Last updated 2026-05-23
XowiaScan is operated by Xowia Labs, a subsidiary of Xowia Technologies, an information security company incorporated in India. References to "we", "our" or "us" in this document refer to Xowia Labs. Governing law: India. Disputes are subject to the exclusive jurisdiction of competent courts in India.
XowiaScan provides offensive-security tooling intended only for systems you own or for which you hold explicit, written authorization (e.g. an in-scope bug-bounty program or a signed engagement). Using these tools against systems without authorization may be illegal in your jurisdiction and is strictly prohibited.
You are solely responsible for how you use the tools and for ensuring your testing is lawful and authorized. XowiaScan ships scope controls and rate limits to assist, but does not verify authorization on your behalf. We accept no liability for misuse or for any damage resulting from your activity.
No unauthorized scanning, exploitation, DoS, scanning of critical infrastructure, or use of the platform to attack XowiaScan or other users. We may suspend accounts for abuse.
Xowia Labs is the data fiduciary for XowiaScan. We process account details (name, email, password hash), tool usage and metered scan results in your private history, projects you create and audit/security logs. We do not sell your data and we do not use it for advertising. Under India's Digital Personal Data Protection Act, 2023 you have the right to access, correct, erase and export your personal data, and to withdraw consent — all available from Settings → Your data / Danger zone in the dashboard. Grievances may also be raised via the contact form; Xowia Labs acts as the Grievance Officer.
We use a single first-party session cookie for authentication. No third-party advertising or tracking cookies.
If billing is enabled, payments are handled by third-party processors (Razorpay/Stripe). We never receive or store card data.
Found a vulnerability in XowiaScan itself? Please report it privately via our contact form before any public disclosure. We appreciate good-faith research.
We may update these terms; continued use constitutes acceptance. Material changes will be reflected by the date above.