KMayerHomeServicesContact

Tool use policy

Public passive review boundaries, governed authorized_deep controls, and the operating rules for the product family.

This policy explains what the tool is designed to do, what it refuses to do, how private verification and noindex results are handled, and how read-only connector evidence, trusted exports, vendor ecosystem mapping, passive asset inventory, monitoring, history, and KMayer-assisted remediation stay governed.

Run a reviewHow it worksFAQ

Identity and ownership

Provider identity and output ownership stay explicit so the tool is not mistaken for a separate company or an unrestricted content source.

Provider and tool identity

Governed use
  • KMayer is the provider. KMayer Exposure Lens AI is the tool and service family offered by KMayer for passive external posture review, private verified results, and governed deeper review when eligible.
  • The tool name should not be read as a separate company, a stand-alone managed-service provider, or an identity outside KMayer.

Copyright, IP, and output-use boundary

Internal review
  • © 2026 KMayer. All rights reserved. KMayer owns the tool interface, report layout, scoring logic, summaries, and visual presentation.
  • Private outputs are provided for the requesting recipient's internal review and may not be copied, republished, resold, reverse engineered, or used to create a competing service without written permission from KMayer.

Public mode and safety

The public lane is useful because it stays bounded, passive, and verification-aware.

Public passive review boundaries

Passive only
  • Every anonymous request starts in passive_public and stays limited to public DNS, mail posture, HTTPS, TLS, visible headers, trust files, indexing signals, and a tightly capped set of same-host public pages.
  • The public lane is designed to show what matters first in a passive external posture review. It is not presented as a full security assessment or unrestricted discovery workflow.

No exploit behavior, no brute force, no login attempts, and no intrusive testing

No exploit behaviorNo brute force
  • No exploit attempts, credential spraying, brute-force discovery, authenticated interaction, hidden-path probing, or offensive testing in the public lane.
  • No active internet-wide scanning, no private endpoint guessing, and no following of unrelated third-party estates discovered in page content.

Private verification and access handling

Verified access
  • The verification email is sent first, and no private result delivery occurs until the intended recipient completes the verification click.
  • Private routes use opaque tokens, verification-aware access controls, safe reuse or expiry behavior, and results-ready email delivery only after verification and completion.

Governed deeper evidence

authorized_deep, connector-backed evidence, and trusted export intelligence remain approval-based and non-offensive.

authorized_deep prerequisites

Governed deep review
  • authorized_deep requires verified ownership, active engagement, approved scope, and governed consent for the reviewed domain, account, or evidence source.
  • The deeper lane is not anonymously available and it does not replace the passive boundary that applies to public submissions.

Read-only connector evidence

Read-only evidence
  • Only read-only connector evidence is permitted, and only when the reviewed tenant or domain is approved for that governed workflow.
  • Connector-backed evidence must stay attributable, bounded, and tied back to the reviewed account or domain instead of being used as a broad authenticated scanning path.

Trusted exports, quarantine, review, and approved-for-parse controls

Approved export
  • Trusted exports and customer-provided artifacts are not parsed on arrival. They enter quarantine first and remain blocked until scanner or manual review plus approved-for-parse controls allow structured extraction.
  • Rejected, unapproved, or out-of-scope artifacts do not become active evidence simply because they were uploaded.

Advanced capability boundaries

Advanced output stays evidence-backed and governed instead of turning into unlimited discovery or public leakage.

Vendor ecosystem and passive asset inventory boundaries

Passive only
  • Vendor ecosystem mapping and passive asset inventory remain evidence-backed. They use public evidence first and may later include approved connector or export confirmations only when the workflow is eligible.
  • These capabilities do not authorize intrusive subdomain brute forcing, internet-wide active probing, or silent conflict collapse when evidence disagrees.

Monitoring, history, and noindex private results behavior

Verified accessPrivate noindex
  • Monitoring and history apply only where that continuity is enabled. The system may retain diffs, alerts, audit trails, suppression context, and change explanations so recurring behavior stays explainable instead of noisy.
  • Public informational pages may be indexed, but private results stay noindex, noarchive, nofollow, and out of sitemap discovery for the verified recipient journey.

Assisted remediation and deeper review boundaries

Governed deep review
  • The product is designed to show what matters, why it matters, and what to fix first. It is not packaged as a full self-serve remediation playbook for every environment.
  • KMayer can help validate findings, review authorized_deep eligibility, interpret approved evidence sources, and move the work into assisted remediation planning when the engagement supports it.

