Terms of Service

Last updated: February 9, 2026

1. Acceptance of Terms

By accessing or using DomainOptic ("the Service"), operated by its sole proprietor ("we," "us," or "our"), you accept and agree to be bound by these Terms of Service ("Terms") and our Privacy Policy. If you do not agree to these Terms, you must immediately stop using the Service.

We may update these Terms at any time by posting the revised version on this page with a new "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated Terms. It is your responsibility to review these Terms periodically.

2. Description of Service

DomainOptic provides website security analysis and domain name tools, including:

Security audits (SSL, DNS, headers, reputation, exposed secrets, ghost API detection)
AI-powered domain name generation
Domain availability checking and WHOIS lookup
DNS health analysis
SSL certificate checking
Domain comparison tools
Security monitoring alerts (for registered users)

The Service is operated from the United States. We make no representation that the Service is appropriate or available for use in any particular jurisdiction outside the United States.

3. Service Tiers and Paid Subscriptions

DomainOptic offers both free and paid tiers. Free features are subject to usage limits that may change at our discretion. We reserve the right to modify, limit, or discontinue any feature or tier at any time.

PAID SUBSCRIPTIONS: Paid plans ("Pro") are available exclusively to users located in the United States with a valid United States billing address. By subscribing to a paid plan, you represent and warrant that you are located in the United States.

BILLING AND RENEWAL: Paid subscriptions are billed in advance on a recurring basis (monthly or annually, depending on your selection). Your subscription will automatically renew at the end of each billing period unless you cancel before the renewal date. You authorize us to charge your payment method on file for all applicable fees.

CANCELLATION: You may cancel your subscription at any time through your account settings. Cancellation takes effect at the end of the current billing period. You will retain access to paid features until the end of the period you have already paid for. No partial refunds are provided for unused time within a billing period.

REFUNDS: All fees are non-refundable except where required by applicable law. If you believe you were charged in error, contact us within 14 days of the charge.

PRICE CHANGES: We may change subscription pricing at any time. Price changes for existing subscribers will take effect at the start of the next billing period following notice of the change. If you do not agree with a price change, you may cancel your subscription before it renews at the new price.

PAYMENT PROCESSING: Payments are processed by Stripe, Inc. By subscribing, you also agree to Stripe's Terms of Service. We do not store your credit card information on our servers.

4. User Accounts

Certain features require you to create an account through our authentication provider, Clerk. By creating an account, you agree to provide accurate information and to keep your account credentials secure. You are responsible for all activity under your account.

ACCOUNT TERMINATION BY US: We may suspend or terminate your account at any time, with or without cause, and with or without notice. Reasons for termination include, but are not limited to: violation of these Terms, abusive use of the Service, fraudulent activity, or non-payment of fees. Upon termination, your right to use the Service ceases immediately. For paid subscribers, if we terminate your account without cause, we will provide a pro-rata refund for any unused prepaid period.

ACCOUNT TERMINATION BY YOU: You may delete your account at any time. Account deletion is permanent and cannot be undone. You must cancel any active subscription before deleting your account. We are not obligated to retain your scan history or any other data after account deletion.

5. Security Scanning Authorization and Methodology

By using our Security Audit, Secret Scanner, or related security analysis tools, you represent and warrant that:

You own the domain being scanned, OR
You have explicit, written authorization from the domain owner to perform security analysis, OR
You are scanning your own organization's assets as part of authorized security testing

ACKNOWLEDGMENT OF APPLICABLE LAW: You acknowledge that unauthorized access to computer systems may violate the Computer Fraud and Abuse Act (18 U.S.C. Section 1030), the Virginia Computer Crimes Act (Section 18.2-152.4), and equivalent laws in other jurisdictions. By initiating any scan through the Service, you affirm that you have the legal authority to do so and you accept all legal responsibility for the scan and its consequences.

DOMAINOPTIC AS TOOL: DomainOptic acts solely as a tool operating at your direction. You are the initiator and principal of any scan you request. DomainOptic does not independently select scan targets or initiate scans on its own behalf. All scanning activity is performed in response to your explicit request, and you bear full responsibility for ensuring you have proper authorization to scan any domain you submit.

