./legal/terms-of-service
Terms of Service
Last Updated: May 2026
Hey, welcome to PanicTunnl. We are a developer-led reverse tunneling utility built by Pallav and Ariyan. Our goal is to make local port forwarding as simple and private as possible.
By accessing PanicTunnl via our SSH gateway (ssh.panictunnl.run:2222), using the web frontend (panictunnl.run), or routing traffic through our edge proxy servers (*.panictunnl.run), you agree to these terms. If you don't agree, please terminate your tunnels, close the page, and cease using our tools.
1. Description of Service
PanicTunnl provides end-to-end, high-performance reverse tunneling. It allows developers and homelab operators to securely make local ports accessible via public URLs without manual port forwarding, firewall configuration, or CGNAT workarounds.
The Service is split into:
- Free Tier: No registration or payment key required.
- Paid Tiers (Base and Homelab): Managed via secure, high-entropy random access keys acquired through our payment processor.
2. Zero-Knowledge Architecture & Service Limits
We operate on a Zero-Knowledge Principle regarding user traffic and data:
- No File or Traffic Storage: We do not capture, inspect, intercept, or store the contents, request bodies, or files routed through your tunnels. Tunnels are dynamic, transient pipes implemented purely in-memory.
- No Data Backup: Because our architecture is zero-knowledge, we do not back up your tunnel data, payloads, or custom configurations.
- Uptime and Reliability: Tunnels are subject to disconnection from network latency, server restarts, client timeouts, or resource limits. The Service is provided "as is" and "as available". We do not guarantee continuous, uninterrupted availability.
3. Account-Free Subscriptions & Access Keys
To keep the Service zero-knowledge, there are no traditional user accounts.
- Access Keys: Paid tiers are granted access via secure, high-entropy random API tokens (formatted as
sky_<tier>_<random_chars>). Generated using a cryptographically secure pseudo-random number generator (CSPRNG), these tokens are secret credentials rather than asymmetric cryptographic keypairs (such as SSH Ed25519 or RSA keys). This token acts as your sole credential for paid features. - Key Delivery: Access keys are delivered once to the email address provided during checkout. Save this email. We do not store passwords, and the email is the primary way to recover your key.
- Tunnel Passwords: For private services (e.g., exposing web apps behind authentication), you may optionally configure a tunnel password at SSH connection time. These passwords are never stored in plaintext; they are securely hashed using
bcrypton the server before database insertion.
4. Tiers and Plan Invariants
The Service enforces specific tier parameters built directly into our backend engine:
| Tier | Active Tunnels | Subdomain Type | Bandwidth Limit | Max Session Duration |
|---|---|---|---|---|
| Free | 1 concurrent | Random (<name>-<8chars>) | Up to 30 Mbps | Up to 2 hours (user-selectable TTL) |
| Base | 1 concurrent | Persistent (reclaimable) | Uncapped | Persistent (runs indefinitely while active) |
| Homelab | 5 concurrent | Persistent (reclaimable) | Uncapped | Persistent (runs indefinitely while active) |
- Session Limits (Free Tier): Tunnels created under the Free tier are automatically disconnected when their session duration reaches the chosen TTL (defaulting to the maximum 2 hours).
- Plan Expiry: Persistent connections on paid tiers run continuously until your access key's expiration date. When the subscription expires, the server will force-close any open tunnels.
5. Billing and Refund Policy
All financial transactions, subscriptions, and checkouts are processed exclusively by DodoPayments as our Merchant of Record.
- Bonus Days: Standard subscription durations are credited with bonus days directly in our key registry database (e.g., a 180-day purchase is provisioned for 195 days, and a 365-day purchase is provisioned for 395 days).
- Payment Failures: In the event of payment webhook delays, our backend maintains an automatic email retry queue (up to 10 attempts over several hours) to ensure key delivery.
- Refunds: Refund requests are governed by DodoPayments' terms. Because our Service provides immediate provisioning of cryptographic keys, refunds are granted at our sole discretion or in compliance with DodoPayments' consumer policies.
6. Acceptable Use Policy (AUP) and User Conduct
You are solely responsible for any files, websites, applications, and network services exposed through PanicTunnl.
Prohibited Activities
You agree not to use the Service to:
- Distribute malware, ransomware, viruses, or any other hostile software.
- Host phishing websites, fraudulent services, or engage in social engineering scams.
- Expose material that violates intellectual property rights or copyright laws.
- Execute denial of service (DoS/DDoS) attacks, port scans, or network exploits.
- Bypass local network restrictions in violation of your employer’s or ISP’s policies.
- Share illicit, obscene, or highly harmful content.
Automated Defensive Measures
To protect the integrity of the network, our backend deploys an automated firewall layer:
- Brute-Force Protection: The gateway limits login attempts. 10 failed authentications from an IP within 5 minutes will trigger an automatic 10-minute ban on that IP address.
- Web Application Firewall (WAF): Every HTTP request header and path passing through our edge servers is analyzed by an in-memory WAF pattern-matcher. Common malicious payloads (including SQL Injection, Cross-Site Scripting [XSS], Path Traversal, and Command/Code Injection regexes) are automatically rejected with a
403 Request Blockedresponse. - Connection & Request Rate Limiting: IPs are limited dynamically to prevent service degradation. A token-bucket rate limiter restricts excessive requests per second to block malicious automated scanners.
7. Service Termination and Key Revocation
We reserve the right, in our sole discretion and without prior notice, to:
- Temporary block or permanently ban IP addresses engaged in abusive traffic or brute-force attacks.
- Terminate active tunnels violating our AUP.
- Revoke purchased access keys without refund if a subscriber is found to be hosting prohibited materials or orchestrating network attacks.
8. Disclaimer of Warranties
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, PANICLAB DISCLAIMS ALL WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE SECURE, TIMELY, ERROR-FREE, OR FREE OF DISCONNECTIONS.
9. Limitation of Liability
IN NO EVENT SHALL PANICLAB, ITS OPERATORS (PALLAV AND ARIYAN), OR ITS CONTRIBUTORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA LOSS, LOSS OF USE, OR OTHER INTANGIBLE LOSSES arising out of your access to or use of (or inability to access or use) the Service, even if advised of the possibility of such damages. Our cumulative liability for any claim related to the Service shall not exceed the amount paid by you for the active subscription key.
10. Modifications to Terms
We reserve the right to modify these Terms of Service at any time. Changes become effective immediately upon being updated in this file. Continued use of the Service after changes are published constitutes acceptance of the new Terms.
11. Contact and Support
If you have questions regarding these Terms, require support with key provisioning, or need manual key recovery, please join our official Discord server and reach out to the operators:
- Discord Community: https://discord.gg/dp98j9ejh9