Legal
Security Scan Disclaimer
What a GuardMint scan can and cannot tell you — please read before relying on a report.
What a GuardMint scan is
GuardMint runs public, external, non-invasive scans. A scan looks only at the publicly visible surface of a submitted URL, and its results are based on the signals that were visible at the time of the scan.
For a fuller explanation of what the scan evaluates and how to read your results, see how GuardMint scans.
A scan is not a guarantee
Passing a scan does not guarantee that an app is secure. Reports may contain false positives (flagging something that is not actually a problem) and false negatives (missing something that is). Treat a report as a helpful signal, not a verdict.
What a public scan cannot verify
Some risks simply cannot be confirmed from the outside. A public scan cannot reliably verify areas that require:
- Authentication or access to logged-in areas.
- Source code access.
- DNS or domain ownership.
- Provider or dashboard access.
- GitHub or repository access.
- Manual review by a person.
GuardMint stays non-invasive
What the scan never does
GuardMint does not exploit vulnerabilities, brute force, bypass authentication, perform destructive testing, access private systems, or attempt unauthorized access.
Not certification or professional advice
GuardMint does not certify compliance. It is not, and does not provide:
- A penetration test.
- A formal security audit.
- Legal advice.
- A compliance certification.
High-risk applications — anything handling sensitive data, payments, or critical infrastructure — should get a professional security review.
Contact
Questions about this disclaimer or a scan? Email us at contact@guardmint.io.