Terms of Service

1. Acceptance of Terms

By accessing or using SecureMonk ("the Service"), operated at securemonk.io, you agree to be bound by these Terms of Service. If you do not agree, do not use the Service.

2. Description of Service

SecureMonk is a free, publicly available tool that performs automated security assessments of websites and provides AI-powered security guidance. The Service includes:

• TLS/SSL analysis — evaluates certificate validity, protocol versions, cipher strength, and configuration
• HTTP security header audit — checks for the presence and configuration of security headers
• Vulnerability scan (optional) — heuristically detects web technologies and cross-references them against the National Vulnerability Database (NVD) for known CVEs
• Security News Brief — AI-generated summaries of public cybersecurity news from RSS feeds, published twice daily, for informational purposes only
• Ask Monk — AI Security Advisor— an AI-powered chatbot that answers questions about security headers, TLS configuration, CVEs, and general hardening practices. Ask Monk uses a Retrieval-Augmented Generation (RAG) pipeline drawing from public security knowledge bases (OWASP, CISA KEV, CWE, MITRE ATT&CK, NVD, and others) and the Anthropic Claude API to generate responses.

All scanning is based on publicly observable data. The Service does not exploit vulnerabilities, access restricted content, or perform intrusive testing.

3. Permitted Use

You may use the Service to scan:

• Websites that you own or operate
• Websites for which you have explicit written authorization to test
• Publicly accessible websites for informational and educational purposes, where no intrusive access is attempted

The Service only examines publicly available information (TLS handshake data, HTTP response headers). It does not attempt to exploit vulnerabilities, access restricted content, or perform any intrusive testing.

You may use Ask Monk to ask general security questions or to seek guidance on improving the security of systems you own or are authorized to administer. Ask Monk responses are informational only and do not constitute professional security advice.

4. Prohibited Use

You agree not to:

• Conduct unauthorized security testing — you must not use the Service to scan, probe, fingerprint, or assess any website, host, or system without the explicit written authorization of the owner. This includes scanning competitors, third-party services, government systems, or any system you do not own or have explicit permission to test.
• Use Ask Monk to plan or conduct attacks — you must not use the AI chatbot to obtain step-by-step instructions for exploiting vulnerabilities, bypassing security controls, conducting denial-of-service attacks, or engaging in any other offensive security activity against systems you do not own or are not authorized to test.
• Use the Service to facilitate any illegal activity
• Abuse or circumvent rate limits — excessive automated requests, scraping, credential stuffing, or any attempt to bypass or circumvent rate limiting controls is strictly prohibited. We reserve the right to permanently block IPs engaged in abuse without notice.
• Misrepresent scan results or CVE findings, or use them to defame, harass, extort, or make false claims about website owners or operators
• Use CVE data from the Service as the sole basis for asserting that a third party is vulnerable, without independent verification
• Redistribute or republish AI-generated news summaries or Ask Monk responses as original content without attribution
• Attempt to manipulate, jailbreak, or extract internal instructions from the Ask Monk AI system via prompt injection or other adversarial techniques
• Reverse-engineer, decompile, or attempt to extract the source code of the Service
• Use scan results as the sole basis for certifying or guaranteeing website security

5. AI Services — Important Limitations

Ask Monk is powered by large language models (Anthropic Claude) augmented with a curated security knowledge base. You acknowledge that:

• AI responses may contain inaccuracies, hallucinations, or outdated information even when sourced from the RAG knowledge base
• Ask Monk responses do not constitute professional security advice, legal advice, or compliance guidance
• The RAG knowledge base is updated periodically but may not reflect the latest vulnerability disclosures or security guidance
• You should independently verify any security recommendations before implementing them in production environments
• Questions submitted to Ask Monk are sent to the Anthropic Claude API for processing; do not submit sensitive, confidential, or personal information in chat messages

6. No Warranty

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

SecureMonk does not warrant that scan results, AI responses, or news summaries are complete, accurate, or up-to-date. Security configurations can change at any time, and the Service reflects a point-in-time snapshot of publicly observable data.

7. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, SECUREMONK, ITS OPERATORS, CONTRIBUTORS, AND AFFILIATES SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO YOUR USE OF THE SERVICE, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL.

IN NO EVENT SHALL THE TOTAL LIABILITY OF SECUREMONK EXCEED THE AMOUNT YOU PAID TO USE THE SERVICE (WHICH IS $0 FOR THE FREE TIER).

SecureMonk is not liable for any actions taken by you or any third party based on AI-generated responses from Ask Monk, or based on security scan results. You are solely responsible for any security decisions made in reliance on the Service.

8. Indemnification

You agree to indemnify and hold harmless SecureMonk and its operators from any claims, damages, losses, or expenses (including reasonable legal fees) arising from: your use or misuse of the Service; your violation of these Terms; your violation of any third-party rights; or any unauthorized security testing conducted using the Service.

9. Rate Limiting and Abuse Prevention

The Service enforces rate limits on scanning and AI chatbot requests to ensure fair usage and protect Service availability. Exceeding rate limits may result in temporary or permanent restriction of access without notice. We monitor for and actively block:

• Automated bulk scanning or scraping
• Systematic abuse of the Ask Monk AI chatbot
• Attempts to bypass or circumvent rate limiting controls
• Any usage pattern that degrades service quality for other users

10. Modifications

We reserve the right to modify these Terms at any time. Continued use of the Service after changes constitutes acceptance of the updated Terms. We recommend reviewing this page periodically.

11. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the United States, without regard to conflict of law provisions.

12. Contact

For questions about these Terms, contact us at [email protected].