SentriKat Public Scanner — Terms of Service
Last updated: 13 May 2026
These Terms govern your use of the free public-scanner tool available at
sentrikat.com/scan (the "Scanner")
operated by Denis Sota ("SentriKat"), registered in Switzerland.
By submitting a domain to the Scanner you agree to these Terms in full.
If you do not agree, do not use the Scanner.
1. What the Scanner does
The Scanner performs a non-intrusive assessment of a public domain. It collects only publicly-available data, namely:
- HTTP security headers returned by your origin server (HEAD/GET on the root URL).
- TLS configuration (handshake metadata: supported protocol versions, cipher suites, certificate validity and chain).
- DNS records (SPF, DMARC, CAA, MX, TXT at the apex and at
_dmarc). - TCP-connect reachability of a fixed set of standard ports (80, 443, 21, 22, 25, 3306, 5432, 6379, 27017).
- Presence of
/robots.txtand/.well-known/security.txt.
The Scanner does not:
- Attempt to bypass authentication, authorisation, or rate limits.
- Send fuzzing payloads, SQL injection, XSS, or any exploit attempts.
- Brute-force credentials, paths, subdomains, or virtual hosts.
- Retain or republish the content of pages on your site.
- Run client-side scripts on the target.
- Scan IP literals or hosts that resolve to private, loopback, link-local, or cloud-metadata addresses.
2. Authorisation requirement
By submitting a domain you declare and warrant that you are the owner of that domain, or that you have explicit, current authorisation from the owner to perform the security assessment described in section 1. You acknowledge that misrepresenting authorisation may expose you to civil and criminal liability in your jurisdiction; SentriKat will not indemnify you for such liability.
Switzerland: Article 143bis of the Swiss Criminal Code criminalises unauthorised access to specifically-protected data processing systems. The techniques used by the Scanner (DNS, public HTTP headers, TCP connect on published ports, TLS handshake) target only unprotected, publicly-exposed services and, under current Swiss doctrine, do not by themselves constitute a criminal offence. They may nonetheless violate the laws of other jurisdictions or the contractual terms of your hosting provider — that is your responsibility, not ours.
3. No warranty, no audit
Results are provided "as is", for informational purposes only. The score and findings are produced by automated heuristics. They are not a formal security audit, penetration test, or compliance attestation; the absence of a finding does not imply the absence of a vulnerability, and the presence of a finding does not imply that an attacker can exploit it. SentriKat disclaims all warranties, express or implied, including fitness for a particular purpose and non-infringement.
4. Compliance mappings
Mappings to NIS2, ISO/IEC 27001, PCI-DSS, GDPR / FADP, or OWASP Top 10 in the PDF report are illustrative. They are based on plain-language readings of clauses commonly cited in those frameworks; they do not constitute legal or audit advice and they require human review by a qualified professional before any compliance decision.
5. Rate limits and abuse prevention
The Scanner is rate-limited to 3 scans per hour per IP address and results are cached for 24 hours per domain. We may further block IPs or domains we observe abusing the service (for example, attempting to scan third parties without authorisation, sending automated traffic, or targeting private networks). We log your IP address, user agent, the submitted domain, and the timestamp of each scan attempt for up to 90 days for abuse response.
6. Email and data we collect
You may optionally provide an email address to receive the PDF report. If you do, we store: the email, the scan it relates to, and the consents you gave (TOS acceptance, authorisation declaration, and newsletter opt-in if any). Subscription to the SentriKat newsletter is governed by a separate double opt-in flow and you can unsubscribe at any time via the link in any newsletter email. See our Privacy Notice for details on legal basis, retention, your rights under the Swiss Federal Act on Data Protection (FADP) and the EU GDPR, and how to contact our data-protection officer.
7. Acceptable use
You agree not to:
- Use the Scanner against a domain you do not own or are not authorised to test.
- Use the Scanner to harass, defame, or intimidate any third party.
- Use the Scanner output to make defamatory public claims about the security of a third party.
- Resell, repackage, or commercially redistribute the Scanner or its output without our prior written agreement.
- Interfere with the Scanner (denial-of-service, automated scraping of its endpoints, attempting to bypass rate limits).
8. Indemnification
You agree to indemnify, defend, and hold harmless SentriKat, Denis Sota, and our service providers from and against any claim, loss, liability, damage, cost, or expense (including reasonable legal fees) arising from (i) your breach of these Terms, (ii) your misrepresentation of authorisation under section 2, or (iii) your use of the Scanner's output against any third party.
9. Limitation of liability
To the maximum extent permitted by Swiss law, SentriKat's aggregate liability arising out of or in connection with the Scanner is limited to CHF 100. We are not liable for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, data, or goodwill, even if advised of their possibility.
10. Governing law and jurisdiction
These Terms are governed by the substantive laws of Switzerland, excluding its conflict-of-laws rules and the United Nations Convention on Contracts for the International Sale of Goods. The exclusive forum for any dispute is the competent courts of the canton in which SentriKat is registered, without prejudice to mandatory consumer-protection rights in your jurisdiction.
11. Changes
We may update these Terms from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes apply only to scans submitted after the effective date.
12. Contact
Questions about these Terms or to report abuse: [email protected]. Privacy / data-protection requests: [email protected].