Olimpio

Terms of Use

Last updated: 31 May 2026

1. About Olimpio and these Terms

Olimpio Security ("Olimpio", "we", "us", or "our") provides a self-serve external vulnerability scanning platform at olimpio.io and app.olimpio.io. The service allows users to run automated external security scans against domains and external IP addresses they own or are authorised to scan, and to receive plain-English reports summarising findings.

These Terms of Use ("Terms") govern your access to and use of the Olimpio platform, website, and any related features or reports. By creating an account or using the service, you agree to these Terms. If you do not agree, do not use the service.

Olimpio Security Ltd is a company registered in England and Wales.

2. The service

Olimpio is a self-serve SaaS platform. Once registered, you may:

  • Submit external domains or external IP addresses for automated scanning.
  • Receive a plain-English report summarising findings, open ports, services, and detected vulnerabilities.
  • Download PDF reports of your scan results.
  • On paid plans, connect a GitHub account via a Personal Access Token to scan for exposed or leaked API keys and secrets across linked repositories.

External attack surface only. Olimpio scans external domains and external IP addresses that are publicly reachable over the internet. It does not perform internal network scanning, scan behind firewalls, or access systems that are not publicly internet-facing.

The platform is automated. We do not provide a managed assessment service, scoping calls, manual penetration testing, or bespoke consultancy.

3. Account tiers

Olimpio offers the following account tiers:

  • Free — includes a limited number of external scans, a standard scan of the top 1,000 ports, AI explanations for top findings, and one watermarked PDF report. No credit card required.
  • Starter (£49/month) — includes unlimited scans, deep scan mode (all 65,535 ports), AI explanations for all findings, Cyber Essentials mapping, secrets detection, scheduled scans, and PDF reports without watermark.

Starter is billed monthly. You may cancel at any time. Payments are processed by Stripe. We do not store payment card details.

4. Authorised use — what you may scan

You may only scan assets you own or are explicitly authorised to test. This is a strict condition of using the service.

You confirm and warrant that, before running any scan, you either:

  • own the domain, IP address, or system being scanned; or
  • hold documented, current written authorisation from the system owner to perform external security scanning of the specified target.

Unauthorised computer access and unauthorised security testing are offences under the Computer Misuse Act 1990 (and equivalent laws in other jurisdictions). Scanning targets you do not own or are not authorised to test may expose you to criminal liability and civil claims regardless of whether Olimpio is used as the tool.

You must not use Olimpio to:

  • Scan domains, IP addresses, or systems belonging to third parties without their written permission.
  • Attempt to access, probe, or interfere with systems you are not authorised to test.
  • Conduct denial-of-service, destructive, or exploit-based attacks.
  • Misrepresent your authority to scan a given target when registering or running a scan.
  • Circumvent rate limits, access controls, or security measures of the platform.
  • Use the platform for any unlawful purpose.

We may suspend or terminate accounts where we have reasonable grounds to believe authorisation requirements have not been met, where targets submitted appear to be third-party systems, or where misuse is suspected. We reserve the right to report suspected unlawful use to relevant authorities.

5. GitHub integration and Personal Access Tokens

Starter accounts may optionally connect a GitHub account by providing a Personal Access Token (PAT). This enables Olimpio to scan your linked repositories for exposed or leaked API keys and secrets.

By connecting a GitHub account you confirm:

  • You are providing a PAT for repositories you own or are authorised to audit.
  • You will not provide tokens with write, admin, or deployment permissions beyond what secrets detection requires.
  • You understand that Olimpio will read repository content to identify potential credential exposures.

You may revoke the PAT at any time from your GitHub account. We will stop scanning if we detect the token has been revoked or is invalid.

6. Your responsibilities

You are responsible for:

  • Verifying you have authorisation before submitting any scan target.
  • Maintaining the security of your account credentials.
  • Ensuring any team member or colleague using your account also complies with these Terms.
  • Notifying relevant internal teams, hosting providers, or managed service providers where required before scanning.
  • Reviewing scan findings and deciding independently how to prioritise and implement remediation steps.
  • Having qualified personnel apply any changes to live systems and validating those changes in a test environment first where practical.

7. Scan and report limitations

Olimpio is designed to identify common external exposures, open ports, running services, known CVEs, and misconfigurations visible from the internet. It provides a useful and practical starting point for improving your external security posture.

Scans are automated and are not a substitute for a full professional penetration test. They are limited by factors including scan depth selected, port range, publicly available vulnerability data, network conditions, tool coverage, and changes made between scans.

Results are a point-in-time snapshot. New vulnerabilities may emerge after a scan is completed. Scans do not cover internal systems, applications requiring authentication, social engineering, or physical security.

Remediation guidance is provided to help prioritise next steps but should be reviewed in the context of your specific environment before implementation.

8. Reports and intellectual property

Scan reports generated by the platform are made available to you for your own internal security improvement, compliance, and remediation planning.

The Olimpio name, logo, platform, software, scanning methodology, report templates, and all related materials are owned by Olimpio Security Ltd. Nothing in these Terms transfers ownership of Olimpio intellectual property to you.

You may not resell, redistribute, or present Olimpio reports or output as your own proprietary security product without written permission. IT consultants and MSPs using Olimpio Starter may share PDF reports with their own clients as part of a security advisory service, provided the Olimpio source is clearly attributed.

9. Suspension and termination

We may suspend or terminate your account at any time where:

  • You breach these Terms, in particular the authorised use provisions.
  • We have reasonable grounds to believe your use is unlawful.
  • Scan activity appears to target systems you are not authorised to test.
  • Payment of a Starter subscription is overdue.
  • Continued access would expose Olimpio or third parties to harm or legal risk.

If you cancel a Starter subscription, your account reverts to Free tier at the end of the current billing period.

10. No security guarantee

Cybersecurity risk cannot be fully eliminated. Olimpio does not guarantee that every vulnerability, exposure, misconfiguration, or weakness will be identified. Scan coverage varies by target, port range, and available vulnerability data. An Olimpio report is a practical aid, not a certification or assurance of security.

11. Limitation of liability

To the maximum extent permitted by applicable law, Olimpio Security Ltd will not be liable for indirect, consequential, incidental, special, or punitive losses, including loss of profits, loss of data, security incidents, business interruption, or losses arising from reliance on scan results or remediation guidance.

Our total liability for any direct loss will not exceed the amount you paid to us in the three months prior to the event giving rise to the claim, or £100 where no payment has been made.

Nothing in these Terms excludes or limits liability for fraud, personal injury or death caused by negligence, or any other liability that cannot be excluded by law.

12. Third-party services

The platform uses third-party infrastructure, vulnerability data sources, and services to operate. These may have their own terms and limitations. We are not responsible for third-party service availability, accuracy, or any changes those providers make.

The Olimpio website may link to external resources for reference. We are not responsible for content on third-party websites.

13. Changes to these Terms

We may update these Terms from time to time. The "Last updated" date at the top of this page reflects when the current version was published. Continued use of the platform after we notify you of changes (by email or in-app notice) constitutes acceptance of the updated Terms.

14. Governing law

These Terms are governed by the laws of England and Wales. Any disputes will be subject to the exclusive jurisdiction of the courts of England and Wales.

15. Contact

If you have questions about these Terms, contact us at joe@olimpio.io.

These Terms are provided as a working document and have not been reviewed by a qualified legal professional. They should be reviewed by a solicitor before being relied upon, particularly given that the product handles credentials, customer data, and security scanning activity.