Email Policy

Scantonomous uses email for service messages only

Scantonomous is an application security platform for individual developers, teams, and enterprises. We use email to help users access their accounts and operate the service safely. We do not use these messages for newsletters, bulk promotions, or purchased-list outreach.

What we send

Verification codes for account sign-up, password resets, email changes, and MFA
Team invitations sent by an account administrator
Findings export notifications when a requested export is ready for download
Scan failure alerts when a scheduled scan encounters errors
Policy change notifications when we make material updates to our terms, privacy policy, or cookie policy

Who receives these emails

Users who created or maintain a Scantonomous account
People invited by an account administrator to join a Scantonomous team
The user who requested a findings export (export ready notifications)
The account billing email address (scan failure alerts)

Emails you cannot disable

These emails are required for account security and service operation. They cannot be turned off.

Verification codes (sign-up, password reset, email change)
Team invitations
Account closure and data deletion confirmations
Policy change notifications (terms, privacy, cookies)

Emails you can control

These notifications can be individually toggled or disabled all at once from your notification preferences in the product.

Export ready notifications — managed per user in Profile > Notifications
Scan failure alerts — managed by admins in Account Settings > Notifications

Optional notification emails include an Unsubscribe link in the footer that disables your user-level notifications. Account-level alerts (e.g. scan failures) are managed separately by admins. You can re-enable notifications at any time from the preferences page.

Sender identity and purpose

All emails are sent from noreply@scantonomous.ai. Every email is triggered by a user action (sign-up, password reset, export request, team invite) or by a system event tied to a customer account (scan failure). We never send unsolicited messages.

If you received an email from Scantonomous unexpectedly, use our contact page or email support@scantonomous.ai so we can investigate.

What we do not do

We do not buy, rent, or scrape recipient lists.
We do not send bulk marketing campaigns or newsletters.
We do not use transactional email to send unrelated promotional content.

Email address validation

When you sign up for a Scantonomous account or when an administrator invites a new team member, we validate the email address using a DNS-based mailbox check. This check evaluates syntax, domain validity (MX and address records), and other deliverability signals to help ensure we can reach you with important account and service emails.

If an email address is flagged as undeliverable or high-risk, the sign-up or invitation may be declined with a message asking you to use a different address. This helps protect our sender reputation and reduces the chance of missed account emails such as verification codes and password resets.

If you believe your email address was incorrectly rejected, please contact us at support@scantonomous.ai and we will investigate.

Related policies

See our Privacy Policy for how account information is processed and our Terms of Service for platform rules and responsibilities.