- 01Only scan code you’re allowed to scan. Your repos, or repos whose owner gave you the green light. That promise is the core of this agreement.
- 02Your code stays yours. We process it to audit it — never to train AI models — and findings belong to you.
- 03Plans are prepaid credits. Scans hold an estimate, settle what they actually used, and never start on an empty balance.
- 04Findings are AI-generated. Expect false positives and missed issues; a quiet report isn’t a security guarantee.
- 05Don’t weaponize it. Using unpwnd or its findings to attack systems ends the account, full stop.
These Terms of Service (the “Terms”) are a binding agreement between UNPWND Inc., a Canadian federal corporation (“unpwnd,” “we,” “us”), and the person or entity using the Service (“you”). By creating an account, clicking “I agree,” or using the Service, you accept these Terms. If you are accepting on behalf of a company, you represent that you have authority to bind it, and “you” means that company.
If you do not agree to these Terms, do not use the Service.
01The service#
unpwnd is an automated security-auditing platform. You connect source-code repositories you control; a coordinated set of AI agents analyzes the code for security issues and produces findings, evidence, and suggested remediations (the “Service”), available at unpwnd.com and api.unpwnd.com.
The Service is an automated analysis tool. It is not a penetration-testing firm, a certification body, an audit opinion, or legal, compliance, or professional security advice (see Section 8).
02Eligibility and accounts#
You must be at least 18 years old and able to form a binding contract to use the Service. The Service is offered to businesses and professionals; it is not directed at children.
You register through our authentication provider and may sign in with email or a supported identity provider (e.g., GitHub). You are responsible for the security of your credentials and for everything that happens under your account. Keep your account information accurate, and notify us promptly at [email protected] if you suspect unauthorized access.
03Workspaces, teams, and roles#
The Service organizes work into accounts and workspaces. Workspace owners and admins can invite members, assign roles (owner, admin, member, viewer), and control access to projects, findings, and billing. You are responsible for who you invite and for their actions inside your workspaces. Whoever owns the account chooses the plan and is responsible for its charges, including usage by invited members.
04Authorization to scan#
The Service analyzes source code for security vulnerabilities. You may only connect repositories that you own or that you are explicitly authorized to security-test by their owner. This is your core promise to us.
You represent and warrant, for every repository you connect, that:
- you own it, or have the repository owner’s permission that covers automated security analysis of it;
- connecting it does not violate any law, or any contract or third-party terms that bind you (including your employer’s policies and the hosting platform’s terms);
- content in it does not include data you are prohibited from sharing with service providers.
Scanning code you are not authorized to test is a material breach of these Terms. We may suspend or terminate accounts that scan repositories without authorization, and we may cooperate with lawful requests from authorities in connection with misuse.
Access to your repositories is granted by you through the hosting provider’s authorization flow (e.g., a GitHub App installation that you control). You can revoke that access at any time through the provider; revoking it stops future scans of the affected repositories.
05Plans, credits, and billing#
Prepaid credits. Paid plans are monthly subscriptions that grant a credit allowance. Scans consume credits based on the scope of analysis; the Service shows you an estimate before work that will be charged, places a hold while a scan runs, and settles the actual amount when it completes.
Credit behavior. Credits are a prepaid measure of Service capacity, not money or property. Your balance resets to your plan’s allowance at each renewal — unused credits do not roll over. Credits have no cash value and are non-transferable. If your balance cannot cover an operation, the operation does not start. We may offer one-time credit top-ups; they follow the same credit rules and expire with your subscription.
Billing. Payments are processed by Stripe. You authorize us (via Stripe) to charge your payment method on each renewal. Prices are listed at unpwnd.com/pricing; taxes may be added where required. If a renewal payment fails, we will tell you and retry; while payment is past due we may limit paid features, and we may cancel the subscription if it is not resolved.
Plan changes and cancellation. You can change or cancel your plan in Settings at any time. Upgrades take effect immediately (with the unused value of remaining credits applied to the upgrade charge); downgrades apply from your next cycle. When a subscription ends, remaining credits stop being usable. Unused credits are not refunded except where the law requires otherwise.
Refunds. Except where required by law, fees and consumed credits are non-refundable.
Changes to pricing. We may change prices or plan structure with notice; changes apply from your next billing cycle.
06Acceptable use#
You agree not to:
- scan, test, or probe systems or code you are not authorized to test;
- use the Service or its findings to attack, exploit, or gain unauthorized access to any system, or to develop or distribute malware;
- resell, sublicense, or provide the Service to third parties as your own offering without our written agreement;
- interfere with the Service — probing our infrastructure without written authorization, circumventing rate limits or usage metering, or disrupting other customers;
- reverse engineer the Service except where the law grants that right notwithstanding this term;
- use the Service to violate any law or third-party right;
- misrepresent findings or Service output as a certification, guarantee, or attestation issued by us.