PASSIVE SCANNING (Free + Pro): Our core security tools - SSL checker, DNS health, security headers, reputation checker, and secret scanner - perform passive analysis of publicly accessible content only. These tools fetch publicly available resources in the same manner as a standard web browser or search engine crawler.

ACTIVE SCANNING (Pro only - Ghost API Hunter): The Ghost API Hunter checks for exposed configuration files and debug endpoints by sending HTTP requests to common paths (e.g., /.env, /.git/config, /actuator/env). This constitutes active probing and requires: (1) a paid Pro subscription, (2) DNS-based domain ownership verification, and (3) your attestation that you own or are authorized to scan the target domain. Active scans are rate-limited, identify themselves via User-Agent header, and respect server responses (backing off on rate limiting). See our Scanner Information page for technical details.

PASSIVE SCANNING METHODOLOGY: Our passive security tools operate identically to a standard web browser. Specifically, we:

Fetch publicly accessible HTML pages via standard HTTP GET requests
Download publicly served JavaScript files linked from those pages
Read HTTP response headers returned by the target server
Query public DNS records via standard DNS resolution
Connect to the target's public TLS/SSL endpoint to read certificate data
Analyze publicly visible content for patterns matching known secret formats
Identify ourselves with a User-Agent header

ACTIVE SCANNING METHODOLOGY (Ghost API Hunter): With verified domain ownership, we:

Check ~50 well-known paths for exposed files and endpoints via HTTP GET
Scan root domain only (no subdomain enumeration)
Send requests in small batches (3 concurrent) with delays between batches
Back off adaptively when rate-limited (429/503 responses)
Cap total requests at 55 per scan
Identify as "DomainOptic Security Scanner/2.0" with contact URL

WHAT WE DO NOT DO: DomainOptic does not perform penetration testing, exploit vulnerabilities, bypass authentication, access protected or gated areas, brute-force credentials, inject payloads, execute code on target systems, or cause any modification to target systems.

NO GUARANTEE OF SECURITY: A "passing" scan result or high grade does NOT mean your website is secure. Our scans check a limited set of publicly observable signals. A clean scan result does not constitute a professional security certification, penetration test, or compliance audit. Conversely, a finding does not constitute proof of an exploitable vulnerability - it indicates a pattern that warrants human review.

RESPONSIBLE USE OF RESULTS: You agree not to use scan results to harass, extort, publicly shame, or harm the owners or operators of scanned domains. Scan results are for your own informational and remediation purposes only. You agree not to publish, distribute, or disclose another party's scan results without their consent.

OPT-OUT FOR DOMAIN OWNERS: Domain owners who wish to exclude their domain from being scanned may contact us at brenbuilds@protonmail.com. We maintain an exclusion list and will honor removal requests within a reasonable timeframe.

SCAN DATA RETENTION: Scan results saved to your account history are retained until you delete them or delete your account. Temporary scan processing data is automatically deleted within 7 days. API server logs are retained for 30 days. We do not log your IP address in connection with individual scans. We retain only the data reasonably necessary to provide the Service and comply with legal obligations.

COOPERATION WITH LEGAL PROCESS: If we receive a subpoena, court order, or law enforcement request regarding a scan you initiated, we may disclose your identity, account information, and scan records as required or permitted by law. You acknowledge and consent to this disclosure. We may also voluntarily report to law enforcement any scan activity that we reasonably believe constitutes a violation of applicable law.

6. AI-Generated Content

Our AI Domain Name Generator uses third-party artificial intelligence services to suggest domain names. By using this feature, you acknowledge and agree that:

Generated domain names are AI-produced suggestions for inspiration only
We do not guarantee that any suggested name is available for registration
We do not guarantee that any suggested name is free from trademark, service mark, or other intellectual property conflicts
It is solely your responsibility to conduct trademark searches, check domain availability with accredited registrars, and verify that any name you choose to register does not infringe on the rights of others
We are not liable for any damages, claims, or disputes arising from your registration or use of an AI-suggested domain name, including but not limited to trademark infringement claims, domain disputes (UDRP), or loss of registration fees
AI-generated output may be inaccurate, nonsensical, or inappropriate, and we make no representations regarding the quality, suitability, or fitness for any purpose

7. Accuracy of Information and Assumption of Risk

While we strive to provide accurate information, you acknowledge that:

