Acceptable use policy

What you can and cannot scan using NoDowntimeShield.

Acceptable use policy

Last updated: 2026-04-22

This AUP forms part of our Terms of Service. It is an important policy — scanning third-party infrastructure without permission is illegal in most jurisdictions.

You may scan

  • Domains you own (confirmed by DNS TXT record verification on first scan).
  • Domains you control as an employee, contractor, or authorised agent, provided you have internal authorisation.
  • Domains of clients you have explicit written permission to scan — for example, as an MSP with a signed engagement letter.

You may not scan

  • Domains or infrastructure you do not own and are not authorised to test.
  • Government-operated or critical-infrastructure services without explicit authorisation.
  • Any system for which you have been specifically instructed to cease testing.

Scope of permitted scanning

Our default scan profile is external and non-intrusive. It relies on public DNS, publicly-served HTTP/HTTPS content, public certificate transparency logs, and third-party threat-intelligence APIs. We do not perform:

  • Denial-of-service testing, flooding, or volumetric attacks.
  • Credential stuffing, password spraying, or brute-force login attempts.
  • Exploitation of vulnerabilities beyond confirming their presence.
  • Social engineering, phishing, or physical security tests — unless scoped via a separate engagement.

Illegal use

Scanning third-party infrastructure without authorisation may violate:

  • United States — Computer Fraud and Abuse Act (18 U.S.C. § 1030)
  • United Kingdom — Computer Misuse Act 1990
  • European Union — national implementations of the Cybercrime Directive
  • United Arab Emirates — Federal Decree-Law No. 34 of 2021
  • Equivalent legislation in most jurisdictions

You are solely responsible for ensuring you have authorisation for the assets you add. Abuse reports are investigated and may result in account termination and referral to law enforcement.

Reporting abuse

If you believe a NoDowntimeShield account is being used to scan your infrastructure without authorisation, email [email protected] with the domain in question and the dates of the activity. We respond within 24 hours on business days.