Terms of Service

Last updated: February 2026

These terms apply to both SiteSpecter (website security inspector) and EmailSpecter (email security analyzer), collectively referred to as "the Platform."

1. Open Source Intelligence (OSINT) Tools

The Platform provides Open Source Intelligence (OSINT) tools that aggregate and analyze publicly available information. These tools:

• Only access publicly available data sources (WHOIS/RDAP records, DNS records, SSL certificates, public threat intelligence databases)
• Fetch publicly accessible web content in the same manner as any web browser or search engine crawler
• Do not bypass any authentication, access controls, or security measures
• Do not store, redistribute, or share any fetched content
• Process all data server-side to protect users from direct exposure to potentially malicious content

2. Acceptable Use

The Platform is intended solely for legitimate security research purposes. By using these tools, you agree to:

• Use SiteSpecter only to analyze domains you have authorization to investigate
• Use EmailSpecter only to analyze emails you have authorization to inspect
• Use the tools for defensive security research, threat analysis, and educational purposes
• Not use these tools to facilitate any illegal activities, harassment, or malicious purposes
• Not attempt to circumvent rate limits or abuse the service

3. Legal Basis for Data Collection

The information gathered by the Platform is obtained through methods that are legally equivalent to:

• Visiting a website and viewing its source code (publicly served HTML)
• Performing a WHOIS lookup (public domain registration records)
• Querying public DNS servers (public DNS records)
• Connecting to a server and viewing its SSL certificate (publicly presented certificates)
• Querying public threat intelligence APIs (publicly available security data)
• Inspecting email headers and content (information provided directly by the user)

No content is stored permanently, cached beyond the immediate analysis session, or redistributed.

4. EmailSpecter — File Upload & Processing

When you upload an email file to EmailSpecter:

• The file is uploaded to our server and read into memory for processing
• The temporary upload file is deleted immediately after being read into memory
• A shutdown safety net ensures deletion even if processing fails
• No email content is permanently stored on our servers
• Attachment content is never stored — only metadata (filename, type, size, SHA-256 hash) is captured
• All URLs, email addresses, and IP addresses in the response are defanged (neutralized) to prevent accidental clicks
• Email HTML is sanitized (scripts, iframes, and event handlers removed) before being included in the response
• Your browser never directly renders or executes any email content — it only displays the sanitized, defanged analysis results

5. Rate Limits

To ensure fair access for all users and prevent abuse:

• Client-side rate limiting is enforced (5 requests per 30 seconds)
• Excessive or automated requests may result in temporary blocks
• AI analysis features are subject to additional rate limits

6. No Warranty / Disclaimer

The Platform is provided "AS IS" without warranty of any kind. We make no guarantees about:

• The accuracy, completeness, or reliability of analysis results
• The availability or uptime of the service
• The suitability of results for any particular purpose

Analysis results should be considered informational only and verified through additional sources before taking action.

6a. Brand Similarity Analysis Disclaimer

The Brand Similarity feature compares analyzed domains against a database of known legitimate brands:

• Our verified domains list is continuously updated but cannot be comprehensive
• High similarity to a known brand does not necessarily indicate malicious intent — many legitimate businesses operate multiple similar domains
• Low similarity does not guarantee there is no brand impersonation — attackers may use creative variations
• This analysis should be considered alongside other indicators, not in isolation

6b. IP-Based Threat Intelligence Disclaimer

SiteSpecter checks threat intelligence for both domains and their associated IP addresses:

• Many websites share IP addresses through shared hosting, CDNs, or cloud providers
• IP addresses may change due to dynamic addressing or infrastructure migrations
• Historical IP threat data may reflect previous tenants of the IP address, not the current website
• IP-based threat indicators have limited impact on overall risk scores (capped at 10 points) due to these considerations

6c. Screenshot Feature Disclaimer

The website screenshot feature captures a visual representation of analyzed websites:

• Screenshots are captured via a third-party service and represent a point-in-time view
• Content may differ from what you see due to geolocation, personalization, or dynamic content
• Screenshots are not stored permanently and are generated on-demand

7. No Professional Advice

The Platform does not provide professional cybersecurity, legal, or IT advice. Analysis results are automated assessments based on publicly available data and heuristic algorithms. They are not a substitute for:

• Professional cybersecurity audits or penetration testing
• Legal counsel regarding compliance, data protection, or incident response
• Consultation with qualified information security professionals

You should not rely solely on the Platform's output when making security decisions. Always verify findings through additional tools, services, and qualified professionals.

