Terms, Acceptable Use, and Authorization Notice
This page is maintained by RASS AppSec Platform to describe how the platform may be used. It is not a legal contract; a signed MSA governs paid engagements.
Authorization is required
You may only run scans against systems you own or have explicit written authorization to test. Every scan launch requires a consent confirmation and is recorded in the audit log.
Acceptable use
Do not use RASS to test systems you are not authorized to test, to disrupt services, or to exfiltrate data outside the agreed scope.
Data handling
Scanner output, evidence, and reports are scoped to your organization. Secrets are encrypted at rest. Role-based access control limits which team members can view which projects.
AI-generated content
Hermes AI summaries and drafted reports are labeled as AI-generated. Hermes only analyzes real scanner output; it does not invent findings.