Security & Privacy
How we protect your data and ensure responsible security research.
Our Commitment
Minimal Data Collection
We only collect what we need
No Account Required
Scan without signing up
Auto-Delete Logs
All data expires automatically
Data We Collect
1
Scan Targets
The IP addresses or domains you submit for scanning. Cached for 24 hours to reduce redundant scans. After 24 hours, scan data is automatically deleted.
2
Your IP Address
Used for rate limiting to prevent abuse. Associated data (scan history, terms acceptance) expires after 7-30 days. We do not sell or share IP addresses.
3
Newsletter Email (Optional)
Only if you subscribe. You can unsubscribe anytime.
What We Don't Collect
No user accounts or passwords
No payment information
No personal identifying information
No browser fingerprinting
No third-party tracking cookies
No advertising data
No social media profiles
No location beyond IP geolocation
Security Measures
Abuse Prevention
- • Rate limiting and abuse detection
- • Terms of Service acceptance required
Data Protection
- • All connections encrypted with TLS
- • Temporary caching with automatic expiration
- • Server-side validation for all inputs
Infrastructure
- • SOC 2 Type II compliant hosting
- • Encrypted at rest
- • No database of vulnerable hosts maintained
Preventing Misuse
We've designed HackMyAgent to help security teams identify vulnerabilities in systems they own, not to enable malicious scanning. Here's how we prevent abuse:
- 1.Rate Limits: Scanning is rate-limited to prevent abuse.
- 2.No Bulk API: There's no API for bulk scanning. Each scan requires human interaction through the web interface.
- 3.Abuse Detection: Suspicious scanning patterns are automatically detected and blocked.
- 4.Terms Enforcement: Server-side verification of terms acceptance before any scan.
- 5.No Vulnerability Database: We don't maintain a database of vulnerable hosts. Scan results are temporary and auto-deleted.
Data Retention
| Data Type | Retention Period | Purpose |
|---|---|---|
| Scan results | 24 hours | Cache to reduce redundant scans |
| IP scan history | 7 days | Rate limiting and abuse prevention |
| Terms acceptance | 30 days | Avoid re-prompting on every visit |
| Audit logs | 30 days | Security monitoring |
| Newsletter emails | Until unsubscribe | Email updates |
Questions or Concerns?
We take security and privacy seriously. If you have questions about our practices or want to report a security issue, please contact us.