Terms of Service
Last updated: July 16, 2026
These Terms of Service ("Terms") govern your access to and use of Mitsumono (the "Service"), operated by Lorenzo Fenderico, an individual based in Naples, Italy, doing business as "Mitsumono" ("Mitsumono," "we," "us," or "our"). By creating an account, submitting a URL for scanning, or otherwise using the Service, you agree to be bound by these Terms. If you don't agree, don't use the Service.
You're using this Service to look for security weaknesses in web applications. That's a sensitive thing to do to a system you don't own, so please read Section 4 (Authorization to Scan) carefully — it's the most important part of these Terms.
1. What Mitsumono Does
Mitsumono is an automated web-application security scanner. You submit a live, publicly reachable URL, and a set of automated agents ("Scout," "Locksmith," "Prober," "Lookout," and "Fixer") examine it from the outside — the same way an anonymous visitor or attacker would — and report what they find:
- Backend fingerprinting from your public homepage and linked client-side script bundles (e.g. detecting Supabase or Firebase usage).
- HTTP security header, cookie, and CORS configuration checks.
- Where you've confirmed authorization (see Section 4): checks for anonymously readable database tables and storage buckets, exposed API keys and secrets in client-facing code, missing authentication on discovered endpoints, and a small bounded sample of requests to look for rate-limiting.
Findings are synthesized into a score and a list of issues by a third-party AI model, and "Fixer" writes a plain-language, paste-ready prompt for each finding intended to be used with an AI coding assistant. You can also chat with the agent crew about your results. See Section 8 (AI-Generated Content) for important limitations on all of this.
The Service is a black-box scanner. It does not connect to your source code, your git repository, or any private infrastructure — it only ever sees what's already reachable from the public internet.
2. Eligibility and Accounts
You must be at least 16 years old, or the age of majority in your jurisdiction if that's older, to use the Service. You're responsible for keeping your account credentials confidential and for all activity that happens under your account. Accounts are created and authenticated through our identity provider (including, if you choose, "Sign in with Google"); you agree to provide accurate information and to notify us of any unauthorized use of your account.
3. Ownership Attestation and Scan Scope
When you add a project, the passive checks (backend fingerprinting, headers, CORS) run automatically. Before the Service runs any active probing against a target — testing database access controls, probing discovered endpoints, checking storage buckets, or sampling request behavior for rate limiting — you must check the box confirming you own the target or have explicit permission to test it. That checkbox is a binding representation under these Terms, not a formality.
4. Authorization to Scan (Please Read This)
Active probing sends real requests to the target's live infrastructure: querying its database through whatever public API it exposes, checking whether its storage buckets are readable, hitting endpoints it didn't intend to be public, and issuing a short burst of repeated requests to observe rate-limiting behavior. Running this against a system without the operator's consent may violate computer-crime laws (such as the U.S. Computer Fraud and Abuse Act or equivalent laws elsewhere) and can constitute a civil wrong regardless of criminal exposure — irrespective of whether Mitsumono's checks are individually "harmless."
By using the Service, you represent and warrant that, for every URL you submit for active probing:
- you own the target system, or
- you have explicit, current authorization from whoever does — e.g. an employer, client, or a bug-bounty/pentest agreement covering the target,
and that this authorization covers the specific kinds of testing described in Section 1.
You agree that you will not use the Service to:
- scan, probe, or fingerprint any target you do not own and are not authorized to test;
- scan government, critical-infrastructure, or healthcare systems without separately-verified written authorization;
- attempt to bypass the ownership-attestation gate, misrepresent your authorization, or scan on behalf of a third party without disclosing that relationship to us on request;
- use findings, exposed credentials, or fix prompts generated by the Service to access, modify, or exfiltrate data from a system beyond what's needed to verify and remediate the finding on a system you're authorized to fix;
- use the Service to build a competing scanning product, or to scan targets at a volume or pattern designed to circumvent plan limits;
- use the Service for any unlawful purpose.
You are solely responsible for the legality of every scan you run. Mitsumono is a tool; we don't verify ownership beyond your attestation, and we don't review individual scan targets before they run. See Section 12 (Indemnification).
5. Subscription Plans and Payment
The Service is offered on the following plans, described in full on our pricing page and subject to change with notice under Section 13:
- Free — one project, one scan for the lifetime of the account, no AI fix prompts, no agent chat.
- Starter — $19.99/month: one project, unlimited scans, 50 agent-chat messages per month.
- Growth — $39.99/month: up to ten projects, unlimited scans, 150 agent-chat messages per month.
Paid plans are billed in advance on a recurring monthly basis and renew automatically until cancelled. Payments are processed by Stripe, our third-party payment processor; we never see or store your full card number. You can manage or cancel your subscription, or update your payment method, at any time through the billing portal linked from your dashboard. Cancellation stops future renewal but does not end your current billing period early — you keep paid-plan access through the end of the period you already paid for.
