Use GetLeaked to scan what you are allowed to scan.

You may use GetLeaked if you can legally enter these terms and you agree to use the service only for lawful security review. GetLeaked is built for founders, developers, and small teams checking their own public apps, launch previews, and repositories before shipping.

By submitting a URL, you represent that you own it, maintain it, are part of the team responsible for it, or have clear permission to scan it. Permission matters. Publicly reachable does not automatically mean authorized. If you are unsure whether you are allowed to scan a target, do not submit it.

GetLeaked may only be used for defensive security checks on systems you own or have permission to assess. You may not use it to probe unrelated external systems, harass a target, automate broad scanning of the public internet, evade rate limits, test stolen credentials, exfiltrate data, or support phishing, fraud, spam, malware, or unauthorized access.

You may not overload the service, bypass technical controls, reverse engineer private parts of the service, resell access without permission, or submit targets in a way that creates legal, operational, or safety risk for other people. We may block scans, throttle requests, or suspend access when behavior looks abusive or outside the intended builder use case.

GetLeaked offers a Free URL Scan and a paid Deep Scan at $49 per scan, billed as a one-time payment in SOL or USDC on Solana. There is no subscription. Features may change, scan categories may be added or removed, reports may contain false positives or false negatives, and availability may be interrupted while the service is improved.

We try to make the scanner useful and accurate, but we do not promise uninterrupted access, complete coverage, or a perfect report. A scan result reflects the checks performed at that time, against the submitted target, with the product capabilities then available.

The Deep Scan costs $49 USD, payable as a one-time on-chain transaction in SOL or USDC on the Solana network. Payment is confirmed by verifying the transaction on-chain; once confirmed, Deep Scan access is unlocked for the submitted target.

Because payment is on-chain and the scan begins immediately upon verification, payments are generally non-refundable once the scan has been initiated. If you experience a technical failure that prevents scan delivery after a confirmed payment, contact contact@getleaked.sh with your transaction reference and we will investigate.

GetLeaked is a launch-risk reduction tool, not a substitute for a formal penetration test, legal compliance review, secure development lifecycle, incident response process, or professional security engagement. It focuses on practical signals common in AI-built web apps: exposed secrets, public bundle risks, risky AI calls, public-surface mistakes, and framework-specific misconfiguration patterns.

The scanner will not catch every vulnerability. It may miss server-side issues, infrastructure flaws, business-logic bugs, authorization gaps, supply-chain problems, private source history, runtime-only behavior, and vulnerabilities outside its configured checks. You remain responsible for deciding whether your system is safe to launch or operate.

Reports are provided for informational and operational use. A finding may include evidence, severity, likely impact, and a suggested fix, but you are responsible for validating the issue in your own environment and applying any remediation safely. Do not paste secrets, private keys, seed phrases, or sensitive customer data into GetLeaked or into support emails.

If a report identifies a leaked key or token, rotate it with the provider immediately. Removing a scan record or deleting a finding does not revoke a credential that was already exposed in your app, repo, logs, or browser bundle.

GetLeaked is provided on a best-effort basis and, to the maximum extent permitted by law, as-is and as-available. We disclaim warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, and complete vulnerability detection.

To the maximum extent permitted by law, Crescent Labs and the GetLeaked operators will not be liable for indirect, incidental, consequential, special, exemplary, or punitive damages, or for lost profits, lost revenue, loss of data, business interruption, security incidents, or reputational harm arising from use of or inability to use the service. Our total liability for any claim related to the service is limited to the amount you paid for the service in the three months before the claim, or zero if you used only the free scan.

We may suspend or terminate access if you violate these terms, create risk for the service or other people, submit unauthorized targets, abuse free capacity, or use GetLeaked for offensive activity. You may stop using the service at any time.

Termination does not remove obligations that should reasonably survive, including acceptable-use restrictions, disclaimers, limitations of liability, and any payment obligations for paid services already provided.

These terms are governed by the laws of the United Arab Emirates, without regard to conflict-of-law rules. Disputes arising from use of GetLeaked will be resolved in UAE jurisdiction.

For questions about these terms, contact contact@getleaked.sh. For security-sensitive reports, include only the minimum information needed to identify the scan or target. Do not send secrets, private keys, wallet keys, seed phrases, or live credentials by email.