These Terms of Service ("Terms") govern the use of the free preliminary security scan service ("PreScan") provided by VIVO Finanse sp. z o.o., operating under the brand CyberCerber ("CyberCerber", "we", "us"), VAT ID: PL8992914597, registered office: ul. Kopycińskiego 41/3, Wrocław, Poland.

These Terms apply exclusively to the PreScan service. Paid service packages (Basic, Standard, Full) are governed by separate service agreements concluded individually with each client.

Submitting the PreScan request form constitutes full acceptance of these Terms. If you do not agree, please do not use the PreScan service.

1. Definitions

"PreScan" — a free, one-time passive security analysis of the Client's publicly accessible internet infrastructure.
"Client" — an individual running a business or a legal entity submitting a PreScan request.
"Domain" — the internet domain name or IP address specified by the Client in the request form as the target of the scan.
"PreScan Report" — a document containing the results of the analysis performed under the PreScan service, delivered to the Client by email.
"Client Data" — the Domain, email address, and other information submitted by the Client in the request form.

2. Description of the PreScan service

PreScan is a free, passive analysis of the Client's publicly accessible internet infrastructure. It is based exclusively on publicly available data and a single HTTP request to the main address of the specified Domain.

As part of PreScan, we analyse, among other things:

DNS configuration responsible for email authentication and message delivery policy;
validity and configuration of security certificates and the encryption protocol;
HTTP security response headers of the Domain's main page;
publicly disclosed subdomains and assets visible in open certificate registries;
presence of the Domain and IP addresses in public security breach databases;
reputation of IP addresses and the Domain in public threat intelligence registries;
exposure of network infrastructure visible in publicly available internet device databases;
potentially similar domains that could be used for phishing attacks (typosquatting).

Results are delivered to the Client as a PreScan Report sent to the provided email address within 24–48 business hours of submission.

PreScan does not constitute a full security audit or penetration test and does not replace a comprehensive vulnerability assessment within the meaning of NIS2, GDPR, or applicable cybersecurity standards.

3. Methodology — what PreScan does not cover

PreScan is an exclusively passive service. It does not and will never include:

penetration testing or active exploitation of identified vulnerabilities;
authentication attempts, brute-force or dictionary attacks against any services;
port scanning beyond the observation of publicly visible services;
any activity inside the Client's internal network (VPN, internal networks, back-office systems);
installation of any software on the Client's systems;
any action that could disrupt the availability or integrity of the Client's systems.

The detailed methodology of PreScan is a protected intellectual property of CyberCerber and is not publicly disclosed beyond the description provided in these Terms.

4. Client declaration and authorisation

By submitting a PreScan request, the Client declares and warrants that:

the Client owns the specified Domain or holds written authorisation from the Domain owner to commission a security analysis of that Domain;
commissioning PreScan does not violate any applicable laws, in particular provisions of the Polish Penal Code (Articles 267–269b) or equivalent regulations in the Client's jurisdiction;
commissioning PreScan does not violate any agreements to which the Client is a party (e.g. with a hosting or cloud service provider);
the contact details provided in the request form are true and current;
as the controller of personal data of the Client's employees or contractors, the Client is entitled to commission analysis of resources linked to the Domain and assumes sole responsibility for GDPR compliance regarding the processing of such personal data under PreScan.

CyberCerber reserves the right to decline any PreScan request without stating a reason. CyberCerber bears no liability for claims arising from PreScan conducted on the basis of false declarations by the Client.

5. Personal data processing (GDPR)

The controller of the Client's personal data is VIVO Finanse sp. z o.o., Wrocław, Poland, email: contact@cybercerber.com.

The Client's personal data (name, company name, email address, phone number, Domain) is processed for the following purposes and on the following legal bases:

Provision of the PreScan service — legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract / pre-contractual steps);
Security and fraud prevention (scan log maintenance) — legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller in preventing misuse of the service);
Marketing of CyberCerber services (if the Client has given separate consent) — legal basis: Art. 6(1)(a) GDPR.

The PreScan Report may contain email addresses of the Client's employees or contractors found in public security breach databases. Such data is presented in partially anonymised (masked) form. The legal basis for processing is Art. 6(1)(f) GDPR — the legitimate interest of protecting the Client's infrastructure security. Full data is retained only in CyberCerber's internal logs.

The Client has the right to access, rectify, erase, restrict processing, port, and object to the processing of their data, as well as the right to lodge a complaint with the supervisory authority (in Poland: Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw; or the authority in the Client's country of residence). Requests may be submitted to: contact@cybercerber.com.

6. Data retention

CyberCerber applies the following data retention policy for PreScan:

PreScan Report — retained for 90 days from the date of generation, then permanently deleted.
Request form data (name, company, email, Domain) — retained for 90 days from the date of service delivery, unless the Client has consented to marketing or entered into a paid service agreement.
Scan log (scan ID, timestamp, Domain, requester's IP address, declaration records) — retained for 24 months from the scan date for security purposes and legal defence.

After the above retention periods, data is permanently deleted. The Client may request earlier deletion on the basis described in Section 5, except for data necessary to fulfil legal obligations or defend against legal claims.

7. Intellectual property and know-how protection

The PreScan Report is provided to the Client for their own internal business use only. The Client may not resell, publicly distribute, or reproduce the PreScan Report without prior written consent from CyberCerber.

All methodologies, algorithms, risk scoring models, report templates, analysis rule sets, and other materials used in the provision of PreScan constitute protected intellectual property of CyberCerber and are covered by trade secret protection under applicable law. These Terms do not transfer any rights to such intellectual property to the Client.

8. Limitation of liability

To the fullest extent permitted by applicable law:

PreScan is a free service provided on an as-is basis, without any warranties of completeness, accuracy, or currency of results.
CyberCerber shall not be liable for any direct or indirect damages (including loss of profit, loss of data, or business interruption) resulting from use of the PreScan Report or decisions made on its basis.
CyberCerber's total liability to the Client for any claims related to PreScan is limited to €0 — PreScan is a free service.
CyberCerber is not responsible for security breaches affecting resources outside the Domain specified by the Client, nor for changes to the Client's infrastructure after the Report generation date.

9. No security guarantee

The PreScan Report reflects the state of the Client's publicly accessible infrastructure at the time of scanning and does not constitute a guarantee that the Client's systems are free from security vulnerabilities, breaches, or cyber threats — in particular those not publicly accessible. PreScan does not replace a penetration test, internal audit, or GDPR, NIS2, or cybersecurity compliance assessment.

10. Changes to these Terms

CyberCerber reserves the right to update these Terms. Material changes will be notified via a notice on our website. The version of the Terms in force at the time of submitting the PreScan request is binding for that request.

11. Governing law and jurisdiction

These Terms are governed by Polish law. Any disputes arising from or related to these Terms shall be subject to the exclusive jurisdiction of the courts competent for the registered office of CyberCerber (Wrocław, Poland).

12. Contact

For questions regarding these Terms or the PreScan service:
VIVO Finanse sp. z o.o.
ul. Kopycińskiego 41/3, Wrocław, Poland
VAT ID: PL8992914597
Email: contact@cybercerber.com

PreScan Terms of Service