8. Risk Score Methodology Disclaimer

Risk scores generated by the Platform are heuristic estimates, not definitive security verdicts:

• Scores are calculated using weighted signals across multiple categories (authentication, content analysis, domain reputation, etc.)
• A high risk score does not guarantee that a domain or email is malicious
• A low risk score does not guarantee that a domain or email is safe
• Scoring weights and thresholds may change over time as detection methods improve
• Automated analysis cannot capture every form of social engineering, zero-day threats, or novel attack techniques

9. Prohibited Conduct

You agree not to use the Platform to:

• Stalk, harass, threaten, or intimidate any individual or organization
• Gather information to facilitate phishing, spear-phishing, or social engineering attacks
• Conduct reconnaissance for unauthorized access or exploitation of systems
• Violate any applicable local, state, national, or international law or regulation
• Reverse-engineer, decompile, or attempt to extract the source code of the Platform's backend services
• Use automated scripts, bots, or scrapers to access the Platform beyond its intended interface
• Resell, redistribute, or commercially exploit analysis results without authorization

10. Confidential Content Warning (EmailSpecter)

When uploading email files to EmailSpecter, you acknowledge that:

• You are solely responsible for ensuring you have the right to share and analyze the email content
• Emails may contain confidential, privileged, or personally identifiable information belonging to third parties
• You should not upload emails containing sensitive information (trade secrets, medical records, financial data, attorney-client communications) unless you have proper authorization
• While we delete uploaded files immediately after processing, you accept the inherent risk of transmitting sensitive content over the internet

11. Assumption of Risk

By using the Platform, you acknowledge and agree that:

• You assume all risk and liability for your use of these tools and any actions taken based on their output
• You are solely responsible for ensuring your use complies with all applicable laws and regulations
• The operators shall not be liable for any damages, losses, or consequences arising from your use
• You will not hold the operators responsible for any false positives, false negatives, or inaccuracies in the analysis

12. Limitation of Liability

To the fullest extent permitted by applicable law:

• The Platform's operators, contributors, and affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages
• This includes, without limitation, damages for loss of profits, data, goodwill, or other intangible losses
• Our total aggregate liability for any claims arising from your use of the Platform shall not exceed the amount you paid us in the twelve (12) months preceding the claim (if any)
• This limitation applies regardless of the legal theory (contract, tort, negligence, strict liability, or otherwise)

13. Indemnification

You agree to indemnify, defend, and hold harmless the Platform's operators, affiliates, officers, and contributors from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorney's fees) arising from:

• Your use or misuse of the Platform
• Your violation of these Terms of Service
• Your violation of any third-party rights, including privacy or intellectual property rights
• Any content you upload or submit to the Platform

14. Service Availability & Termination

The Platform is provided on an "as available" basis:

• We do not guarantee uninterrupted or error-free access to the Platform
• We reserve the right to modify, suspend, or discontinue the Platform (or any part thereof) at any time, with or without notice
• We may restrict or terminate access for any user who violates these terms or engages in abusive behavior
• We are not liable for any downtime, data loss, or service interruptions

15. Governing Law & Jurisdiction

These terms shall be governed by and construed in accordance with the laws of the United States. Any disputes arising from or relating to these terms or your use of the Platform shall be subject to the exclusive jurisdiction of the courts in the state where the Platform's operators are located. You waive any objections to venue and personal jurisdiction in such courts.

16. Severability & Entire Agreement

If any provision of these terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect. These terms, together with the Privacy Policy, constitute the entire agreement between you and the Platform's operators regarding your use of the Platform, and supersede any prior agreements or understandings.

17. Modifications

We reserve the right to modify these terms at any time. Continued use of the Platform constitutes acceptance of any changes.

Privacy Policy

Last updated: February 2026

This policy applies to both SiteSpecter and EmailSpecter.

1. Information We Don't Collect

The Platform is designed with privacy in mind. We do not collect:

• Personal information (names, email addresses, etc.)
• User accounts or login credentials
• IP addresses or unique identifiers
• Cookies for tracking purposes
• Browsing history or behavior profiles

2. Local Storage

The Platform uses your browser's local storage to:

• Store your analysis history (visible in the History tab)
• Remember your Terms of Service acceptance
• Enforce client-side rate limits

This data is stored only on your device and is never transmitted to our servers. You can clear this data at any time through your browser settings.

