Terms of service

Last updated: April 4, 2026

What Scorra is

Scorra is a web application security scanning service. It checks publicly accessible URLs for common security issues such as missing security headers, exposed endpoints, injection-related signals, and misconfigurations — within the limits of an automated tool.

Scorra is a scanning tool, not a security guarantee. A passing scan does not mean your application is secure. Security is a continuous process.

Who can use Scorra

You must be at least 18 years old to use Scorra.

You must only scan URLs and domains that you own or for which you have explicit written permission to test. Scanning systems you do not own or control without permission may be illegal in your jurisdiction. We are not responsible for how you use Scorra.

Your account

You are responsible for maintaining the security of your account.

You must provide a real email address.

We may suspend or terminate accounts that violate these terms or abuse the service.

Credits and payments

  • Credits are purchased in one-time packs (Starter, Builder, Pro Pack)
  • Credits do not expire while your account exists
  • Credits are non-refundable once purchased, except as required by applicable law
  • If a scan fails due to an error on our side, we automatically refund the credit used for that scan where our systems can do so
  • We may change pricing with 30 days' notice to existing users where required

Subscriptions (when available)

  • Pro subscription ($29/month) and Team subscription ($79/month) are billed monthly
  • You may cancel your subscription at any time
  • When you cancel, you retain access until the end of the current billing period where our billing provider supports it
  • No refund is issued for unused days in a billing period unless the law requires it
  • At the end of the billing period, your account returns to the free tier for recurring features

Acceptable use

You may not use Scorra to:

  • Scan URLs or domains you do not own or have permission to test
  • Run denial-of-service attacks (Scorra's engine is rate-limited and designed to be non-destructive)
  • Reverse-engineer or scrape the Scorra platform itself in violation of these terms
  • Resell scan results as your own security service without a commercial agreement with us

What we do with your scans

Scan findings may be sent to Anthropic's Claude API for AI analysis. We do not use your scan content to train our own models. Anthropic's data usage policy applies to their processing.

Your scan results are stored in your account and are meant to be accessible only to you (subject to our security measures and lawful requirements).

We do not sell scan results or share them for advertising.

Limitation of liability

Scorra is provided "as is." We do not warrant that Scorra will find every vulnerability. We are not liable for security incidents that occur after a scan, whether or not related to findings Scorra identified or missed, except where the law does not allow such limitations.

To the extent permitted by law, our aggregate liability is limited to the amount you paid us in the three months before the claim.

Changes to these terms

We may update these terms. For material changes, we will notify registered users by email at least 30 days before the effective date where practical. Continued use after the effective date may constitute acceptance.

Governing law

These terms are governed by French law. Disputes are subject to the courts of France.

Contact

Legal questions: legal@scorra.io

← Back to Scorra