Domain availability shown may differ from actual registrar status at the time of your query
WHOIS data is obtained from public sources and may be outdated, incomplete, or redacted
DNS and SSL information reflects a point-in-time snapshot and may change at any moment
Security audit results and grades are informational only and do not constitute a guarantee of security or a professional security assessment
Scan results may vary between runs due to CDN caching, geographic load balancing, A/B testing, or configuration changes on target sites
Blacklist and reputation data comes from third-party sources whose accuracy we cannot verify or guarantee

YOU ASSUME ALL RISK associated with your use of information provided by the Service, whether on a free or paid plan. Our tools provide informational data only and should not be relied upon as the sole basis for business, security, legal, or purchasing decisions. Always verify information independently and consult qualified professionals for security assessments, legal compliance, and business decisions.

8. No Professional Advice

The Service provides automated informational tools only. Nothing provided through the Service constitutes professional security advice, legal advice, compliance certification, technical consulting, or any other form of professional advice. Security audit scores, DNS health checks, SSL reports, and secret scanner findings are automated heuristic assessments and do not replace professional security audits, penetration tests, or compliance reviews. You should consult qualified professionals before making security, business, or legal decisions based on information from this Service. No information provided by the Service creates a professional-client relationship of any kind between you and DomainOptic.

9. Acceptable Use

You agree not to use the Service to:

Conduct automated bulk queries, scraping, or data harvesting without our prior written permission
Attempt to overwhelm, disrupt, or degrade our servers, infrastructure, or services
Circumvent any rate limiting, authentication, access controls, or security measures
Use the Service for any purpose that is illegal under United States federal or state law
Scan domains you do not own or have authorization to scan
Use scan results to extort, harass, publicly shame, or harm domain owners
Resell, redistribute, or sublicense access to the Service or its output without our written permission
Reverse engineer, decompile, or disassemble any part of the Service
Use the Service to develop a competing product or service
Create multiple free accounts to circumvent usage limits
Provide false information when creating an account or subscribing to a paid plan

Violation of this section may result in immediate account termination without refund.

10. Intellectual Property

The DomainOptic name, logo, website design, software, and all associated intellectual property are the exclusive property of DomainOptic and its operator. You may not use our trademarks, logos, or branding without our prior written consent.

Domain names you search for or generate through the Service are not owned by us. Domain ownership is determined solely by registration with accredited registrars. We claim no ownership over scan results, AI-generated domain suggestions, or any data you provide to or receive from the Service.

11. Third-Party Services

The Service relies on and links to third-party services, including but not limited to: domain registrars, DNS providers, SSL certificate authorities, threat intelligence feeds (Google Safe Browsing, VirusTotal, AbuseIPDB, and others), AI model providers, Clerk (authentication), and Stripe (payment processing).

We are not responsible for the availability, accuracy, content, privacy policies, or practices of these third-party services. Your use of any third-party service is governed by that service's own terms and policies, and is at your own risk. Third-party data sources may be temporarily unavailable, return inaccurate results, or change their terms of access at any time, which may affect the completeness or accuracy of our reports.

12. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, COMPLETENESS, OR RELIABILITY. WE DO NOT WARRANT THAT: (A) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, ERROR-FREE, OR SECURE; (B) THE RESULTS OBTAINED FROM THE SERVICE WILL BE ACCURATE, COMPLETE, OR RELIABLE; (C) ANY ERRORS IN THE SERVICE WILL BE CORRECTED; OR (D) THE SERVICE WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS. THIS DISCLAIMER APPLIES TO BOTH FREE AND PAID TIERS OF THE SERVICE. USE OF THE SERVICE IS AT YOUR OWN RISK. NO INFORMATION OR ADVICE, WHETHER ORAL OR WRITTEN, OBTAINED FROM US OR THROUGH THE SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS.

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, DOMAINOPTIC AND ITS OPERATOR SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO: LOSS OF PROFITS, REVENUE, OR BUSINESS OPPORTUNITIES; LOSS OF DATA OR DATA BREACH COSTS; LOSS OF GOODWILL; COST OF PROCUREMENT OF SUBSTITUTE SERVICES; SECURITY INCIDENTS OR BREACHES THAT OCCUR DESPITE OR BECAUSE OF INFORMATION PROVIDED BY THE SERVICE; OR ANY OTHER INTANGIBLE LOSSES, ARISING FROM OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE), EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

LIABILITY CAP: OUR TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL AMOUNT YOU PAID TO US IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) FIFTY UNITED STATES DOLLARS ($50.00 USD).

