1. Who We Are

GM IT Consulting ("GM IT", "we", "our", "us") operates the website security scanning platform at gmitconsulting.com. We provide automated security analysis tools for websites and web applications.

2. Eligibility

You must be at least 18 years old and legally capable of entering into a binding contract to use our services. By registering you confirm that all information you provide is accurate and complete.

3. Acceptable Use

You agree to use the scanner and all related services only on websites and domains that you own or have explicit written permission to test. You must not:

• Scan domains you do not own or have authorization to test
• Use the service to perform attacks, cause damage, or disrupt any system
• Attempt to circumvent rate limits, authentication, or access controls
• Resell or redistribute scan results without attribution
• Use automated scripts to abuse the free tier beyond the published rate limits
• Use the service for any illegal or unauthorized purpose

We reserve the right to suspend or terminate any account that we reasonably believe is violating these terms without prior notice.

4. Subscriptions and Billing

Paid plans (Starter, Pro, Agency) are billed annually via Stripe. By subscribing you authorize us to charge the stated annual fee to your payment method. All prices are in USD and exclude any applicable taxes.

• Cancellation: You may cancel at any time from your account settings. Access continues until the end of the current billing period. No partial refunds are issued for unused time.
• Refunds: We offer a full refund within 7 days of initial purchase if you are not satisfied. Contact us at billing@gmitconsulting.com.
• Price changes: We will notify you by email at least 30 days before changing subscription prices.
• Failed payments: If a payment fails we will notify you and attempt to retry. Access may be suspended after repeated failures.

5. Free Plan

The free plan is provided as-is with no SLA or uptime guarantee. We reserve the right to modify or discontinue the free tier at any time with reasonable notice.

6. Accuracy of Results

Our scanner analyzes publicly visible HTTP response headers and limited network signals. It does not perform authenticated testing, source code review, or penetration testing. A passing result does not guarantee that your site is free from all vulnerabilities. Results are informational only and do not constitute a security certification or guarantee.

7. Limitation of Liability

To the maximum extent permitted by applicable law, GM IT Consulting shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of (or inability to use) our services, even if we have been advised of the possibility of such damages. Our total liability to you for any claim shall not exceed the amount you paid us in the 12 months preceding the claim.

8. Disclaimer of Warranties

The services are provided "as is" and "as available" without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

9. Intellectual Property

All content, software, and infrastructure of the platform is the intellectual property of GM IT Consulting. You retain ownership of your scan data. You grant us a limited license to process and store your data to provide the services.

10. Termination

We may suspend or terminate your account at any time for violation of these Terms. You may delete your account by contacting us at support@gmitconsulting.com. Upon termination, your data will be deleted within 30 days.

11. Governing Law

These Terms are governed by the laws of the State of Texas, United States, without regard to its conflict of law provisions. Any disputes shall be resolved exclusively in the state or federal courts located in Texas.

12. Changes to These Terms

We may update these Terms from time to time. We will notify you by email and update the "Last updated" date above. Continued use of the service after changes take effect constitutes acceptance.

13. Contact

Questions about these Terms? Contact us at legal@gmitconsulting.com or through our contact form.

1. Information We Collect

Account data: When you register, we collect your name, email address, and a hashed (bcrypt) password. If you register via Google OAuth, we receive your name, email, and profile picture URL from Google — we never see your Google password.

Scan data: When you scan a website, we store the domain name, scan timestamp, security score, risk level, and the full results JSON. This data is associated with your account.

Payment data: Subscription payments are processed by Stripe. We store only your Stripe Customer ID and Subscription ID — we never see or store your full credit card number, CVV, or billing address. Stripe's privacy policy applies to payment data.

Usage data: We log IP addresses for rate limiting purposes. These logs are not linked to your account and are automatically purged after 1 hour.

Cookies: We use a single session cookie to keep you logged in. No advertising or tracking cookies are set.

2. How We Use Your Information

• To provide and operate the security scanning service
• To send security alert emails when monitored domains develop new issues
• To process payments and manage your subscription
• To send transactional emails (password resets, billing notifications)
• To enforce rate limits and prevent abuse
• To improve the accuracy and coverage of our security checks

We do not sell your personal data, use it for advertising, or share it with any third party except as described below.

3. Third-Party Services

• Stripe — payment processing. Stripe Privacy Policy
• Mailgun / SendGrid — transactional email delivery. Your email address is transmitted to send you messages.
• Google OAuth — optional sign-in. Only used if you click "Continue with Google". Google Privacy Policy
• Namecheap / hosting provider — server infrastructure. Subject to their data processing agreements.

4. Data Retention

• Account data: Retained until you delete your account
• Scan history: Retained for the life of your account; last 50 scans are accessible in the dashboard
• Rate limit logs: Automatically deleted after 1 hour
• Password reset tokens: Expire after 1 hour and are marked used

Upon account deletion all personal data is removed within 30 days.

5. Your Rights

Depending on your location you may have rights including:

• Access: Request a copy of all data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and all associated data
• Portability: Request your scan data in a machine-readable format
• Opt-out of emails: Remove a monitored domain from your dashboard to stop security alert emails

To exercise any of these rights, email privacy@gmitconsulting.com.

6. Security

We use industry-standard measures to protect your data: passwords are hashed with bcrypt (cost 12), all connections use HTTPS/TLS, session cookies are HttpOnly and Secure, and database access is restricted to our application server. No security measure is perfect — please use a strong unique password for your account.

7. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email and update the "Last updated" date above. Material changes will be communicated at least 14 days in advance.

9. Contact

Privacy questions or requests: privacy@gmitconsulting.com

GM IT Consulting  ·  gmitconsulting.com