable for partial periods, and no refund is owed for a suspension or termination caused by your breach of these Terms. Initiating a chargeback instead of contacting us about a billing problem may result in suspension while the dispute is resolved. Taxes may apply. Quotas are a fair-use allowance for your own use — buying a plan does not make otherwise prohibited activity permitted, and reselling raw access to your quota is not allowed.

5. Scan Submissions and Visibility

You keep any rights you hold in the URLs and material you submit. By submitting a scan you grant Voretix a worldwide, non-exclusive, royalty-free license to fetch, store, analyze, reproduce and display the submission and the resulting scan data, and to share it as described in the Privacy Policy — including publishing scans submitted with public visibility as part of the community dataset, where anyone can view and search them.

  • Public scans are visible to everyone and may remain part of the dataset indefinitely; removal is not guaranteed (see section 15).
  • Unlisted scans are viewable by anyone with the direct link.
  • Private scans are visible only to you, subject to your plan.

Do not submit URLs containing credentials, session tokens or other secrets with public visibility — submissions cannot always be fully retracted once published, and third parties may have copied public data before removal. We may re-classify, restrict or remove scans that violate these Terms or the law, and we may preserve removed scans internally as evidence (section 9).

6. Your Responsibility for the Scans You Launch

Every scan is initiated by you. When you submit a URL — through the website or the API — you are instructing our infrastructure to contact that target on your behalf, and you are solely responsible for that instruction and its consequences. Voretix supplies the tooling; the decision about what to scan, when, how often and with what options is yours. In particular:

  • Authorization is your job. Before scanning a system, you are responsible for ensuring that you own it, have the operator's permission to test it, or are examining a publicly reachable page for legitimate defensive security research. If a target's terms, a contract, a court order or the law prohibits you from probing it, do not submit it.
  • Legality is your job. You are responsible for complying with every law that applies to your scanning — including the computer-misuse and anti-hacking laws of your jurisdiction and of the jurisdiction where the target is located, as well as data-protection, export and sanctions rules.
  • The consequences are yours. If your use of the Service harms a third party, breaks a law or breaches a contract you are bound by, that liability is yours, not ours. You will indemnify us for claims arising from your scans as described in section 21.
  • Your account is your signature. Scan records are stored together with the submitting account and the IP address the submission came from (see the Privacy Policy). Treat every submission as an action you have signed.

Voretix acts as an intermediary that executes your scan requests. To the extent permitted by law, we are not responsible for the targets our users choose or for what users do with scan output.

7. Acceptable Use

The Service exists for defensive security research: investigating suspicious links, verifying your own infrastructure, hunting phishing campaigns, enriching threat intelligence. It gives you real scanning infrastructure, and pointed at systems you have no right to test — or used to prepare or conceal an attack — that same capability is a crime in most jurisdictions. The rules below apply to every part of the Service, and to any use of scan data obtained from it.

7.1 No illegal use

  • Do not use the Service to violate any law or regulation, or to help anyone else do so.
  • Do not use the Service in connection with unauthorized access to computers, networks, accounts or data — before, during or after the access.
  • Do not use the Service to plan, facilitate, commit or conceal fraud, theft, extortion, money laundering or any other crime.

7.2 No attacks or disruption of third parties

  • Do not use the Service to attack, overload, degrade or disrupt any website, server, network, service or person — including by submitting rapid or repeated scans of the same target with the intent or effect of burdening it.
  • Do not use the Service as a proxy, relay or anonymization layer to reach a target while hiding your own origin for harmful purposes. Scan options such as geographic locations and Tor routing exist to observe how threats behave for different audiences, not to launder attack traffic.
  • Do not submit URLs crafted so that merely fetching them performs a harmful or state-changing action on the target — for example URLs carrying injection payloads, exploit strings, destructive administrative commands or requests that trigger unwanted side effects on someone else's system.

7.3 No exploitation or offensive preparation

  • Do not use the Service to probe, fingerprint, enumerate or test the vulnerability of systems you are not authorized to test — "the scanner did the request, not me" is not a defense and not accepted here.
  • Do not use scan reports, technology fingerprints, WHOIS/DNS/TLS data or any other output as reconnaissance to select, profile or prepare targets for intrusion, exploitation or fraud.
  • Do not use the Service to test, validate or exercise stolen credentials, session tokens, API keys or leaked data.
  • Do not weaponize anything you find through the Service. Discovering that a third-party site is vulnerable does not entitle you to exploit it; report it responsibly to the owner instead.

7.4 No malware, phishing or detection-evasion testing

  • Do not use the Service to develop, test, debug or quality-check malware, phishing pages, scam kits, exploit delivery chains or any other malicious content — including submitting your own malicious pages to check whether they "pass" our scanners.
  • Do not use verdicts, detections or fingerprints to tune malicious content to evade Voretix or any other security product.
  • Do not use the Service to distribute malware or direct victims to malicious content — for example by sharing report links as lures or intermediaries in an attack chain.

