// FAQ
Frequently Asked Questions
Common questions about what Xocipher builds, how the tools are meant to be used, and what happens to your data.
Is what Xocipher builds legal?
Yes. Xocipher builds software tools, not testing services. The tools are intended only for authorized security research: systems you own, or assets explicitly in-scope under a bug bounty or vulnerability disclosure program you're enrolled in. Full acceptable-use terms are in the Terms of Service and EULA.
What counts as "authorized"?
Authorization means you have explicit, documented permission to test a system: you own it yourself, or it's explicitly listed as in-scope under a public or private bug bounty or vulnerability disclosure program you're an enrolled, authorized participant in. If you're not sure whether something is in-scope, treat it as out-of-scope until you've confirmed it with the program owner.
Does Xocipher test systems on my behalf?
No. Xocipher sells software only, not services. It does not perform penetration testing, red teaming, or any other security testing on behalf of customers. You run the tools yourself, against your own authorized targets.
Do the tools send my data or scan results back to Xocipher?
No. The tools are built to run under your own control, and Xocipher does not collect or store your scan results, findings, or target data. If a future hosted or SaaS version of a tool changes that, it will be stated clearly before you use it, and covered in an updated Privacy Policy.
What happens if a tool gets misused?
Using a tool outside its permitted use (against systems you don't own or aren't authorized to test) is a breach of the license and is entirely your responsibility, legally and otherwise. See Section 3 of the EULA for the full list of prohibited uses.
Are the tools free or paid?
Xocipher is in an early, soft-launch stage, and pricing hasn't been finalized yet. Use the contact page to hear about pricing and availability as it's decided.
When will the tools actually be available?
There's no fixed release date yet. Everything is being built and tested before a wider release. Use the contact page to get notified when a specific tool ships.
Can I request a custom tool or feature?
Yes. Reach out through the contact page and describe what you need; custom automation requests are welcome.
Is my personal data from the contact form safe?
The contact form only collects what you type in, isn't used for tracking or advertising, and is handled under GDPR. Full details, including your rights and how to exercise them, are in the Privacy Policy.