Bot disclosure

Reglyze auto-scoping bot

You probably found this page because the user-agent Reglyze-AutoScoping/1.0 appeared in your access logs. Here is what we do, what we capture, and how to opt out.

User-agent string

Reglyze-AutoScoping/1.0 (+https://reglyze.com/auto-scoping-bot)

We always identify ourselves with this exact string. We do not rotate user agents, we do not pretend to be a browser, and we do not run the bot from residential proxies.

Who we are

Reglyze is an EU-based NIS2 compliance platform. When one of our customers asks our AI to auto-scope their NIS2 obligations, we consult public business registers (INSEE, InfoCamere, Racius, VIES) and we fetch a small amount of public information from their own corporate website to inform the classification. The auto-scoping bot is the component that performs the website fetches.

The bot is operated by Reglyze SARL ( [email protected]). It runs from our production environment in the EU. We do not sell the data we collect, we do not redistribute it, and we do not retain it longer than 90 days.

What we fetch

Two HTML pages per scoping attempt

We fetch the homepage at / and one informational page (we try /about, /about-us, /team, or /services, stopping at the first one that responds with 2xx).

We extract only the <title>, <meta name="description">, and the first 2,000 characters of visible body text. We do not follow links beyond those two pages.

Public Certificate Transparency logs

We query crt.sh (run by Sectigo) for subdomains of your domain. This is a query against a public legal record, not against your servers — your infrastructure sees no traffic from this step.

robots.txt

Before either HTML fetch we GET your /robots.txt and honour it. See the "How to block us" section below.

What we do not do

We do not crawl beyond the homepage and one internal page.
We do not execute JavaScript or run a headless browser. We request HTML, parse it, done.
We do not attempt to log in, post forms, or interact with any authenticated surface.
We do not run port scans, DNS enumeration, vulnerability scans, or any active reconnaissance. Subdomain enumeration is a passive query against the public Certificate Transparency log.
We strip emails, phone numbers, IBANs, credit-card numbers, and national identifiers from the fetched HTML before storing it.

How to block us

The simplest way: add a Disallow rule for our user-agent to your /robots.txt. We hard-respect this before any HTML fetch.

User-agent: Reglyze-AutoScoping
Disallow: /

When we see this we stop, our customer sees the message "Your robots.txt blocks our scraper — please fill the scoping wizard manually", and we move on. No retries.

If you need a stronger guarantee (firewall block, fail2ban rule, WAF deny), filter on the literal user-agent string at the top of this page. Our IPs rotate within the EU AWS / Hetzner ranges so we recommend filtering by user-agent rather than IP.

Questions or complaints

Email [email protected] with the date and IP that hit your site and we will look up the specific fetch and tell you which Reglyze customer triggered it. Under GDPR Article 15 you can also request a copy of any data we have captured about your organisation.