LogoCawght

Terms and Conditions

Last updated: March 24, 2026

Acceptance of Terms

By installing, accessing, or using the Cawght browser extension or any associated services (collectively, the “Service”), you agree to be bound by these Terms and Conditions. If you do not agree to these terms, do not use the Service.

Description of Service

Cawght is an AI-powered business logic testing tool. It consists of a browser extension (available for Chrome and Firefox) and a server backend. The Service records web application traffic that you initiate, uses artificial intelligence to generate adversarial test scenarios targeting business logic vulnerabilities, executes those tests against the target application, and reports its findings.

The Service is provided free of charge. You supply your own AI API key (from Google Gemini, OpenAI, or Anthropic) to power the AI analysis. Cawght does not provide or subsidize API usage — any costs incurred with your AI provider are your responsibility.

User Responsibilities

  • Authorization: You must only use Cawght to test web applications that you own or have explicit written permission to test. Unauthorized testing of third-party applications may violate laws and regulations. You are solely responsible for ensuring you have proper authorization before initiating any scan.
  • Lawful use: You agree to use the Service only for lawful purposes and in compliance with all applicable local, national, and international laws and regulations.
  • Account security: You are responsible for maintaining the security of your Google account used to authenticate with Cawght. You must notify us immediately if you suspect unauthorized access to your account.
  • Accurate information: You agree to provide accurate and complete information when using the Service and to keep your account information up to date.

AI Limitations and No Warranty on Accuracy

Cawght relies on third-party AI models to classify endpoints, generate test scenarios, and evaluate results. AI-generated output is inherently probabilistic and may contain errors, false positives, or false negatives.

  • Cawght does not guarantee the accuracy, completeness, or reliability of any findings or test results.
  • Findings should be treated as indicators for further investigation, not as definitive security assessments.
  • Cawght is not a substitute for professional security audits, penetration testing, or manual code review.
  • You should not rely solely on Cawght's output to make security decisions for production systems.

API Key Usage

To use the AI-powered features of Cawght, you must provide your own API key from a supported provider (Google Gemini, OpenAI, or Anthropic).

  • Your API key is stored locally in your browser's storage and is sent to our server only as a per-request header to facilitate AI processing. We do not persist your API key on our servers.
  • You are responsible for safeguarding your API key and for any charges incurred through your AI provider as a result of using Cawght.
  • You must comply with the terms of service of your chosen AI provider. Cawght is not responsible for any violations of third-party terms arising from your use of the Service.

Data and Privacy

Your use of the Service is also governed by our Privacy Policy, which describes what data we collect, how it is stored, and your rights regarding that data. By using the Service, you consent to the data practices described in the Privacy Policy.

Scan data, test results, and findings are stored on our servers and associated with your account. We use soft-delete — records are marked as deleted rather than permanently removed, allowing for recovery. You may request full deletion of your data by contacting us.

Intellectual Property

The Cawght name, logo, extension code, server code, and all associated materials are the intellectual property of the Cawght team. You may not copy, modify, distribute, or create derivative works from any part of the Service without prior written permission.

You retain ownership of all data you provide to the Service, including application data captured during scans. Cawght does not claim any ownership over your application data or scan results.

Limitation of Liability

To the fullest extent permitted by law, Cawght and its maintainers shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the Service, including but not limited to:

  • Damage caused by executing AI-generated test scenarios against your applications.
  • Data loss, corruption, or unintended side effects resulting from test execution.
  • Security vulnerabilities that Cawght failed to detect.
  • Charges incurred through your AI provider.
  • Any actions taken based on Cawght's findings or lack thereof.

The Service is provided on an “as is” and “as available” basis without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

Termination

We reserve the right to suspend or terminate your access to the Service at any time, with or without cause, and with or without notice. You may stop using the Service at any time by uninstalling the extension and, optionally, requesting deletion of your account data.

Upon termination, your right to use the Service ceases immediately. Provisions of these terms that by their nature should survive termination (including limitation of liability, intellectual property, and disclaimers) will remain in effect.

Changes to These Terms

We may update these Terms and Conditions from time to time. When we do, we will revise the “Last updated” date at the top of this page. Continued use of the Service after any changes constitutes your acceptance of the revised terms. We encourage you to review this page periodically.

Contact

For questions about these terms, open an issue on our GitHub repository or email the maintainer.