Security Scanning Policy

Use CodeFrog’s security scanning tools only on systems you own or where you have explicit written authorization from the owner. Unauthorized scanning may violate laws and third‑party terms of service.

• Authorized use only (ownership or written permission)
• Follow your organization’s security testing policy and change‑management rules
• Coordinate to avoid rate‑limits or perceived denial‑of‑service
• Preserve logs and written authorization for audit purposes

Jurisdictional Notes (non‑exhaustive)

• United States: Computer Fraud and Abuse Act (CFAA) and state laws
• United Kingdom: Computer Misuse Act (CMA)
• European Union: local criminal/computer misuse statutes; ePrivacy/telecom rules may apply
• Contract law: website/app terms may prohibit scanning without permission

You are responsible for legal compliance in your jurisdiction(s). This document is not legal advice.

Best Practices

• Obtain and retain written authorization (scope, targets, window, contacts)
• Prefer test/staging where possible; throttle scans on production
• Announce scans to impacted teams; provide contact for abuse complaints
• Respect robots.txt and rate limits where appropriate
• Stop immediately if instructed by the owner or if instability is detected