3. Domain Analysis Data (SiteSpecter)

When you analyze a domain:

• The domain name is sent to our server for analysis
• Our server queries third-party services (RDAP, DNS, OTX, etc.)
• Fetched web content is processed in memory only and not stored
• Analysis results are returned to your browser and not retained on our servers

4. Email Analysis Data (EmailSpecter)

When you analyze an email:

• The uploaded file is processed entirely in server memory
• The temporary upload file is deleted immediately after reading
• Email content, attachments, and headers are never permanently stored
• Domain enrichment queries (SPF/DKIM/DMARC, WHOIS) are made for sender and linked domains
• Analysis results are returned to your browser and not retained

5. Third-Party Services

The Platform integrates with external services including:

• RDAP/WHOIS Servers: For domain registration lookups
• AlienVault OTX: For threat intelligence data
• Anthropic Claude: For AI-powered analysis
• Screenshotlayer: For website screenshots
• Simple Analytics: For privacy-focused usage analytics

Each service has its own privacy policy that governs how they handle data.

6. Analytics

We use Simple Analytics to understand how the Platform is used:

• No cookies are used
• No personal data is collected
• No IP addresses are logged
• No cross-site tracking
• GDPR, CCPA, and PECR compliant

Learn more: Simple Analytics Privacy Policy

7. Data Security

We implement appropriate security measures:

• All connections use HTTPS encryption
• API keys and secrets are stored securely server-side
• No sensitive data is stored in databases
• Content Security Policy headers protect against XSS

8. Data Processing Location

The Platform's servers are located in the United States. By using the Platform, you acknowledge that any data you transmit (such as domain names for analysis or uploaded email files) will be processed on servers in the United States. If you are accessing the Platform from outside the United States, you consent to the transfer and processing of your data in the United States, which may have different data protection laws than your jurisdiction.

9. Data Retention

The Platform is designed to minimize data retention:

• Domain analysis: Domain names and analysis results are processed in server memory only and are not written to any persistent storage. Data is discarded at the end of each request.
• Email analysis: Uploaded email files are deleted immediately after being read into memory. No email content, headers, or attachments are retained after the HTTP response is sent.
• Server logs: Standard web server access logs may be maintained for operational and security purposes. These logs may include timestamps, request paths, and HTTP status codes, but do not contain analysis input or results.
• Local storage: Analysis history stored in your browser persists until you manually clear it or clear your browser data.

10. Email Content in Transit

When you upload an email file to EmailSpecter:

• The file is transmitted over an HTTPS-encrypted connection between your browser and our server
• During transmission and processing, email content exists temporarily in server memory
• We do not inspect, read, or use uploaded email content for any purpose other than generating the analysis you requested
• No email content is shared with third parties, except that sender and linked domains may be queried against public DNS, WHOIS/RDAP, and threat intelligence services as part of the analysis

11. Do Not Track

The Platform honors Do Not Track (DNT) browser signals. Since we do not use tracking cookies or collect personal data, our practices are consistent with DNT preferences by default. Our analytics provider (Simple Analytics) is inherently DNT-compliant as it does not track individual users.

12. Your Rights

Since we don't collect personal data, there is no personal information to access, correct, or delete. Your analysis history is stored locally in your browser and can be cleared at any time.

13. California & European Privacy Rights

California residents (CCPA/CPRA): The Platform does not sell, share, or use personal information for targeted advertising. Since we do not collect personal information as defined under the CCPA, the rights to know, delete, and opt-out are satisfied by default. If you believe we hold any of your personal data, you may contact us to request its deletion.

European residents (GDPR): The Platform minimizes personal data processing. Where processing occurs (e.g., IP addresses in standard server logs), our lawful basis is legitimate interest in maintaining service security and availability. You have the right to request access to, correction of, or deletion of any personal data we may hold. To exercise these rights, contact us at the email address below.

14. Children's Privacy

The Platform is not intended for use by children under 13 (or under 16 in the European Economic Area). We do not knowingly collect any information from children. If you believe a child has used the Platform in a way that provided us with personal data, please contact us so we can take appropriate action.

15. Changes to This Policy

We may update this policy from time to time. Continued use of the Platform constitutes acceptance of any changes.

16. Contact

For questions about these terms or privacy, please contact us at noreply@sitespecter.com.