Public-mode rules, privacy handling, and the operating boundaries for Phase 1.

Permitted use

What the tool is meant to support

• Use the tool only for domains you are authorized to review or for passive informational analysis where that use is appropriate.
• The tool is designed for public DNS, HTTPS, TLS, visible headers, indexing signals, and a tightly capped set of same-host public pages.
• Results are informational and limited to the Phase 1 passive-first model. They do not represent exhaustive asset discovery or exploit validation.

Prohibited use

What the tool is deliberately blocked from doing

• No exploit attempts, brute-force discovery, hidden-path enumeration, password spraying, malware simulation, or authenticated interaction.
• No following of third-party domains discovered in page content and no requests to localhost, private IP ranges, or metadata endpoints.
• No attempts to repurpose the tool as a penetration-testing, scanning, or lateral-discovery platform.

Data handling

How the review data is handled in Phase 1

• Only the minimum required request details are collected to run the review, deliver private access, and maintain consent and abuse-control records.
• Private results remain behind opaque tokens plus one-time email verification and are kept noindex, noarchive, nofollow, and out of sitemap discovery.
• Phase 1 uses compact extracted findings rather than storing full raw page bodies wherever that limitation can be maintained safely.

Retention and deletion

Phase 1 defaults to a 30-day retention window unless an administrator changes the retention setting. The plugin supports per-scan deletion and administrative cleanup controls so exposure-review data can be managed conservatively.

Related policies

The tool should be read alongside KMayer’s Privacy Policy, Cookie Policy, and Terms and Conditions. Those pages govern the broader site relationship while this page explains the tool-specific operating rules.