← Back to main page
Important information

Access, approval, authorized use, and privacy

This page explains the approval conditions, privacy practices, authorized-use requirements, and account access rules for xLimit.

xLimit is intended only for lawful and authorized security work. Registration does not guarantee approval or activation. Accounts are manually reviewed before activation. By accessing or using xLimit after approval, users agree to the access conditions, privacy practices, and authorized-use restrictions described on this page.

Intended use

xLimit is a research support assistant intended for authorized security testing, approved bug bounty participation, internal security work, contracted penetration testing, research in systems you own or are explicitly permitted to assess, and educational use in controlled environments.

xLimit is designed to support human judgment, analysis, validation, prioritization, and reporting. It does not grant permission to test any target, and it does not replace the user’s responsibility to confirm legal authority, scope, and compliance before acting.

Privacy and account data

xLimit is configured so that administrator access to user conversations is disabled, and administrator export of user conversations is also disabled.

For account approval and activation, xLimit requires basic account information including the applicant’s email address and username. This information is used for registration review, account activation, service administration, support, and related access communications.

xLimit does not require applicants to provide unnecessary personal information for standard activation. Outside of the account details needed to operate the service, applicants should avoid sending sensitive personal data unless specifically required for a support or account issue.

Prohibited use

xLimit must not be used to facilitate or support:

  • unauthorized access to systems, accounts, networks, or data
  • out-of-scope testing or exploitation
  • credential abuse, phishing, or impersonation
  • malware deployment, persistence, evasion, or destructive actions
  • data theft, disruption, harassment, or unlawful interference
  • activity directed at third-party systems without proper permission

Users are solely responsible for ensuring that every activity performed with the assistance of xLimit is lawful, authorized, and within scope.

Manual review and approval

Registration alone does not create access. All accounts are subject to manual review before activation.

Applicants may receive an access review email summarizing the applicable access conditions, privacy practices, authorized-use restrictions, and activation requirements.

By accessing or using xLimit after approval, the user agrees to use xLimit only for lawful, authorized, and in-scope security work. If a user does not agree with these conditions, they should not use xLimit.

Providing inaccurate information, suspected misuse, abuse complaints, payment issues, fraud concerns, or legal risk may result in denial of access, delayed activation, suspension, restriction, or termination.

Activation and access conditions

If an account is approved, xLimit will send a separate activation email confirming that access has been granted and describing the active access period.

By using xLimit after approval, the user acknowledges that xLimit is offered only for lawful and authorized security work, that administrator access to user conversations and conversation export is disabled at the application level, and that xLimit requires basic account details such as email address and username for review, activation, support, and service administration.

The user also acknowledges that they are solely responsible for ensuring their activities are properly permitted, lawful, and within the scope of the relevant program, engagement, lab, or system owner approval.

Access condition:

By accessing or using xLimit after approval, you agree to use xLimit only for lawful, authorized, and in-scope security work. If you do not agree, do not use xLimit.

Account status and enforcement

xLimit reserves the right to deny, suspend, restrict, or terminate access where misuse, suspected misuse, policy violations, fraud, abuse complaints, inaccurate registration information, payment disputes, or legal risk is identified.

Approval is discretionary. Access may be refused or removed even after registration or payment where activation requirements are not satisfied or where use appears inconsistent with the intended purpose of the service.

Additional policies

This page is a summary of key access, privacy, and authorized-use conditions. Additional service terms, acceptable use restrictions, refund conditions, and support procedures may apply separately.

For questions regarding access review or account status, contact [email protected].