Terms of Use & Privacy Policy
Last updated: March 25, 2026 · Synthrex by Gaurav Batule · synthrex.in
1. Acceptance of Terms
By using Synthrex ("the tool", "the service"), you agree to be bound by these terms. If you do not agree, do not use the tool.
2. User Responsibility & Disclaimer
All responsibility for the use of Synthrex lies solely with the person conducting the scan. By initiating a scan, you acknowledge and agree that:
- You are solely responsible for ensuring you have explicit, written authorization from the website owner before scanning any target.
- Unauthorized scanning is illegal in most jurisdictions and may violate the Computer Fraud and Abuse Act (CFAA), the IT Act, GDPR, or equivalent laws in your country.
- Synthrex, its creator (Gaurav Batule), and any contributors bear no responsibility for how you use this tool. Any consequences — legal, civil, or otherwise — arising from unauthorized or malicious use are entirely your liability.
- You will not use Synthrex to attack, disrupt, damage, or gain unauthorized access to any system.
- You will not use scan results to exploit vulnerabilities in any system you do not own or have authorization to test.
- You understand that security scanning can cause unintended effects on target systems (increased load, alerts, temporary blocks), and you accept full responsibility for any such effects.
3. No Warranty
Synthrex is provided "as is" without any warranty of any kind, express or implied. We make no guarantees regarding:
- The accuracy, completeness, or reliability of scan results
- The detection or non-detection of any specific vulnerability
- The availability or uptime of the service
- The security of any target based on scan results
Scan results should be treated as informational only and should not be considered a substitute for a professional security audit.
4. Limitation of Liability
In no event shall Synthrex, Gaurav Batule, or any contributors be liable for any direct, indirect, incidental, special, consequential, or exemplary damages arising from the use or inability to use this tool, even if advised of the possibility of such damages.
5. Indemnification
You agree to indemnify, defend, and hold harmless Synthrex, Gaurav Batule, and all contributors from and against any claims, damages, losses, liabilities, costs, and expenses (including legal fees) arising from your use of the tool or violation of these terms.
6. Ethical Use
Synthrex is designed exclusively for:
- Security professionals conducting authorized penetration tests
- Website owners assessing their own properties
- Developers testing their own applications
- Educational and research purposes with proper authorization
7. Privacy
Synthrex operates as a self-hosted tool. We do not collect personal data:
- No analytics, cookies, or trackers
- No user accounts or registration
- Scan results are stored in-memory only and cleared on server restart
- PDF reports are generated client-side in your browser
8. Request Origin & Anonymity
When Synthrex scans a target, HTTP requests are sent from the server hosting Synthrex (e.g. Vercel's infrastructure), not from your browser or IP address. Key details:
- All scan requests use a standard browser User-Agent and do not identify themselves as coming from Synthrex or any scanning tool.
- Your personal IP address is never sent to the target website — only the hosting server's IP appears in target logs.
- Synthrex does not use custom headers, cookies, or identifiers that would link requests to this tool.
- Despite these measures, scanning activity may still be detectable by the target (e.g. via request volume or payload patterns). You remain fully responsible for ensuring authorization.
9. Authorization System
Synthrex implements a two-tier authorization check before scanning any target:
- security.txt check: If the target has a valid
/.well-known/security.txt or /security.txt file, scanning is automatically authorized — indicating the site welcomes responsible security research.
- Access code: If no
security.txt is found, you must provide a valid access code to confirm you have legitimate authorization to scan.
This system helps ensure scans are only performed on targets that either explicitly invite security testing or where the user has verified authorization.
10. Third-Party Services
When using AI Analysis, a summary of scan results is sent to the Groq API (api.groq.com). This summary includes the target URL and test results — no personal data. Groq's privacy policy applies: groq.com/privacy-policy.
11. Governing Law
These terms are governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts in India.
12. Changes
We may update these terms at any time. Continued use of the tool after changes constitutes acceptance of the updated terms.
13. Contact
For questions, contact Gaurav Batule: LinkedIn · GitHub