Terms of Service

Last updated: March 12, 2026

By downloading, installing, or using Hugin you agree to these terms. If you don't agree, don't use the software.

1. Acceptable Use

Hugin is a security intercepting proxy designed for authorized security testing. You may use Hugin for:

  • Bug bounty programs listed on platforms such as HackerOne, Bugcrowd, YesWeHack, Intigriti, and similar
  • Penetration testing engagements with written authorization from the system owner
  • Capture The Flag (CTF) competitions and security training exercises
  • Security education, academic research, and personal skill development
  • Testing applications you own or have explicit permission to test

You are solely responsible for ensuring you have proper authorization before testing any system. "I was using a security tool" is not a legal defense for unauthorized access.

2. Prohibited Use

You must not use Hugin for:

  • Unauthorized access to systems, networks, or data you do not own or have permission to test
  • Denial of service attacks or any activity intended to disrupt services for others
  • Mass exploitation, automated attacks against targets without authorization, or worm-like propagation
  • Supply chain attacks, dependency confusion, or poisoning of package registries
  • Developing, distributing, or deploying malware
  • Any activity that violates applicable local, national, or international law

Violation of these prohibitions may result in immediate account termination and, where required, cooperation with law enforcement.

3. Accounts and Responsibility

Hugin accounts are anonymous. Your account is identified by a randomly generated account ID. We do not collect your email, name, or any personally identifiable information.

You are responsible for all activity conducted under your account ID. Keep your account ID secure. If you lose it, we cannot recover it — there is no email on file, no password reset, no recovery flow. This is by design.

If you believe your account ID has been compromised, you should stop using it immediately and create a new account.

4. Payment Terms

The Pro license is prepaid. You pay for a specific duration up front. There is no auto-renewal. When your prepaid time expires, your account reverts to the Community tier until you choose to pay again.

  • Cryptocurrency payments: All crypto payments are final. No refunds.
  • Card payments: May be refunded within 14 days of purchase if you have not used Pro features. See /refund for details.
  • Price changes: We may adjust pricing at any time. Any prepaid time you have already purchased will be honored at the duration you paid for, regardless of price changes.

5. Device Limits

Each account may be active on a maximum of 2 devices simultaneously. This limit is enforced server-side. If you attempt to activate a third device, you must first deactivate one of your existing devices from your account page.

Sharing your account ID with others to circumvent the device limit is a violation of these terms and may result in account termination.

6. Community Tier

The Community tier is free forever. It includes the proxy, scanner, intruder, repeater, sequencer, decoder, and basic MCP tools. There are no restrictions on commercial use of the Community tier — you can use it in paid engagements.

Pro features (vurl MCP tools, Synaps modules, ratrace, extensions, multi-project, collaboration) require an active Pro license.

7. Student Program

Students with a valid GitHub Student Developer Pack are eligible for 12 months of Pro at no cost. Verification is done through GitHub OAuth — we check your Student Developer Pack status, nothing else.

Abuse of the student program — including using a fake student status, re-enrolling after your student status has expired, or using someone else's GitHub account — will result in termination of the student Pro license and may result in permanent account termination.

8. Intellectual Property

Hugin is proprietary software. The Community tier is free to use but the source code is not provided. You may not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of Hugin, except to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.

The Hugin name, logo, and branding are our intellectual property. You may reference Hugin in blog posts, conference talks, and similar content, but you may not use our branding in a way that implies endorsement or affiliation.

9. WASM Modules (Synaps)

Hugin supports community-authored WASM scanner modules through the Synaps system. These modules run in a sandboxed environment with execution limits (fuel-based instruction cap, memory cap). Despite sandboxing, we make no guarantees about the behavior, accuracy, or safety of third-party modules.

Module authors retain all intellectual property rights to their modules. By publishing a module to the Synaps ecosystem, authors grant Hugin a non-exclusive license to distribute and execute the module within Hugin. Authors may remove their modules at any time.

You use third-party modules at your own risk. We are not responsible for false positives, false negatives, or any unintended behavior of community modules.

10. Disclaimer of Warranty

Hugin is provided "as is" and "as available" without warranty of any kind, express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

We do not guarantee that Hugin will find every vulnerability in a target application. Security testing is inherently incomplete — no tool can promise full coverage. Hugin is one tool in your arsenal, not a guarantee of security.

We do not guarantee uninterrupted or error-free operation. License verification requires periodic connectivity to our servers. If our servers are temporarily unavailable, Pro features may be inaccessible until connectivity is restored.

11. Limitation of Liability

To the maximum extent permitted by applicable law, we shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenue, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from:

  • Your use of or inability to use Hugin
  • Any unauthorized access to or use of systems conducted using Hugin
  • Any bugs, vulnerabilities, or errors in Hugin itself
  • Any third-party modules, extensions, or integrations
  • Any interruption or cessation of the license verification service

You are solely responsible for the legality of your actions when using Hugin. We are not liable for damages arising from your use of Hugin against systems you do not have authorization to test.

12. Termination

We may suspend or terminate your account at any time if we reasonably believe you are violating these terms, particularly the acceptable use and prohibited use provisions. Termination means revocation of your Pro license (if applicable) and deactivation of your account ID. No refund is provided for termination due to terms violation.

You may delete your account at any time from your account page. Account deletion is immediate and irreversible. Any remaining prepaid Pro time is forfeited.

13. Governing Law

These terms are governed by and construed in accordance with the laws of the European Union and the applicable member state. Any disputes arising from these terms or your use of Hugin shall be subject to the exclusive jurisdiction of the competent courts within the EU.

14. Changes to These Terms

We may update these terms from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Hugin after changes are posted constitutes acceptance of the updated terms.

For material changes that significantly affect your rights, we will make reasonable efforts to provide notice through the Hugin application itself.

Questions about these terms? Reach out via GitHub Discussions.