Except where required by applicable law, fees are non-refundable, including for partial billing periods and unused messages or scans. If a payment fails, your subscription is marked past-due and your account is immediately limited to Free-plan quotas until payment succeeds or you cancel. Chat-message allowances reset at the start of each new billing period and do not roll over. We may change plan pricing or features on a going-forward basis with reasonable notice; continued use after a price change takes effect constitutes acceptance of the new price.
6. Your Content
You retain ownership of the target URLs, chat messages, and any other content you submit (" Your Content"). You grant us a limited license to process Your Content — including sending it to the third-party AI providers described in Section 8 — solely to operate, maintain, and improve the Service. We do not sell Your Content or use it to train third-party AI models beyond what those providers' own terms permit as part of processing your request.
7. Intellectual Property
The Service, including its design, agent personas, branding, and underlying software, is owned by us or our licensors and is protected by intellectual-property law. These Terms grant you a limited, non-exclusive, non-transferable right to use the Service for its intended purpose. You may not copy, reverse-engineer, resell, or create derivative works from the Service itself.
8. AI-Generated Content — No Warranty
Scan summaries, security scores, individual findings, fix prompts, and agent-chat replies are generated by third-party large language models based on the technical evidence our scanners collect. This output is provided for informational purposes only and may be incomplete, out of date, or simply wrong. A high score or a clean scan is not a guarantee that a target has no vulnerabilities, and a fix prompt is not verified or executed by us — it is a starting point for a human (or an AI coding assistant under human supervision) to investigate and remediate. The Service is not a substitute for a professional security audit or penetration test, and you should independently verify any finding before acting on it, especially before making changes to production systems.
9. Third-Party Services
We rely on third-party providers to operate the Service, including a database/authentication provider, a payment processor (Stripe), and one or more AI model providers used to synthesize findings and power agent chat. Your use of the Service is also subject to those providers' own terms where applicable. See our Privacy Policy for details on what's shared with whom.
10. Disclaimer of Warranties
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR WILL IDENTIFY ALL OR ANY SECURITY VULNERABILITIES PRESENT IN A SCANNED TARGET.
11. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, MITSUMONO AND ITS OFFICERS, EMPLOYEES, AND CONTRACTORS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF DATA, REVENUE, OR PROFITS, ARISING FROM OR RELATED TO YOUR USE OF THE SERVICE — INCLUDING ANY CONSEQUENCE OF A SCAN YOU RUN OR AUTHORIZE, WHETHER OR NOT YOU HAD THE RIGHT TO RUN IT. OUR TOTAL LIABILITY FOR ANY CLAIM ARISING OUT OF THESE TERMS WILL NOT EXCEED THE AMOUNT YOU PAID US IN THE TWELVE MONTHS BEFORE THE CLAIM AROSE.
12. Indemnification
You agree to indemnify and hold us harmless from any claim, demand, loss, or liability, including reasonable legal fees, arising out of: (a) your breach of Section 4 (Authorization to Scan) or the Acceptable Use restrictions in these Terms; (b) any claim by a third party that a scan you initiated against their system was unauthorized; or (c) Your Content or your use of the Service in violation of applicable law.
13. Changes to the Service or These Terms
We may update these Terms from time to time. If we make material changes, we'll post the updated Terms here with a new "Last updated" date and, where appropriate, notify you by email. Continued use of the Service after a change takes effect means you accept the updated Terms. We may also modify, suspend, or discontinue any part of the Service — including the specific AI providers used to power scans and chat — at any time.
14. Termination
You may stop using the Service and cancel your subscription at any time. We may suspend or terminate your account, with or without notice, if we reasonably believe you've violated these Terms — particularly the authorization requirements in Section 4 — or if your use of the Service creates risk or legal exposure for us or others. Sections that by their nature should survive termination (including Sections 4, 8, 10, 11, and 12) will survive.
15. Governing Law
These Terms are governed by the laws of Italy, without regard to its conflict-of-law principles. Any dispute arising from these Terms or the Service will be brought exclusively in the courts of Naples, Italy, and you consent to their jurisdiction. If you are a consumer resident in the European Union, nothing in this section deprives you of any mandatory consumer- protection provisions of the law of your own country of residence, or of your right to bring proceedings before the courts of that country, where applicable law grants you that right.
16. General
These Terms are the entire agreement between you and us regarding the Service and supersede any prior agreements on the subject. If any provision is found unenforceable, the rest remains in effect. Our failure to enforce a provision isn't a waiver of it. You may not assign these Terms without our consent; we may assign them in connection with a merger, acquisition, or sale of assets.
17. Contact
Questions about these Terms? Reach us at wraithnet0x@gmail.com.