7.5 No surveillance or abuse of people

  • Do not use the Service to stalk, harass, threaten, dox or monitor individuals.
  • Do not use the Service to harvest personal data, credentials or private content from scanned sites for purposes unrelated to security research, or in violation of data-protection law.

7.6 No abuse of the platform itself

  • Do not circumvent or attempt to circumvent quotas, rate limits, the Turnstile bot gate, visibility settings or any other technical control — including with multiple accounts, automation designed to defeat protections, or manipulated requests.
  • Do not probe, scan, penetration-test or attack the Service itself. Good-faith vulnerability research on Voretix is welcome only under the rules of our Vulnerability Disclosure Policy.
  • Do not scrape, bulk-download or resell the Service or the community dataset outside the documented API and your plan's limits.
  • Do not upload or inject anything intended to interfere with the Service, other users' scans or the integrity of the dataset — including deliberately poisoning verdicts, fingerprints or search results.
  • Do not share, sell or transfer your account or API keys to third parties.

7.7 No misrepresentation

  • Do not misrepresent Voretix verdicts, alter scan reports to change their meaning, or present fabricated results as coming from Voretix.
  • Do not use the Voretix name or logo to endorse a product or claim, or to imply a partnership, without permission.
  • Do not impersonate Voretix staff or other users.

If you are unsure whether a planned use is acceptable, ask first: [email protected]. Authorized security testing of your own systems — or of systems whose operator has given you documented permission — is exactly what the Service is for.

8. Prohibited Content

Do not use scan submissions, comments, reports, usernames or any other input to store, publish, index or distribute content that is illegal — including child sexual abuse material, terrorist content or content that infringes third-party rights — or to deliberately introduce such material into the community dataset. The Service captures evidence of malicious sites for research; that never makes it a hosting or distribution channel for the material itself. We remove such content when we become aware of it and report child sexual abuse material and other content we are legally obliged to report to the competent authorities.

9. Abuse Detection, Enforcement and Reporting to Law Enforcement

We take misuse of the Service seriously, because misuse turns a defensive tool into someone else's problem.

  • Monitoring. As described in the Privacy Policy, scan submissions are logged together with the submitting account, IP address, timestamps and chosen options, and API usage is recorded per key. We may (but are not obliged to) review activity — automatically and manually — to detect violations of these Terms.
  • Enforcement. Depending on severity, we may warn you, throttle or rate-limit you, remove or re-classify content, suspend features, or suspend or terminate your account and API keys — with or without prior notice. For serious abuse (attacks, exploitation, fraud, prohibited content) suspension is typically immediate.
  • Evidence preservation. We may preserve scan records, logs, account details and related evidence connected to suspected abuse, including after account deletion, for as long as needed for investigations and legal proceedings.
  • Reporting to the police. If we believe your use of the Service involves criminal activity, we will report it to the police and other competent law-enforcement authorities — together with the associated evidence, such as account information, submitted URLs, originating IP addresses, timestamps and scan data — and we will cooperate with the resulting investigations and with valid legal process. We may do this without notifying you first.
  • Notifying the affected. We may also notify and share relevant evidence with parties positioned to stop or remediate the abuse — such as the owners of attacked systems, hosting providers, domain registrars, CERTs and security-community partners — as described in the Privacy Policy.

Failure to enforce a provision of these Terms in one case is not a waiver of our right to enforce it in another. If you see abuse of the Service, report it to [email protected].

10. Community Content

Comments and reports you post must be lawful, relevant and respectful. You grant us a license to store and display them alongside the scan they concern. We may moderate, edit or remove community content at our discretion, and repeated abuse may lead to suspension. Do not use comments or reports to harass other users, spread misinformation about a site with intent to harm it, advertise unrelated services or post the prohibited content described in section 8.

11. API Terms

API access requires an API key tied to your account. Keys are personal: keep them confidential and use them only from applications you control. You are responsible for all traffic sent with your keys — embed them so end users of your application cannot extract and misuse them, and revoke and rotate any key you believe is exposed. API usage counts against your plan's quota and rate limits, and automated traffic that evades limits, misuses endpoints or degrades the Service for others may be throttled or blocked. Everything in sections 6–9 applies equally to scans launched through the API: an abusive scan is abusive whether it came from the website or from a script. We may change, deprecate or add API endpoints; breaking changes will be announced in the documentation where practical.

12. Scan Results and Verdicts

Verdicts, risk scores and detections are produced by automated and AI-assisted analysis of the evidence collected at scan time. They are provided for security-research purposes as opinions about risk, not statements of fact: a site flagged as malicious may be benign (false positive) and a site reported clean may be harmful (false negative), and a site's behavior can change after it was scanned. Scan results are not legal, professional or compliance advice, and a Voretix scan is not a substitute for a professional security audit or penetration test. Do not rely on scan results as your sole basis for security, business or legal decisions — including decisions to block, take down or publicly accuse a website. If you believe a verdict about your site is wrong, use the report function on the scan page or contact us, and we will review it.

