← home

Terms of Use

Plain-English terms for using Shipshape. The short version: scan only apps you own or are allowed to test, treat results as a limited checkup, and do not misuse the service.

What Shipshape provides

Shipshape is a passive pre-launch checkup of public, browser-visible application surfaces, plus optional owner-verified checks that require domain control proof. It is not a penetration test, certification, compliance audit, or security guarantee.

Your responsibilities

You may scan apps you own, operate, or are explicitly authorized to test. Do not use Shipshape to harass services, bypass access controls, overload systems, or test third-party apps without permission. Owner-verified database checks are only for apps where you can prove control of the scanned origin.

Results and fixes

Findings are based on what Shipshape can observe at scan time. Absence of findings does not mean an app is secure. Fix guidance is practical engineering guidance, not legal, compliance, or professional security advice. Re-scan after changes and review any sensitive incident with a qualified professional when needed.

Payments and monitoring

Paid Fix Packs, Launch Proof reviews, and monitoring are enabled only when the relevant payment and delivery workflows are configured. Stripe handles payment processing where used. Monitoring is a recurring re-scan and alert workflow; it is not continuous protection or a guarantee that every issue will be detected. Launch Proof reviews and proof packs state what was checked at a point in time; they are not certifications, compliance audits, or professional security opinions.

Abuse and availability

We may rate-limit, block, or remove usage that looks abusive or unsafe. The service is provided as-is and may change as the product evolves.

For questions, deletion requests, or billing support, email support@shipshape.app.