1 About us
PCIScan.org is operated by Pool.com.au Pty Ltd (ACN 615 426 929), an Australian proprietary limited company. References in these terms to "we", "us" or "our" mean Pool.com.au Pty Ltd. References to "you" or "your" mean the person or entity using the website or our services.
2 Scope & acceptance
By accessing pciscan.org, running a scan, submitting a contact form, completing the SAQ assessment, or purchasing a paid service, you agree to be bound by these Terms & Privacy. If you do not accept them, please do not use the site.
These terms apply to all visitors and customers, whether you use the free scanner, the Windows app, the assessment questionnaire, or any of our paid services.
3 Use of the scanner
The free PCI Quick Check on this site is provided as an educational pre-scan. It is not a substitute for an Approved Scanning Vendor (ASV) report. Results are indicative only and may include false positives or false negatives.
Acceptable use
- You must only scan domains, IP addresses or systems that you own or are expressly authorised to test.
- You must not use the scanner to harass, attack or attempt to compromise third parties.
- You must not attempt to overload, abuse, reverse-engineer or interfere with the scanner or the site.
- Automated bulk use, scraping, or commercial resale of scan results is prohibited without written permission.
Important
Unauthorised port scanning or security probing of systems you do not own may breach Part 10.7 of the Australian Criminal Code Act 1995 and equivalent laws in other jurisdictions. You are solely responsible for ensuring you have authorisation before scanning any target.
4 Paid services
We offer paid services including the ASV scan, Windows Server initial configuration, Diagnose & Repair, and SAQ assistance. All prices are quoted in USD and processed via Stripe.
Purchase of a paid service forms a separate engagement between you and Pool.com.au Pty Ltd. The scope, deliverables and any service-specific terms are described on the relevant service page at the time of purchase.
You are responsible for providing accurate information, valid credentials (where required) and timely access so that we can perform the work. Where we cannot proceed because of information you have failed to provide, we may pause or cancel the engagement.
5 Refunds
Each paid service has its own refund position, set out on its product page. In summary:
- Diagnose & Repair — full refund if we cannot resolve the issue, as described on the service page.
- SAQ assistance — full refund if our team cannot fully understand your server or deployment scenario, as described on the assessment page.
- ASV scan and Server initial configuration — refunds are considered case-by-case where we are at fault. Change-of-mind refunds are not generally provided once work has commenced.
Refund requests should be sent to info@pcicompliance.com.au and will be processed back to the original payment method within a reasonable time.
6 Intellectual property
All content on pciscan.org — including the scanner logic, page layout, copy, graphics, logos and the underlying source — is owned by or licensed to Pool.com.au Pty Ltd and protected by Australian and international copyright laws.
You may view and print pages for your own internal, non-commercial use. You may not republish, reproduce, sell or substantially copy any part of the site without our prior written consent.
The official PCI DSS SAQ documents linked from this site are the property of the PCI Security Standards Council and are made available under their own terms.
7 Disclaimers & liability
The free scanner and assessment questionnaire are provided "as is" and "as available", without warranties of any kind, whether express, implied or statutory, to the extent permitted by law.
We do not warrant that the scanner will detect every vulnerability, that results are free from error, or that the site will be uninterrupted or secure.
To the maximum extent permitted by law, our total aggregate liability to you for any claim arising out of your use of the free site or its content is limited to AUD $100. For paid services, our liability is limited to the amount you paid for the specific service giving rise to the claim.
Nothing in these terms excludes or limits any guarantee, right or remedy you may have under the Australian Consumer Law that cannot lawfully be excluded.
8 Privacy policy
This policy explains what personal information we collect, how we use it, and your rights. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
9 Data we collect
When you run a scan
- The target you entered (domain or IP).
- Your IP address, used for rate-limiting and abuse prevention.
- The check results and a generated HTML report stored on our server.
- A timestamp and a randomly generated scan identifier.
Scan reports are retained on our server so they can be downloaded or emailed via a link. They may be removed at any time at our discretion or on request.
When you contact us, request the SAQ assessment, or email a report
- Your name, email address, and any message content you provide.
- Your IP address and basic browser information attached to the request.
When you purchase a paid service
- Billing details handled directly by Stripe — we do not see or store your card number, CVV or expiry.
- The order reference and email address, used to deliver the service and any receipt.
We do not knowingly collect information from children under 13 and the site is not directed at children.
10 Cookies
We use a small number of cookies and equivalent storage:
- Session cookies for the admin portal and form state. These expire when you close your browser.
- No third-party advertising or tracking cookies are used.
You can disable cookies in your browser settings. Some site features (such as the admin portal) require cookies to function.
11 Third parties
The following third parties may receive limited information when you use specific features:
- Stripe — payment processing for paid services. Subject to Stripe's privacy policy.
- Microsoft Store — if you choose to download our companion Windows app, the Microsoft Store handles delivery under Microsoft's privacy statement.
- jsDelivr / public CDNs — the site loads small JavaScript libraries from public CDNs which may log standard request data such as IP and user-agent.
We do not sell your personal information to anyone, ever.
12 Security
We take reasonable steps to protect the information we hold, including TLS in transit, restricted server access and least-privilege design. However, no system can be made fully secure and you provide information to us at your own risk.
If you believe a security issue exists with this site, please email info@pcicompliance.com.au with details. We welcome responsible disclosure.
13 Your rights
Under the Australian Privacy Principles you may:
- Request access to the personal information we hold about you.
- Request that we correct information that is inaccurate or out-of-date.
- Request deletion of a stored scan report or contact submission.
- Make a privacy complaint — we will respond within 30 days.
To exercise any of these rights, email info@pcicompliance.com.au. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner.
14 Governing law
These terms are governed by the laws of Queensland, Australia. You and Pool.com.au Pty Ltd submit to the exclusive jurisdiction of the courts of Queensland and the Commonwealth courts sitting in Queensland in respect of any dispute arising out of or in connection with these terms.
15 Changes to these terms
We may update these Terms & Privacy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the site after a change means you accept the updated terms. We recommend you check this page occasionally.