Specific rules for /romp — the cybersecurity scanner.
Master ToS still applies.
You may only run Romp against systems you own or have explicit written authorization to test. Running Romp against third-party systems without permission may violate the Computer Fraud and Abuse Act (U.S.), the Computer Misuse Act (UK), or equivalent laws elsewhere — and is grounds for immediate account termination on top of any criminal exposure.
Romp is a research-grade tool. Findings are best-effort and may produce false positives, false negatives, or both. Do not rely on a clean Romp scan as a substitute for a real security review.
Anonymous scans: 10 per hour per IP. Authenticated: 100 per hour per account. Programmatic use of the API is governed by the API addendum.
We store your scan input (URL, code paste, JWT) only as long as needed to render the result, plus 24 hours for our own false-positive auditing. No data is shared with third parties.
If Romp surfaces a vulnerability in software you don't own, please follow the affected vendor's responsible-disclosure policy. We will not publish or share findings on your behalf.