Appearance

Disclaimer

Effective Date: June 02, 2026 Last Updated: June 02, 2026

This Disclaimer applies to all use of the CoreFix platform, including code scanning, web application scanning, AI-generated fixes, and related features.

1. Authorization Required for Web Application Scanning

CoreFix web application scanning sends real security test payloads — including SQL injection, cross-site scripting (XSS), server-side request forgery (SSRF), server-side template injection (SSTI), authentication bypass attempts, and other attack vectors — to the target URL you specify.

You must have explicit written authorization from the owner of the target website or application before initiating any web scan. By starting a web scan, you represent and warrant that:

  • You own the target application, or
  • You have explicit, documented authorization from the owner or organization that owns the target to perform security testing against it
  • You are conducting the scan in a lawful manner, in compliance with all applicable laws and regulations in your jurisdiction
  • The target is a test, staging, or UAT environment, or you accept the risks of scanning a production system

CoreFix is not responsible for any consequences resulting from unauthorized scanning, including but not limited to:

  • Legal action taken against you by the target owner
  • Service disruption, downtime, or data corruption on the target system
  • Violation of computer fraud and abuse laws (CFAA in the US, IT Act in India, Computer Misuse Act in the UK, or equivalent laws in your jurisdiction)
  • Network or infrastructure damage caused by scanning activity

If you are unsure whether you have authorization, do not scan. Contact the target owner first.

2. AI-Generated Code Fixes

CoreFix uses large language models to generate code fix suggestions and pull requests. These AI-generated fixes are provided as recommendations and are not guaranteed to be correct, complete, or safe.

CoreFix is not responsible for any damage caused by applying AI-generated code changes, including but not limited to:

  • Bugs, errors, or regressions introduced by AI-generated patches
  • Application outages or downtime caused by merged fix PRs
  • Data loss, data corruption, or security incidents resulting from incorrect fixes
  • Compliance violations introduced by AI-modified code
  • Production incidents of any kind arising from auto-generated code changes

You are solely responsible for reviewing, testing, and validating all AI-generated code before merging it into any branch, especially production branches. We strongly recommend:

  • Reviewing every line of the generated diff before approval
  • Running your existing test suite against the proposed changes
  • Having a team member review the fix PR, as you would any human-authored PR
  • Using staging or preview environments to validate fixes before production deployment

CoreFix is AI-powered and can make mistakes. Learn more about AI limitations.

3. Scan Results and Security Findings

CoreFix scan results are generated by open source security scanners and AI enrichment. They are provided on an as-is basis and should not be treated as a comprehensive or definitive security assessment.

CoreFix does not guarantee:

  • That all vulnerabilities in your code or application will be detected
  • That reported findings are free from false positives or false negatives
  • That risk scores accurately reflect the real-world severity of a vulnerability
  • That following remediation suggestions will fully resolve a security issue

CoreFix is a tool to assist your security process, not replace professional security review, penetration testing, or compliance auditing. Critical applications should supplement automated scanning with human security review.

4. Third-Party Scanners

CoreFix integrates open source security tools including OpenGrep, Gitleaks, OSV-Scanner, KICS, Kubescape, OWASP ZAP, Nuclei, Nmap, testssl.sh, and SSLyze. These tools are maintained by their respective communities and are subject to their own licenses, limitations, and accuracy characteristics.

CoreFix is not responsible for bugs, false positives, false negatives, or limitations in third-party scanner output. We orchestrate and enrich their results but do not control their detection logic.

5. Service Availability

CoreFix is provided on an "as available" basis. We do not guarantee uninterrupted, error-free, or continuous operation of the platform, scanners, AI pipeline, or any component of the Service. Scheduled and unscheduled maintenance may occur without prior notice.

6. No Legal, Compliance, or Professional Advice

Nothing in CoreFix's scan results, reports, AI suggestions, or documentation constitutes legal advice, compliance certification, or professional security consulting. CoreFix does not certify compliance with any standard, regulation, or framework (including but not limited to SOC2, ISO 27001, HIPAA, PCI-DSS, GDPR, or DPDP).

If you require compliance certification or legal guidance, consult a qualified professional.

7. Limitation of Liability

To the maximum extent permitted by applicable law, CoreFix, its founders, employees, and contributors shall not be held liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from the use of the Service, including but not limited to damages from unauthorized scanning, AI-generated code, missed vulnerabilities, false positives, data loss, or service interruptions.

8. Indemnification

You agree to indemnify and hold harmless CoreFix from any claims, damages, losses, liabilities, or expenses (including legal fees) arising from:

  • Your unauthorized scanning of websites or applications
  • Your use of AI-generated code fixes without adequate review and testing
  • Your violation of any applicable law or third-party rights through use of the Service
  • Any action taken by third parties against you as a result of your use of the Service

9. Acknowledgement

By using CoreFix, you acknowledge that you have read, understood, and agreed to this Disclaimer. If you do not agree with any part of this Disclaimer, do not use the Service.

Contact

For questions about this Disclaimer, contact us at:

Email: [email protected] Address: 503, Capital Park, Capital Pk Rd, Cyber Hills Colony, VIP Hills, Silicon Valley, Madhapur, Hyderabad, Telangana 500081, India.