Yes, when used as intended. All scanning and active assessment capabilities are designed to operate within explicitly authorized scope. Hax.nu is built for authorized testing only — use against systems you do not own or have written permission to test is not supported and violates our terms of use.

Authorization and scope verification are built into the intake process for scan and assessment workflows. Active discovery does not initiate until ownership or explicit written authorization is verified.

Hax.nu is designed for authorized exposure management and continuous validation, not adversarial red team simulations. It is best suited for teams who want ongoing visibility and practical risk reduction, not full adversary emulation exercises.

Unauthorized use is a violation of our terms and potentially applicable computer crime laws. We retain the right to suspend access and cooperate with relevant authorities if misuse is detected.

Hax.nu is a cloud-based SaaS platform. Self-hosted deployment options are on the roadmap for enterprise and MSP use cases with strict data residency requirements.

Scan results, asset inventories, and finding records are stored securely per your workspace. Config uploads for audit services are handled through a secure intake process. Full data handling guidance is available in the privacy policy.

Config files submitted for audit are encrypted in transit and at rest, access-controlled to your workspace, and handled with care given the sensitive nature of security configuration data. Retention policies are documented in the privacy policy.

Yes. The platform is architected with organization and workspace isolation. MSPs can manage separate client workspaces with appropriate access controls. Multi-tenant MSP features are actively being expanded.

SMBs and MSPs who need practical security visibility without enterprise overhead, lean internal IT and security teams, vCISOs managing multiple clients, and organizations that want repeatable reporting and advisory workflows.

Hax.nu focuses on external exposure, continuous validation, and advisor-grade reporting rather than log aggregation and alert triage. It complements a SIEM by providing the outside-in perspective and executive communication layer that SIEMs typically do not address well.

No. Hax.nu is designed to work for organizations without a full-time security function. The platform translates technical findings into plain language and provides guided next steps so IT generalists and operators can act on results without needing a specialist on hand.

Yes. The platform produces documentation useful for compliance contexts — asset inventories, exposure reports, remediation tracking, and executive summaries. Hax.nu is not itself a compliance product, but its outputs are structured to support audit evidence and risk documentation requirements.

Use the contact form to describe your environment and goals. We will schedule a brief scoping call to understand your current posture and recommend the right starting point — whether that is an assessment, a product, or a combined path.

Most project-based engagements run 1–3 weeks from kickoff to deliverable. Recurring services are set on a schedule agreed during onboarding. We work to scope engagements so results are useful without requiring months of lead time.

Yes. Hax.nu is designed to be adoptable incrementally. Starting with attack surface visibility or the report generator is a common first step, with more modules added as your security operating rhythm develops.