These terms govern your use of SecureOS. We've tried to make them clear, fair, and legally sound. Last updated May 23, 2026.
SecureOS ("we," "us," or "Company") provides an automated security code scanning platform and related services (the "Service") designed to identify security vulnerabilities in your code repositories and applications. This Service is offered to you (the "User," "Customer," or "you") subject to these Terms and Conditions ("Terms").
By accessing or using SecureOS, you agree to be bound by these Terms. If you do not agree to these Terms, do not use the Service.
We grant you a limited, non-exclusive, non-transferable, revocable license to use the Service for your authorized use case, subject to these Terms and all applicable laws.
You are responsible for maintaining the confidentiality of your login credentials, API keys, and any account information. You agree to notify us immediately of any unauthorized access or suspected breach of your account. We are not liable for any unauthorized access or misuse of your account resulting from your failure to maintain security.
You represent and warrant that:
You agree to provide accurate, current, and complete information during account registration and maintenance. You agree to update your information promptly if any details change.
The Service, including its software, algorithms, databases, documentation, and all related intellectual property, is owned by SecureOS or our licensors. These Terms do not grant you any ownership rights in the Service.
We do not claim ownership of your source code. You retain all rights to the code you scan with our Service. However, you grant us a limited license to:
Sentinel ruleset, documentation, security findings format, and other SecureOS-created content are licensed to you for your internal business use only. You may not reproduce, distribute, modify, or create derivative works from this content without written permission.
No Guarantee of Discovery: SecureOS provides automated scanning based on rules and heuristics. We do not guarantee that the Service will identify all security issues in your code. No automated tool can catch every vulnerability. You should not rely solely on SecureOS for security compliance.
Professional Review Recommended: Security findings should be reviewed by qualified security professionals and developers familiar with your codebase. Automated recommendations should not be blindly applied without understanding the context.
Accuracy and Updates: While we strive for accuracy, findings may contain false positives or false negatives. You are responsible for validating findings and determining appropriate remediation steps.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, SECUREOS SHALL NOT BE LIABLE FOR:
LIABILITY CAP: Except for breaches of your payment obligations or our confidentiality obligations, SecureOS's total liability to you for any and all claims arising under these Terms shall not exceed the amount you paid for the Service in the 12 months preceding the claim, or $100 USD, whichever is greater.
You agree to indemnify, defend, and hold harmless SecureOS, its officers, directors, employees, agents, and representatives from any and all claims, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from or related to:
We do not store your source code. Scan operations run in ephemeral, single-tenant containers. After each scan, the container is destroyed and its disk is wiped.
What We Store: We retain findings (file paths, line numbers, vulnerability classifications, and context hints) for the retention period specified in your plan. We never store the actual source code content.
Data Residency: By default, your findings are stored in AWS us-east-1. EU customers can request storage in eu-west-1 at no additional cost. Your findings remain in your chosen region.
Account Deletion: Upon account deletion, findings are purged within 7 days. Backups containing your findings expire within 30 days. Account metadata (email, plan history) is retained for 12 months for tax and legal purposes, then deleted.
Please see our Security page for additional details on data handling, encryption, and compliance certifications.
Your subscription to the Service continues for the period specified in your order (monthly, annual, etc.) and automatically renews unless cancelled. You may cancel at any time via your dashboard or by contacting support.
We may terminate or suspend your account if you:
Termination does not relieve you of payment obligations for the period through termination. Upon termination, your access to the Service ceases immediately. You may export your findings for 30 days following termination.
Both parties agree to keep confidential information confidential and not disclose it to third parties without written consent, except as required by law or legal process. This obligation does not apply to information that is:
We reserve the right to modify, update, or discontinue the Service (or any portion thereof) at any time, with or without notice. We will attempt to provide 30 days' notice for material changes that negatively impact your use. Continued use of the Service following modifications constitutes your acceptance of the changes.
We are not liable for any changes, modifications, or discontinuation of the Service. If we discontinue a material feature you've paid for, we'll issue a prorated refund for your prepaid subscription.
You authorize SecureOS to charge your provided payment method for subscription fees, additional usage charges, and any applicable taxes. Billing occurs monthly or annually depending on your subscription.
Subscription fees are generally non-refundable except as required by law or specified in your plan. If we discontinue the Service or a material feature, we'll issue a prorated refund for prepaid time.
If payment fails, we'll attempt to contact you. Continued non-payment may result in account suspension or termination. You're responsible for any collection costs, attorneys' fees, and interest charges related to late payment as permitted by law.
The Service integrates with third-party services, including GitHub, Slack, and others. Your use of these integrations is subject to the third-party's terms and privacy policy. SecureOS is not responsible for the availability, security, or functionality of third-party services. You are responsible for maintaining your credentials and permissions for third-party integrations.
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. WE DISCLAIM ALL WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE.
We do not warrant that:
These Terms are governed by the laws of the State of California, without regard to its conflict-of-law principles. You agree to exclusive jurisdiction and venue in the state and federal courts located in San Francisco, California.
Before pursuing litigation, you and SecureOS agree to attempt resolution through good-faith negotiation. If negotiation fails, you may pursue binding arbitration administered by JAMS under its Streamlined Arbitration Rules and Procedures, with arbitration to occur in San Francisco, California.
We may revise these Terms at any time. If changes are material, we'll provide 30 days' notice by email or posting on our website. Your continued use of the Service after changes become effective constitutes your acceptance. If you do not agree to revised Terms, you may terminate your account.
If any provision of these Terms is found to be unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable while preserving the parties' intent. If modification is not possible, the provision shall be severed, and the remaining Terms shall remain in full force.
For questions about these Terms and Conditions, please contact us at hello@secureos.dev