Effective June 22, 2026. (v1.2 — adds the per-project scan-permission attestation as a contractual representation; see "What you can scan" below.)
These are the rules for using Canaryflux. By creating an account or running a scan, you agree to them. If you don't agree, please don't use the service. Questions: support@canaryflux.com.
Canaryflux is operated as a sole-proprietor business by Farid Islas, registered with Mexico's Servicio de Administración Tributaria (SAT) under the Persona Física con Actividad Empresarial (PFAE) regime in Mérida, Yucatán, Mexico. When these Terms refer to "Canaryflux," "we," or "us," they mean that business. These Terms are governed by the laws of the United Mexican States; disputes that can't be resolved by email go to the competent courts in Mérida, Yucatán, unless a non-waivable consumer-protection statute in your country requires otherwise.
Canaryflux scans public websites you tell it to scan, captures screenshots on different device profiles, and uses AI to surface visual bugs, accessibility issues, broken layouts, slow pages, and similar quality problems. You get the findings in a dashboard.
We provide the service as-is and on a best-effort basis. Scans may occasionally miss bugs, flag false positives, or fail to load a page. You're responsible for confirming any finding before acting on it.
You represent and warrant, on EVERY scan submission (not only the first per project), that you own or operate the target URL, or have explicit written authorization from the site owner to perform an active scan, AND that you understand a Canaryflux scan loads the page, executes its JavaScript, and captures screenshots + DOM content on multiple device profiles. This warranty is independent of any prior consent recorded by the dashboard.
You may only scan URLs that:
Don't use Canaryflux to:
127.0.0.0/8, ::1), RFC1918 private
ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16),
link-local addresses (169.254.0.0/16) — including cloud-metadata endpoints
such as 169.254.169.254 — or any host not publicly reachable on the open
internet. Our SSRF guard rejects these at submission; the ToS exists so we can also
terminate accounts that intentionally probe them.We may suspend or terminate any account that violates these rules. Severe abuse can result in a permanent ban and forfeiture of any prepaid balance.
Per-project scan-permission attestation. Before each project's first scan, the dashboard asks you to check a box confirming you own the target site or have explicit permission to test it. That click is a contractual representation: it is recorded with the exact text you saw, the attested origin, a timestamp, and the IP + User-Agent at grant time. By checking the box you represent that the statement is true at the time of the attestation and that any scan you subsequently run against the same origin from that project relies on that representation. A false attestation is a material breach of these Terms — see the Indemnification clause below and the "Don't use Canaryflux to" list above.
Scan results, screenshots of URLs you submit, project names, and any other data you put into Canaryflux belong to you. We need a limited license to it just so we can run the service — store it, display it back to you, and send it through our processors (Google, Anthropic, Stripe, etc.) as described in our Privacy Policy. Nothing more.
You can delete your account from the dashboard at any time. Deletion removes your data from our active systems immediately.
The Canaryflux brand, the dashboard UI, the scanner code, our marketing site, and everything we publish under the canaryflux.com domain are ours. You don't get a license to copy, redistribute, or build a competing product from them.
We aim for high uptime but we don't guarantee it. The scanner depends on third-party services (Google, Anthropic, Railway, Vercel, Cloudflare) that can have their own outages. We don't credit downtime caused by upstream failures, but we do work hard to minimize them.
We may take the service down for scheduled maintenance with at least 48 hours' notice via email, except for emergency security patches.
To the maximum extent allowed by law, our total liability to you for any claim related to Canaryflux is capped at the greater of (a) the amount you paid us in the 12 months before the claim arose, or (b) USD $100. We're not liable for indirect, incidental, consequential, special, or punitive damages — including lost profits, lost data, or business interruption.
Some jurisdictions don't allow these limits. Where that's the case, the limits apply to the fullest extent permitted by law.
You agree to defend and hold us harmless from any claim arising from your misuse of the service, your violation of these Terms, your violation of someone else's rights (including intellectual property), or content you submit to Canaryflux that we wouldn't otherwise have handled.
You can terminate your account any time. We can terminate or suspend your account if you materially breach these Terms, abuse the service, fail to pay, or use Canaryflux for anything illegal. On termination, your access ends and your data is deleted per our Privacy Policy.
If we change anything material, we'll email active users at least 14 days before the change takes effect. Continuing to use Canaryflux after the effective date means you accept the updated terms. If you don't agree, cancel before the effective date.
These Terms are governed by the laws of the United Mexican States, without regard to conflict-of-law principles. Any dispute that can't be resolved by emailing support@canaryflux.com will be brought in the competent courts of Mérida, Yucatán — the operating-entity domicile — unless mandatory consumer-protection rules in your country require otherwise.
Anything related to these Terms: support@canaryflux.com.