Updated: March 6, 2026

XSSeeker LLC ("XSSeeker", "we", "our", "us") is a limited liability corporation located in the United States of America that operates the XSSeeker website at xsseeker.com (https://www.xsseeker.com) and associated websites and applications (collectively our “Services”).

An XSSeeker user ("you", "your", "user", "Services user") is any person who has registered for an account, reviewed these Terms of Use, and had their account activated for use with our Services.

This XSSeeker Terms of Use (“Terms of Use”, "Agreement") is meant to outline the relationship and responsibilities between us and you. If you do not agree to any part of these Terms of Use, do not use our Services.

An XSSeeker third party ("third party", "your customer(s)", "your client(s)") is any organization, business, or person with whom you have a contractual agreement for bug bounty services, information security services, penetration testing, consulting services or any other related activity.

An XSSeeker unauthorized third party ("unauthorized third party", "not your customer(s)", "not your client(s)") is any organization, business, or person with whom you do not have a contractual agreement to provide bug bounty services, information security services, penetration testing, consulting services or any other related activity.

The XSSeeker Privacy Policy (our “Privacy Policy”) explains how we collect, use, process, and disclose personal information when you use our Services and is viewable at https://www.xsseeker.com/privacy.

Our Data is any information, source code, application programming interface, images, processes, design, intellectual property, functionality, or features of our Services.

These Terms of Use are guided by these underlying principles:
1. We will respect your privacy.
2. You will respect the integrity, security, and privacy of our Services and our Data.
3. You have permission to use our Services with your customer(s).

Any future changes to these Terms of Use will be posted on our Services for review. Your continued use of our Services after any changes constitutes acceptance of the updated Terms of Use.

We will respect your privacy.

Through the normal course of business, we will use, view, modify, or delete your Contact Data, Account Data, and Log Data as defined in our Privacy Policy. Examples of this could include creating and managing your XSSeeker subdomains and teams or reviewing access logs.

We will not use, view, modify, or delete your Probe Data. The exceptions to this are as follows:
* When required by law or valid government order.
* When investigating a violation of these Terms of Use.
* To protect the health and safety of our Services and other users of our Services.
* To investigate fraud, security, or technical issues with our Services.
* When you direct us to.

If we are permitted to, you will be notified of any examination of your Probe Data.

You will respect the integrity, security, and privacy of our Services and Data.

You agree that you will not publicly or privately disclose our Data without our consent.

You are permitted to look for and identify vulnerabilities in our Services using industry-standard techniques. You are not permitted to perform invasive or destructive testing including, but not limited to, denial of service, intentional account lockouts, lateral movement, SQL injection on database inserts/deletes, etc. Do not access the data of any other XSSeeker user any more than is necessary to validate a vulnerability exists. You are not permitted to publicly disclose any suspected or confirmed vulnerabilities of our Services without our consent.

You are permitted to use your Probe Data in reports you provide to your customers.

You have permission to use our Services with your customer.

You understand that using our Services could have legal ramifications, including criminal and civil penalties. We do not accept any criminal or civil liability for how you use our Services.

You must have a contractual agreement with your customer prior to using our Services to test your customer's websites, applications, information systems, or services.

You cannot use our Services to test the websites, applications, information systems, or services of an unauthorized third party. You must first obtain permission via a contractual agreement.

You must configure your XSSeeker account so that it is in compliance with the contractual obligations you have with your customer. XSSeeker provides multiple configuration parameters (including client-side PGP encryption) to respect a wide array of customer data handling requirements. You can utilize multiple XSSeeker subdomains in order to meet the different privacy requirements of your customer(s).

You agree to retain Probe Data on our Services only as long as necessary to meet your contractual obligations with your customer(s). You agree that once Probe Data is removed (e.g. copy/paste, API request, screenshot) from our Services, it is your responsibility to handle it in accordance with your contractual obligations with your customer(s).

Violations

We will investigate abuse complaints and violations of this Agreement. This may include examination of your Account Data, Probe Data or Log Data. If permitted, you will be notified of any examination of your Probe Data.

Any repeated, egregious, willful, or intentional abuse or misuse of our Services by you will result in termination of your XSSeeker account. Your Account Data, Probe Data or Log Data will be retained in accordance with our Privacy Policy.

Limitations

You agree that the jurisdiction for any disputes that arise from your use of our Services will be resolved in the USA state where our offices are located. You also agree that if any of the provisions of this Agreement are found to be invalid, illegal, or unenforceable the remaining provisions remain unmodified.

You agree to hold XSSeeker harmless and release us from any liability if you do not use our Services in compliance with the contractual obligations you have with your customer(s).

You agree to hold XSSeeker harmless and release us from any liability if you use our Services in any way with an unauthorized third party.

You agree that our liability for a breach of this Agreement by us is limited to the remedies outlined in this Agreement.

You agree that we make no warranties or guarantees on the lifetime, features, or availability (uptime) of our Services.

You agree that the limitations in this Agreement are your sole remedy for any breach of this Agreement by us.

You agree that our liability for any damages caused by your use of our Services is limited to $0.

Force Majeure

We will not be liable for any failure or delay in performing our obligations under this Agreement where such failure or delay results from events beyond our reasonable control. These events include, but are not limited to, natural disasters, acts of war or terrorism, pandemics, government actions, power outages, internet or telecommunications failures, cyberattacks, and failures of third-party service providers.