13. Working Safely with the Community Dataset

The community dataset documents threats, which means scan reports can contain links to, screenshots of and content from live malicious websites — phishing pages, malware distribution points and scams. Reports are presented as research evidence, not endorsements. If you follow a link out of a scan report, you do so at your own risk; handle captured artifacts the way a professional handles malware samples, and use dataset content for defensive purposes consistent with section 7. Voretix is not responsible for what third-party sites documented in the dataset do to visitors.

14. Intellectual Property

The Service — including its software, design, branding and documentation — is owned by Voretix or its licensors and protected by intellectual-property laws. We grant you a limited, revocable, non-exclusive, non-transferable right to use the Service according to these Terms and your plan. Scan reports display material from scanned third-party websites (screenshots, page content) for security research; the rights in that material remain with its owners, and displaying it in a report does not grant you a license to reuse it for other purposes.

15. Removal and Takedown Requests

If you operate a website and believe a scan of it should be reviewed — for example because the verdict is wrong, the capture exposes sensitive information, or you have a legal basis for removal — use the report function on the scan page or write to [email protected] with the report URL and the reason. Rights holders may send infringement notices to the same address, and we may terminate the accounts of repeat infringers. We review requests in good faith, but because the dataset serves the public interest in documenting threats, we may decline to remove accurate threat-intelligence records or may preserve them in restricted form instead of deleting them.

16. Third-Party Services and Links

The Service depends on third-party providers (such as AWS and Cloudflare) and links to external websites, including the scanned sites themselves. We are not responsible for third-party services or external sites, and visiting sites flagged as malicious is at your own risk (see section 13).

17. Export Controls and Sanctions

You may not use the Service if you are located in, or are a resident or national of, a country or territory subject to comprehensive sanctions, or if you are listed on an applicable sanctions or denied-parties list. You agree to comply with all export-control and sanctions laws that apply to your use of the Service and of any data obtained from it.

18. Suspension and Termination

You may stop using the Service or request account deletion at any time. We may suspend or terminate your access — with or without notice — if you breach these Terms, create risk or legal exposure for the Service, other users or third parties, or where required by law; for serious violations of section 7 or 8, termination may be immediate and without warning. Upon termination your right to use the Service ends, remaining quota is forfeited without refund (section 4), and API keys stop working. Public scan data already contributed to the community dataset may be retained as described in the Privacy Policy, and evidence of abuse may be preserved and reported as described in section 9. Sections that by their nature should survive termination (including sections 5, 6, 9, 12, 14 and 19–24) survive.

19. Disclaimer of Warranties

The Service is provided "as is" and "as available", without warranties of any kind, express or implied — including fitness for a particular purpose, non-infringement, availability and accuracy of scan results. Security analysis is inherently probabilistic; we do not warrant that the Service will detect every threat or that it will be uninterrupted or error-free.

20. Limitation of Liability

To the maximum extent permitted by law, Voretix will not be liable for indirect, incidental, special, consequential or punitive damages, or for lost profits, data or business, arising from your use of — or inability to use — the Service, including reliance on scan verdicts. Nor are we liable for damage caused by other users' misuse of the Service or by the third-party sites documented in the dataset. Our total liability for all claims in any twelve-month period is limited to the greater of the amount you paid us for the Service in that period or USD 100. Nothing in these Terms excludes liability that cannot be excluded by law.

21. Indemnification

You will indemnify and hold Voretix harmless from claims, damages and expenses (including reasonable legal fees) arising from your submissions, your use of the Service in violation of these Terms, or your violation of any law or third-party right — including claims brought by owners or operators of systems you scanned, tested or targeted without authorization.

22. Changes to the Service or These Terms

We are continuously developing the Service and may add, change or remove features. We may also update these Terms; when we do, we will revise the "Last updated" date above, and for material changes we will provide additional notice (such as an announcement on the site or an email). Continued use of the Service after changes take effect constitutes acceptance of the updated Terms.

23. Governing Law and Disputes

These Terms are governed by the laws of the jurisdiction in which Voretix is established, without regard to conflict-of-law rules, and disputes are subject to the exclusive jurisdiction of the courts of that place — except where the law of your country of residence grants you mandatory consumer protections or a different forum. Before starting formal proceedings, please contact us at [email protected] — most disputes can be resolved informally.

24. Miscellaneous

  • Entire agreement. These Terms — together with the Privacy Policy, the Vulnerability Disclosure Policy (if you engage in security testing of the Service) and any plan-specific terms presented at purchase — are the entire agreement between you and Voretix about the Service.
  • Severability. If a provision of these Terms is found unenforceable, the rest remains in effect, and the provision is enforced to the maximum extent permitted.
  • No waiver. Not enforcing a provision is not a waiver of it.
  • Assignment. You may not assign these Terms without our consent; we may assign them as part of a merger, acquisition or sale of assets.
  • Force majeure. We are not liable for delays or failures caused by events beyond our reasonable control.
  • No agency. These Terms do not create a partnership, agency or employment relationship between you and Voretix.

25. Contact Us

Questions about these Terms — including verdict disputes, takedown requests and abuse reports — can be sent to [email protected]. Security vulnerabilities in the Service itself go to [email protected] under the Vulnerability Disclosure Policy; privacy and data requests go to [email protected].