What authorized_deep changes for decision quality

Governed deep review
  • It can improve provenance, ownership confidence, provider alignment, and the quality of remediation sequencing when the engagement is eligible.
  • It does not mean anonymous public scans automatically gain private connector, export, or monitoring context.

What remains intentionally governed

Governed use
  • Private results are decision-ready on purpose, but raw connector internals, unrestricted artifacts, and environment-specific workbooks are not exposed as an open blueprint.
  • KMayer-assisted remediation is the path for deeper control validation, sequencing, and change planning when the engagement supports it.

Confidentiality and reliance

Private delivery, completeness limits, and reliance boundaries stay clear before the tool is promoted more broadly.

Confidentiality and private result URLs

Verified accessPrivate noindex
  • Private results are gated, non-indexed, and intended for the verified recipient. Do not forward private result URLs to unauthorized parties.
  • KMayer may use submitted details and governed evidence sources to deliver the review, provide follow-up support, and maintain quality, audit, and security controls around the workflow.

No guarantee of completeness

Governed use
  • The tool provides an evidence-backed external posture review, not a guarantee that every issue, dependency, exposure path, or control failure has been discovered.
  • Availability, scope, freshness, and confidence can vary based on public evidence quality, approved access, third-party permissions, and the governed workflow that applies to the review.

Not legal, compliance, penetration-test, or incident-response advice

Governed use
  • The output is informational and prioritization-oriented. It is not a legal opinion, a formal compliance attestation, a penetration-testing service, or incident-response advice.
  • If you need environment-specific legal review, full compliance interpretation, offensive testing, or incident response, KMayer can help route the work appropriately instead of implying this tool replaces those services.

User responsibility and acceptable use

Internal review

Use the tool only for domains and evidence sources you own, administer, or are authorized to assess, or for legitimate passive informational analysis where that use is appropriate. Do not use it for harassment, competitor surveillance, phishing, impersonation, unlawful monitoring, unauthorized investigation, or any attempt to bypass the governed authorized_deep controls.

Related policies

Governed use

The tool should be read alongside KMayer’s Privacy Policy, Cookie Policy, and Terms and Conditions. Those pages govern the broader site relationship while this page explains the tool-specific operating rules.

Third-party and visual governance

Connector, dependency, and future visual-asset use stay governed so the product is not misrepresented.

Third-party services and dependencies

Governed use
  • Connector outputs are read-only and remain subject to the permissions, terms, availability, rate limits, and current configuration of the third-party services involved.
  • KMayer does not promise uninterrupted access to every external API, platform, or provider surface, and evidence depth can change when those dependencies change.

Generated or assisted visual assets

Governed use
  • Any future generated visual asset requires KMayer approval before deployment and must not imply false certifications, fake customers, fake screenshots, or unsupported metrics.
  • Illustrative visuals must stay consistent with the KMayer brand and should be documented with source, prompt, date, and approval state where practical.

Contact and escalation path

Governed use
  • Use the Contact Us page or [email protected] when you need clarification on scope, confidentiality, acceptable use, or a KMayer-led follow-up.
  • If the intended use, submitted evidence, or engagement boundary is unclear, pause and confirm with KMayer before relying on the tool outside its stated operating rules.

Safe-use reading

Read these resources alongside the tool policy when clarifying passive review boundaries.

The policy remains the operating source of truth. These guides add business-readable context for passive exposure and trust signals.

Safe-use readingPassive External Exposure ReviewUnderstand what passive public-signal review can show and what it cannot claim.Safe-use readingEmail and Web Trust SignalsReview SPF, DKIM, DMARC, TLS, HTTPS, headers, and visible trust-signal basics.

Contact Us

Get In Touch With KMayer

Have questions or need expert IT support? We’re here to help! Whether you’re looking for managed services, cybersecurity solutions, or cloud infrastructure, our team of professionals is ready to assist. Let’s work together to elevate your business with customized IT solutions.

Contact Us Today

KMayer Ltd | European Trade Centre, 7th Kilometer Business District, 1784 Sofia, Bulgaria | +31 10 8998556

© 2026 KMayer Technology Solution. All rights reserved.

Clutch Icon
Recognized for Excellence: 5-Star Rated on Clutch.co
Call Icon
Toll-Free Number Netherlands : + 31 10 8998556
Email Icon
EN
KMayer - IT Service Provider
Privacy Policy

Our website is committed to protecting your privacy. We collect and process data to enhance your experience, such as recognizing you when you return and understanding how you interact with our content. Your information is used responsibly to ensure that our services remain valuable, secure, and tailored to your needs. For a detailed explanation of how we handle and protect your data, please refer to our Privacy Policy