Terms of Service
Last updated: April 23, 2026
What Bastion is (and isn't)
Bastion is a security scanner that flags common vulnerabilities in web projects. It catches a lot, but a clean scan doesn't mean your app is bulletproof. We wouldn't claim otherwise.
Best effort, not a guarantee
Our checks cover the issues we see most often, but they're not a substitute for a professional penetration test. Bastion might miss things. It might flag something that turns out to be fine. If a breach would be catastrophic for your project, invest in dedicated security review too.
Your call, your responsibility
We show you what we find and explain how to fix it. Whether you act on it is up to you. The security of your project is your responsibility. We're here to help, not to own the outcome.
Play fair with the URL scanner
Only scan sites you own or have permission to test. Scanning someone else's infrastructure without permission isn't just against our terms, it could be illegal. We'll revoke access if we see misuse.
Billing and refunds
Subscriptions run through Lemon Squeezy. Cancel whenever you want from your billing portal. If you sign up for a paid plan and it's not for you, let us know within 30 days and we'll refund you in full.
Open source
The Bastion CLI is released under the MIT License. Fork it, modify it, ship it. Like all open-source software, it comes as-is with no warranty.
Liability
We stand behind our work, but we can't be held liable for indirect or consequential damages like lost revenue, data breaches, or downtime from using (or not using) Bastion. If something goes wrong, our liability is capped at what you've paid us in the last 12 months.
Updates to these terms
These terms may change. If we make a meaningful update, we'll let you know by email or a notice on the site. Continued use of Bastion after that means you accept the new terms.
Get in touch
Questions? Email support@bastion.wiki.