Responsible Testing Policy

Effective Date: March 17, 2026

This policy explains permitted and prohibited uses of Proof's automated testing service. We take responsible testing seriously — our goal is to help you improve your website's quality, not to cause harm to any site or service.

A. Authorization Is Mandatory

You may submit a URL to Proof only if you are the owner/operator of that target or have explicit authorization from the owner/operator to conduct testing.

You must be able to provide proof of authorization on request.

B. Prohibited Uses

You may not use Proof to:

test or interact with sites you are not authorized to test;
conduct penetration testing, vulnerability scanning, exploit attempts, or auth/session bypass;
perform stress testing, denial-of-service simulation, or high-volume synthetic load;
collect or exfiltrate sensitive data without lawful basis;
violate applicable laws, contracts, or third-party rights.

C. Service Behavior and Limits

Proof is designed to behave like ordinary user browsing for UX/QA flows. We make reasonable efforts to avoid harmful activity and do not market the service as a security scanner.

Our agents are intended to:

execute limited, scenario-based interactions;
avoid stress/load testing patterns;
avoid intentional auth bypass behavior;
respect robots.txt directives where technically applicable.

D. Responsibility for Target-Site Impact

You are responsible for selecting targets and ensuring testing authorization. Proof is not responsible for business, legal, or operational consequences resulting from your unauthorized or improper use.

E. Enforcement

We may block runs, rate limit, suspend, or terminate accounts for policy violations or abuse risk, with or without notice.

F. Site Owner Opt-Out

Are you a site owner? If you do not want your site tested through Proof, you can request exclusion by emailing hello@withproof.dev with:

Domain(s) to block
Proof of domain control
Your contact details

We will make commercially reasonable efforts to honor legitimate opt-out requests.

Questions?

If you have questions about this policy or concerns about how Proof interacts with websites, please contact us at hello@withproof.dev.