Legal & Privacy

1. Information We Collect

When you use Qryptonic's services, including the QScout security scanning platform, we collect:

• Contact Information: Email address, phone number, and company name provided during scan registration.
• Scan Data: Domain names submitted for scanning, publicly accessible TLS/SSL certificate information, HTTP response headers, DNS records, and scan results.
• Usage Data: Browser type, IP address, pages visited, and interaction patterns collected via analytics.
• Communications: Information you provide when contacting us for support or inquiries.

2. How We Use Your Information

• To deliver scan results and security assessment reports.
• To send you the PDF report and follow-up communications about your scan results.
• To improve our scanning technology and service quality.
• To communicate about product updates, security advisories, and service announcements.
• To comply with legal obligations and protect our legitimate interests.

3. Data Retention

Scan results are retained for 90 days to allow you to access your reports. Contact information is retained for legitimate business purposes and can be deleted upon request. You may request deletion of your data at any time by contacting privacy@qryptonic.com.

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Cloud infrastructure (Microsoft Azure), email delivery, and analytics services that process data on our behalf.
• Legal Requirements: When required by law, regulation, or valid legal process.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict processing of your data.
• Data portability (receive your data in a structured format).

To exercise these rights, contact privacy@qryptonic.com.

6. Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular security assessments. See our Security Statement below for details.

7. International Transfers

Your data may be processed in the United States. We implement appropriate safeguards for international data transfers in compliance with applicable data protection laws.

1. Acceptance of Terms

By using Qryptonic's services, including the QScout security scanning platform, you agree to these Terms of Service. If you do not agree, you should not use the service.

2. Service Description

QScout provides passive security assessments of publicly accessible web infrastructure. The Level 0 (free) scan performs non-intrusive analysis including TLS/SSL inspection, HTTP header analysis, DNS enumeration, and quantum readiness assessment. QScout connects only to publicly accessible endpoints and does not perform penetration testing, exploitation, or any unauthorized access.

3. Authorization Requirement

By submitting a domain for scanning, you represent and warrant that you have authorization to assess the security posture of the submitted domain. Qryptonic is not responsible for scans submitted without proper authorization.

4. Free Scan Limitations

The free Level 0 scan is limited to one scan per email address. Scan results are informational and should not be the sole basis for security decisions. For comprehensive assessments, contact us about Level 1-3 engagements.

5. Accuracy Disclaimer

Scan results reflect the state of publicly accessible endpoints at the time of scanning. Results may vary based on CDN configurations, geographic routing, load balancers, and other infrastructure factors. Qryptonic does not guarantee that all vulnerabilities will be identified or that results will be error-free.

6. Limitation of Liability

Qryptonic provides the service "as is" without warranties of any kind, express or implied. To the maximum extent permitted by law, Qryptonic shall not be liable for any indirect, incidental, consequential, or punitive damages arising from your use of the service.

7. Prohibited Use

You agree not to:

• Submit domains you are not authorized to scan.
• Attempt to circumvent rate limits or scan restrictions.
• Use scan results to harm, attack, or exploit the scanned targets.
• Resell or commercially redistribute scan results without permission.

8. Governing Law

These terms are governed by the laws of the State of Florida, United States. Any disputes will be resolved in the courts of Miami-Dade County, Florida.

9. Changes to Terms

We may update these terms from time to time. Continued use of the service after changes constitutes acceptance of the updated terms.

Infrastructure Security

• All services hosted on Microsoft Azure with enterprise-grade infrastructure.
• Data encrypted in transit using TLS 1.2 or higher.
• Data encrypted at rest using AES-256.
• Regular security assessments and vulnerability scanning of our own infrastructure.

Application Security

• Rate limiting and abuse prevention on all API endpoints.
• Input validation and sanitization on all user inputs.
• SSRF protection to prevent internal network access.
• No storage of credentials or sensitive authentication tokens.

Responsible Disclosure

If you discover a security vulnerability in our services, please report it to security@qryptonic.com. We commit to acknowledging reports within 48 hours and providing status updates as we investigate.