1. Scope of Services

Greenscan provides external application-layer vulnerability assessments for publicly accessible websites and web assets. Our services are limited strictly to passive and semi-passive external reconnaissance and analysis of your public-facing web presence.

Our assessments include:

• External vulnerability scanning of public-facing web assets
• SSL/TLS configuration analysis
• HTTP security header evaluation
• Subdomain and exposed asset discovery
• Prioritized written risk reports with remediation guidance

All findings are delivered in written report form. Greenscan does not provide remediation services, implement fixes, or access client systems beyond the scope of external assessment.

2. No Penetration Testing

Greenscan explicitly does not perform penetration testing, ethical hacking, active exploitation of vulnerabilities, social engineering, phishing simulations, internal network assessments, or any form of intrusive testing that involves unauthorized access to systems, networks, or data.

Our assessments are conducted from an external perspective using non-destructive methods. We do not attempt to exploit, compromise, or gain unauthorized access to any system, application, or data.

If you require penetration testing or red team engagements, we recommend consulting a qualified penetration testing firm separately.

3. Disclaimer of Warranties

Greenscan's services and reports are provided "as is" and "as available" without warranties of any kind, express or implied. We do not warrant that our assessments will identify every vulnerability present in your web environment, that our reports are free from error, or that following our remediation guidance will prevent all security incidents.

Vulnerability assessment is an inherently probabilistic process. New vulnerabilities are discovered continuously, and our assessments reflect the state of your public-facing assets at the time of the scan only. Greenscan does not guarantee the completeness or accuracy of any report.

Our reports do not constitute a security audit, compliance certification, legal opinion, or guarantee of security. Clients should not rely solely on Greenscan reports for compliance purposes without independent legal or compliance review.

4. Limitation of Liability

To the fullest extent permitted by applicable law, Greenscan and its principals, employees, and contractors shall not be liable for any indirect, incidental, consequential, special, or punitive damages arising out of or related to the use of our services or reports, including but not limited to:

• Data breaches or security incidents occurring after delivery of a report
• Reliance on report findings or remediation guidance
• Failure to identify a specific vulnerability in an assessment
• Any loss of revenue, data, business, or reputation

Our total aggregate liability for any claim arising from our services shall not exceed the total fees paid by you to Greenscan in the three months preceding the claim.

5. Confidentiality

Greenscan treats all client information, report contents, and assessment findings as strictly confidential. We do not disclose client identities, domains assessed, or report contents to third parties without explicit written consent, except as required by law.

Reports are delivered securely and intended solely for the use of the subscribing firm. Clients are responsible for maintaining the confidentiality of their reports and should restrict access to authorized personnel.

6. Authorization & Consent

By engaging Greenscan's services and submitting a domain for assessment, you represent and warrant that:

• You are the authorized owner or designated representative of the domain(s) submitted for assessment
• You have the legal authority to authorize external vulnerability scanning of the submitted domain(s)
• You have obtained any necessary internal approvals to engage our services
• You understand the scope of services as described in this disclosure

Greenscan reserves the right to decline or terminate any engagement where authorization is unclear or in question.

7. Intellectual Property

All assessment reports, methodologies, templates, and materials produced by Greenscan remain the intellectual property of Greenscan until full payment is received. Upon payment, clients receive a limited, non-exclusive license to use their report for internal business purposes.

Clients may not resell, republish, or distribute Greenscan reports or methodologies without prior written consent.

8. Governing Law

These terms and any disputes arising from the use of Greenscan's services shall be governed by and construed in accordance with the laws of the State of Arizona, United States, without regard to its conflict of law provisions. Any legal action shall be brought exclusively in the courts of Maricopa County, Arizona.

9. Changes to These Terms

Greenscan reserves the right to update or modify this Legal Disclosure at any time. Changes will be posted to this page with an updated effective date. Continued use of our services following any changes constitutes acceptance of the revised terms.

10. Contact

For questions regarding these terms or to report a legal concern, please contact us:

• Website: greenscan.net/contact
• Location: Scottsdale, Arizona, United States