Scan Policy

This Scan Policy governs the free "Vibe Coding Risk Score" security scan operated by LeaderNova SRLS unipersonale ("LeaderNova", "we", "us"). By ticking the consent box and submitting a URL you accept this Policy. This document is the agreement the consent checkbox refers to.

1. What the scan does

The scan performs focused, passive, read-only checks of publicly reachable surfaces of the URL you submit: HTTP response headers, TLS configuration, and content already served to any ordinary visitor (client-side bundles, fingerprintable framework/backend signals, and secrets the site itself exposes to the browser).

The scan does NOT: log in, submit forms, inject payloads, brute-force credentials, exhaust rate limits, crawl beyond the submitted page, or attempt to exploit any weakness it observes. It issues normal browser-style requests only. It is designed to stay within the limits of the US Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act (CMA), and Italian Law (see Section 4).

2. Your authorization is required

You may submit a URL ONLY if you own the target site or are expressly authorized by its owner to commission a non-intrusive security check of it. The consent box is your attestation that this is true. If you are acting for a client, you must hold the client's explicit written permission and produce it on request.

You are solely responsible for the lawfulness of each URL you submit. You must not submit a URL you are not authorized for, a URL belonging to an uninvolved third party, or any URL for an unlawful purpose.

3. Authorization record we keep

To operate the service responsibly and to defend ourselves and our users against misuse complaints, at the moment a scan is started we record an authorization record containing: the URL you submitted, the fact that you ticked the consent box, the version and a cryptographic hash of this Policy and of the attestation text shown to you, your email address, the date and time of attestation and of scan start, and the IP address and user-agent observed at those two moments.

This record exists to evidence that the person who caused us to fetch the target represented that they were authorized to do so. It is retained as described in Section 6.

4. Italian law alignment

This service is operated from Italy and intended to stay within Italian criminal law. In particular it is designed not to constitute unauthorized access to a computer system (art. 615-ter Codice Penale), unlawful possession or distribution of access codes (art. 615-quater), or damage to information, data or systems (art. 635-bis et seq.). Your authorization (Section 2) is the basis on which the otherwise-passive scan of your own or an authorized system is lawful. Submitting a URL you are not authorized for may expose YOU to liability under these provisions; the authorization record in Section 3 documents your representation to us.

5. Data controller and lawful basis (GDPR)

LeaderNova SRLS unipersonale is the data controller for personal data processed by this service. We process the scan request and marketing attribution data on the basis of your consent and our legitimate interests (Art. 6(1)(f) GDPR) in providing and securing the service. We process and retain the authorization record (Section 3), including IP address, on the basis of our legitimate interests and for the establishment, exercise and defence of legal claims (Art. 6(1)(f) and Art. 17(3)(e) GDPR).

6. Retention

We delete or anonymize the scanned URL, the scan results, and the IP/device data associated with the scan within 30 days.

We retain the minimal authorization record described in Section 3 for up to 24 months (or, where longer, the applicable limitation period) solely to defend against misuse or unauthorized-access claims, after which it is deleted or anonymized. PENDING-LEGAL: confirm the 24-month figure against the relevant Italian/EU limitation periods.

7. Your rights

You may request access to, correction of, or deletion of your personal data, and you may object to processing, by emailing privacy@leadernova.com. We will honor deletion requests for everything except the authorization record, which we are entitled to retain for the limited period and sole purpose stated in Section 6. You may lodge a complaint with the Italian Garante per la protezione dei dati personali.

8. No warranty

The scan is provided free and "as is". A passing or failing result is not a guarantee of security or insecurity and is not professional advice. You remain responsible for securing your systems.

9. Changes and governing law

We may update this Policy; material changes are published here with a new version number and effective date. The version in force when you attest is the version recorded against your scan. This Policy is governed by Italian law; the courts of Italy have exclusive jurisdiction, without prejudice to mandatory consumer protections.

Questions: privacy@leadernova.com.