Vulnfrog
Try for free

Terms of Service

Last updated: June 25, 2026

These Terms of Service (the "Terms") are a binding agreement between Vulnfrog LLC ("Vulnfrog," "we," "us") and the individual or entity using the Service ("Customer," "you"). They take effect when you click "I agree," install the Vulnfrog GitHub App, or otherwise use the Service. If you are agreeing on behalf of an entity, you represent that you have authority to bind that entity. If you do not agree, do not use the Service.

1. The Service

Vulnfrog is a GitHub-native security tool that scans your repositories for vulnerabilities, leaked secrets, and risky dependencies using third-party scanners and AI analysis, surfaces findings, reviews pull requests, and can open pull requests proposing fixes (the "Service").

2. Eligibility and Accounts

2.1 You must be at least 18 (or the age of majority where you live) and able to form a binding contract. The Service is not directed to children.

2.2 You access the Service through a third-party identity provider and the Vulnfrog GitHub App. You are responsible for your account, the GitHub installations you connect, and all activity under your account. Keep your credentials secure and notify us at team@vulnfrog.com of any unauthorized use.

3. Your Repositories and Content

3.1 Authorization. You may only connect and scan repositories that you own or are authorized to scan. You represent that you have all rights and permissions necessary to grant Vulnfrog access to your repositories and their contents ("Customer Content") for the purposes of providing the Service.

3.2 License to operate the Service. You grant Vulnfrog a limited, non-exclusive license to access, clone, scan, and process Customer Content solely to provide and improve the Service for you. We do not sell Customer Content, and we do not use Customer Content to train machine-learning models.

3.3 How Customer Content is handled. To run a scan, your repository is cloned into an isolated, ephemeral workspace, scanned, and deleted when the scan ends. We store findings metadata (such as file paths, line numbers, and finding descriptions), not your full source code; detected secrets are redacted before storage. To analyze findings and generate fixes, relevant code context is sent to our AI subprocessor for processing only. See the Privacy Policy for details.

3.4 Fix pull requests. With your configuration, the Service may open pull requests proposing changes. You are solely responsible for reviewing, testing, and merging any proposed change. Vulnfrog does not merge changes on your behalf and is not responsible for the effect of any change you choose to merge.

4. Subscriptions, Trials, and Billing

4.1 Plans. Paid plans and their included usage are described at checkout. Fees are billed in advance through our payment processor (Stripe), are stated exclusive of taxes, and you are responsible for any applicable taxes.

4.2 Free trial. If a free trial is offered, you will not be charged during the trial period (currently 14 days). A payment method is required to start the trial. Unless you cancel before the trial ends, your paid subscription begins automatically and the payment method is charged.

4.3 Auto-renewal. Subscriptions renew automatically each billing period until cancelled. You may cancel anytime; cancellation takes effect at the end of the current billing period.

4.4 Usage and overage. Plans include a monthly usage allowance that resets on your billing anniversary. Usage beyond the allowance may incur overage charges at the rate disclosed in-product, subject to any limit you set.

4.5 Refunds. Except where required by law, fees are non-refundable and there are no refunds or credits for partial periods or unused usage.

4.6 Changes to fees. We may change fees on prospective notice; changes apply at your next renewal.

5. Acceptable Use

You will not: (a) use the Service on code you do not own or are not authorized to scan; (b) attempt to access another customer's data; (c) reverse engineer, resell, or circumvent usage limits of the Service; (d) use the Service to develop a competing product; (e) upload unlawful content or use the Service to violate any law or third-party right; or (f) interfere with or disrupt the integrity or performance of the Service.

6. Third-Party Services

The Service relies on third parties including GitHub, our identity provider, our payment processor, our AI model provider, and our hosting providers. Your use of those services is governed by their terms, and we are not responsible for their acts or omissions. The Service may stop working if a third party changes or discontinues its services.

7. Security Findings Are Advisory — No Warranty

7.1 As is. THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

7.2 No guarantee of security. Vulnfrog performs automated, best-effort analysis. It does not detect all vulnerabilities, secrets, or risks, may produce false positives or false negatives, and is not a substitute for professional security review. All findings, AI analysis, and proposed fixes are advisory only and must be independently reviewed and verified by you before you rely on or act on them. Vulnfrog does not warrant that your code, repositories, or systems are secure, compliant, or free of vulnerabilities.

7.3 You are solely responsible for the security of your code and systems and for decisions made based on the Service.

8. Limitation of Liability

8.1 EXCEPT FOR A PARTY'S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, NEITHER PARTY IS LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, REVENUE, DATA, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY.

8.2 EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS WILL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID TO VULNFROG IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, OR (B) US $100.

8.3 These limitations apply to the maximum extent permitted by law and survive termination.

9. Indemnification

You will defend and indemnify Vulnfrog against third-party claims arising from (a) Customer Content, (b) your use of the Service in violation of these Terms or law, or (c) your lack of rights to grant access to a connected repository.

10. Term and Termination

10.1 These Terms apply while you use the Service. You may stop using and uninstall the GitHub App at any time.

10.2 We may suspend or terminate access if you breach these Terms, fail to pay, or to protect the Service or other customers. On termination, your right to use the Service ends; Sections 3.2, 7, 8, 9, 11, and 12 survive.

10.3 You may request deletion of your account data by contacting team@vulnfrog.com, subject to the Privacy Policy and our legal and record-keeping obligations.

11. Disputes; Governing Law

11.1 Governing law. These Terms are governed by the laws of the State of Washington, USA, without regard to conflict-of-laws rules.

11.2 Arbitration. Any dispute arising out of or relating to these Terms will be resolved by final and binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, seated in King County (Seattle), Washington, rather than in court, except that either party may (a) bring an individual claim in small-claims court, or (b) seek injunctive relief to stop unauthorized use or intellectual-property infringement. Disputes will be resolved on an individual basis; class actions and class arbitrations are not permitted.

11.3 For any dispute not subject to arbitration, the exclusive venue is the state and federal courts located in King County, Washington, and the parties consent to their jurisdiction.

12. General

12.1 Changes to these Terms. We may update these Terms; material changes will be notified in-product or by email, and we may require you to re-accept. Continued use after changes take effect constitutes acceptance.

12.2 Entire agreement; conflict. These Terms are the entire agreement between you and Vulnfrog regarding the Service and supersede prior agreements. If they conflict with another agreement signed by both parties, that signed agreement controls.

12.3 The parties are independent contractors. You may not assign these Terms without our consent; we may assign in connection with a merger or sale. If any provision is unenforceable, the rest remains in effect. Our failure to enforce a provision is not a waiver.

12.4 Contact: Vulnfrog LLC — team@vulnfrog.com.