// operator console
Terms of Service
Last updated: June 7, 2026 · Applies to app.redrun.app (the authenticated dashboard)
Authorization is mandatory. The RedRun dashboard runs active security tests that send real attack traffic. You may run active scans only against systems you own or are explicitly authorized in writing to test. Unauthorized testing of third-party systems is illegal and strictly prohibited.
1. Acceptance of Terms
By creating an account or using the RedRun Operator Console (the “Service”), you agree to be bound by these Terms of Service (“Terms”). If you are using the Service on behalf of an organization, you represent that you are authorized to bind that organization. If you do not agree, do not use the Service. We may update these Terms; continued use after changes constitutes acceptance.
2. Description of Service
The Service performs AI-orchestrated security testing, including active exploitationtechniques such as authentication and access-control testing (including IDOR), server-side request forgery (SSRF), cross-site scripting (XSS), and SQL injection. The Service operates in a detection-oriented manner: it seeks to demonstrate that a vulnerability exists and then stops, rather than extracting data or causing destructive impact. The Service is provided on an “as is” basis and may evolve over time.
3. Authorization & Domain Ownership Verification
Before any active scan, you must verify control of the target domain (via DNS record or hosted file) and affirmatively confirm that you are authorized to test it. By launching an active scan you represent and warrant that: (a) you own the target or have explicit, current, written authorization from the owner to conduct security testing; (b) the testing does not violate any law or any agreement with a third party (including hosting providers, CDNs, and SaaS vendors); and (c) you have authority to accept these Terms for that target. Ownership verification is a technical safeguard, not a substitute for your own legal authorization.
4. Acceptable Use
You agree NOT to use the Service to:
• Test, scan, or attack any system you do not own or are not authorized to test;
• Target third-party infrastructure, shared hosting, or another tenant’s systems without their authorization;
• Cause denial of service, exfiltrate or destroy data, or persist access beyond demonstrating a vulnerability;
• Circumvent the Service’s scope, ownership-verification, or consent controls;
• Use the Service to develop, stage, or launch attacks against unrelated targets.
5. Active-Testing Risk & Assumption of Risk
Active security testing carries inherent risk. Sending attack payloads to a live system may, despite our safeguards, cause errors, performance degradation, unexpected application behavior, or service disruption. You acknowledge and accept these risks and are solely responsible for testing against appropriate environments (e.g., staging) and for maintaining backups. You are strongly advised not to run active scans against production systems handling critical traffic.
6. Accounts & Security
You are responsible for safeguarding your account credentials and for all activity under your account. Notify us immediately of any unauthorized access. We may suspend accounts that we reasonably believe are being used in violation of these Terms.
7. Scan Data, Evidence & Privacy
The Service stores scan configurations, findings, and supporting evidence (such as request/response excerpts) associated with your account. We use this data to operate and improve the Service. We do not retain credentials or exfiltrated production data; the Service is designed to capture proof that a vulnerability exists, not to harvest sensitive data. You are responsible for the data you direct the Service to generate.
8. AI-Generated Content
Findings, severity ratings, and remediation guidance are generated with automated tools and AI assistance. While every reported finding is intended to be backed by concrete evidence, the Service may produce inaccuracies. Output is provided for informational purposes and does not constitute professional security or legal advice; validate critical findings independently.
9. Disclaimer of Warranties
THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. We do not warrant that the Service will detect all vulnerabilities or that it will be uninterrupted or error-free.
10. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, REDRUN AND ITS OPERATORS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF DATA, REVENUE, OR SERVICE AVAILABILITY, ARISING FROM YOUR USE OF THE SERVICE - INCLUDING ANY IMPACT TO SYSTEMS YOU TEST. OUR TOTAL LIABILITY WILL NOT EXCEED THE AMOUNTS YOU PAID US IN THE THREE MONTHS PRECEDING THE CLAIM.
11. Indemnification
You agree to indemnify and hold harmless RedRun and its operators from any claims, damages, liabilities, and expenses (including reasonable legal fees) arising from your use of the Service, your violation of these Terms, or your testing of any system without proper authorization.
12. Termination
We may suspend or terminate your access at any time for violation of these Terms or for suspected unauthorized or abusive use. You may stop using the Service at any time.
13. Governing Law
These Terms are governed by the laws of the jurisdiction in which RedRun is established, without regard to conflict-of-laws principles. [Update this clause to your governing jurisdiction.]
14. Contact
Questions about these Terms: bekedil072@gmail.com.