ESSENTIAL BASIS: THE LIMITATIONS IN THIS SECTION APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE AND CONSTITUTE AN ESSENTIAL PART OF THE AGREEMENT BETWEEN YOU AND DOMAINOPTIC. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IN SUCH JURISDICTIONS, OUR LIABILITY SHALL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

14. Indemnification

You agree to indemnify, defend, and hold harmless DomainOptic, its operator, affiliates, and their respective officers, directors, employees, agents, and successors from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees and court costs) arising from or related to:

Your use of the Service or any information obtained through the Service
Your violation of these Terms
Your violation of any applicable law, rule, or regulation
Your unauthorized scanning of domains you do not own or have permission to scan, including any claims arising from active scans (Ghost API Hunter) you initiated
Any claim by a domain owner, hosting provider, or third party alleging that a scan you initiated constituted unauthorized access, computer fraud, or trespass
Your registration or use of a domain name suggested by the AI Domain Name Generator, including trademark infringement or domain dispute claims
Your disclosure, publication, or misuse of scan results pertaining to domains owned by third parties
Any content, data, or materials you submit to or through the Service
Any claim by a third party related to actions you took based on information from the Service

15. Data Retention and Deletion

For registered users, we store scan history and account data to provide the Service. Scan results for free-tier users are retained for a limited period. Paid subscribers' data is retained for the duration of their subscription and for a reasonable period thereafter.

You may request deletion of your data by deleting your account or contacting us at brenbuilds@protonmail.com. We will process deletion requests within 30 days, except where we are required by law to retain certain records.

16. Modifications to Service

We reserve the right to modify, suspend, or discontinue any part of the Service (including features, pricing tiers, usage limits, and availability) at any time, with or without notice. We shall not be liable to you or any third party for any modification, price change, suspension, or discontinuance of the Service. If we discontinue a paid feature that is material to your subscription, you may cancel your subscription for a pro-rata refund of any unused prepaid period.

17. Dispute Resolution and Arbitration

INFORMAL RESOLUTION: Before filing any formal dispute, you agree to first contact us at brenbuilds@protonmail.com and attempt to resolve the dispute informally for at least 30 days.

BINDING ARBITRATION: If a dispute cannot be resolved informally, you and DomainOptic agree to resolve it through binding individual arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules. The arbitration shall be conducted in the Commonwealth of Virginia. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

CLASS ACTION WAIVER: TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, YOU AND DOMAINOPTIC EACH AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, REPRESENTATIVE, OR COLLECTIVE ACTION. YOU WAIVE ANY RIGHT TO PARTICIPATE IN A CLASS ACTION AGAINST DOMAINOPTIC.

SMALL CLAIMS EXCEPTION: Either party may bring an individual action in small claims court in the Commonwealth of Virginia if the claim qualifies.

18. Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of the Commonwealth of Virginia, United States, without regard to its conflict of law principles.

For any claims not subject to arbitration, you consent to the exclusive jurisdiction and venue of the state and federal courts located in the Commonwealth of Virginia, and you waive any objections based on inconvenient forum.

19. Export Compliance

The Service is operated from the United States. You agree to comply with all applicable United States export control laws and regulations. You may not access or use the Service if you are located in a country subject to United States sanctions or if you are on any United States government restricted party list.

20. Severability

If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permissible, and the remaining provisions shall remain in full force and effect. The unenforceable provision shall be replaced with an enforceable provision that most closely reflects the intent of the original.

21. Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and DomainOptic regarding your use of the Service and supersede all prior and contemporaneous agreements, proposals, or representations, whether written or oral.

22. Waiver

Our failure to enforce any right or provision of these Terms shall not be considered a waiver of those rights. Any waiver of any provision of these Terms will be effective only if in writing and signed by us.

23. Contact Information

For questions about these Terms of Service, please contact us at: brenbuilds@protonmail.com

By using DomainOptic, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.

Enable JavaScript to view the full interactive page on DomainOptic.