On-demand scan — $50 one-time
A single external website security scan — same checks, same plain-English report. No subscription.
Read the scan authorization, then enter your details and sign below. You'll be taken to Stripe for secure payment — your scan starts right after.
Payments are processed by Stripe. At checkout you may be offered Link by Stripe— a faster checkout that texts or emails a one-time code to confirm it's you. It's part of Stripe, not a separate company, and using it is optional.
Scan authorization
Pre-counsel placeholder. This text will be replaced by an attorney-reviewed authorization before formal launch.
Preamble
This document authorizes RiskMeter Cybersecurity ("RiskMeter") to perform an external website security scan of the asset identified below ("the Scope") on behalf of your business. By electronically signing this authorization, you confirm you have read, understood, and agree to the terms that follow.
1. Scope
In scope: the website you enter below, including subdomains reachable from public DNS that resolve to infrastructure your business owns or controls. Out of scope: any asset not described above; any third-party service your business uses (payment processors, hosted email, CDN, identity providers, etc.); social-engineering or phishing of your business staff or contractors; physical intrusion; denial-of-service or load-generation tests; testing performed from inside an authenticated user account.
2. Methods
RiskMeter performs the scan using Intruder.io's web vulnerability scanner under a "responsible scanning" configuration: throttled request rate, no destructive payloads, and no exploitation of findings beyond what is needed to verify their presence. The scan is performed from cloud-hosted infrastructure on a schedule communicated separately.
3. Time window
The scan will be performed within 14 days of the date this authorization is signed. Either party may request rescheduling by email; this authorization remains in force during any agreed rescheduling.
4. Acknowledgment of risk
Authorized security scanning carries some risk of unintended impact on the tested system — elevated server load, triggering of intrusion-detection alerts, or short-duration service degradation. By signing, you acknowledge this risk and agree that RiskMeter is not liable for service interruption arising from a scan performed in good faith within the scope described in Section 1.
5. Authority
The signer represents that they are authorized by your business to approve security testing of the Scope. RiskMeter relies on this representation in performing the scan and will not independently verify the signer's authority beyond it.
6. Confidentiality of findings
Findings produced by the scan — including the executive summary report, severity counts, and the underlying issue records — are treated as confidential by RiskMeter and are not disclosed to third parties without prior written consent from a representative of the signing entity. Aggregated and anonymized statistics may be used for internal service-quality monitoring.
7. Termination and revocation
This authorization may be revoked at any time by email to hello@riskmetercybersecurity.com. RiskMeter will halt any in-progress scan upon receipt of revocation. Revocation does not retroactively un-authorize testing that has already occurred.
8. Limitation of liability
RiskMeter's total cumulative liability arising out of or relating to a scan performed under this authorization is limited to the amount paid for the scan, or USD 50.00 in the case of a free scan run under a promotional code. RiskMeter is not liable for consequential, incidental, special, or indirect damages.
9. Governing law
This authorization is governed by the laws of the State of Delaware, United States, without regard to its conflict-of-laws principles. Any dispute arising under this authorization is subject to the exclusive jurisdiction of courts located in Delaware.
10. Electronic signature
This authorization is executed electronically. A signature consisting of the signer's typed full name, the date and time of submission, a one-way hash of the signing IP address, and the browser user-agent at the time of submission constitutes a binding signature for the purposes of this document. The signed record is retained by RiskMeter and available to the signer upon written request.