We may investigate violations and may suspend accounts that put the Service, other customers, or third parties at risk.
Responsible disclosure. If you find a vulnerability in the Service itself, report it to [email protected] and give us a reasonable opportunity to fix it before public disclosure. Good-faith research within that process will not be treated as a breach of this section’s no-probing clause.
07Your content and ownership#
Your code stays yours. You retain all rights to your repositories, code, and data (“Customer Content”). You grant us a limited, non-exclusive license to access, transmit, cache, and process Customer Content solely to provide and secure the Service, at your direction, for the duration of your use of it. We do not acquire ownership, and we do not use your code to train AI models — nor permit our AI providers to (see the Privacy Policy for how processing works and how long anything is retained).
Findings are yours to use. The reports and findings generated for your projects are yours to use for securing your own systems. We retain ownership of the Service itself — software, models of operation, interfaces, formats, and everything else that isn’t your content.
Feedback. If you send us ideas or suggestions, we may use them without obligation to you.
08AI-generated findings#
Findings are produced by automated AI analysis. You understand and agree that:
- output may contain false positives (issues reported that are not real) and false negatives (real issues that are missed);
- a clean or quiet report does not mean your code is free of vulnerabilities;
- findings, severities, and suggested fixes are informational starting points, not professional advice — validate before relying on them, especially before applying generated patches to production systems;
- the Service does not make your systems secure by itself, and does not replace security reviews, penetration tests, or compliance audits where those are required of you.
You are responsible for the decisions you make based on Service output.
09Confidentiality and security#
We treat Customer Content and your non-public account data as confidential, use them only to provide the Service, and protect them with technical and organizational safeguards appropriate to the data (described in the Privacy Policy). No internet service can promise perfect security; we do not.
We will notify affected customers without undue delay if we confirm a security incident affecting their Customer Content, consistent with applicable law.
10Third-party services#
The Service depends on third-party providers — including code hosting (GitHub), authentication, payments (Stripe), infrastructure hosting, email delivery, bot protection, and AI analysis providers (listed in the Privacy Policy). Their services are governed by their own terms. We are not responsible for third-party services we do not control, but we choose and bind our subprocessors to protect your data as described in the Privacy Policy.
11Beta and preview features#
We may offer features marked alpha, beta, preview, or early access. They are provided as-is, may change or disappear without notice, may have additional terms presented at enablement, and are excluded from any commitments these Terms make about the Service.
12Term, suspension, and termination#
These Terms apply while you use the Service. You may stop at any time; you can delete projects in the product and request account deletion through support. We may suspend or terminate your access (with notice where practicable) if you materially breach these Terms, if your use creates risk or legal exposure for us or others, or if you fail to pay. We may also discontinue the Service or features with reasonable notice.
On termination: your right to use the Service ends; Sections 5 (amounts owed), 7, 8, 13–18 survive; and we delete or de-identify Customer Content per the retention schedule in the Privacy Policy.
13Disclaimer of warranties#
14Limitation of liability#
Some jurisdictions do not allow certain limitations; these apply only to the extent permitted where you live.
15Indemnification#
You will defend and indemnify us against third-party claims, and resulting damages and reasonable costs, arising from: (a) Customer Content; (b) scanning of repositories you were not authorized to test; (c) your breach of Sections 4 or 6; or (d) your violation of law. We will notify you promptly of any claim and reasonably cooperate at your expense.
16Changes to the service or these terms#
We improve the Service continuously and may change or retire features. We may update these Terms; if a change is material, we will give at least 14 days’ notice (email or in-product) before it takes effect. Continued use after the effective date is acceptance. If you don’t agree, stop using the Service and cancel before the change takes effect.
17Governing law and disputes#
These Terms are governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, excluding conflict-of-laws rules. Before filing, both parties will try in good faith to resolve any dispute informally by contacting the other (for us: [email protected]) and allowing 30 days. Disputes that aren’t resolved informally will be brought exclusively in the courts sitting in Toronto, Ontario, and both parties consent to their jurisdiction.
18General#
These Terms (plus the Privacy Policy and any order or plan terms you accept) are the entire agreement about the Service and supersede prior discussions. If a provision is unenforceable, the rest remains in effect. Our failure to enforce a term isn’t a waiver. You may not assign these Terms without our consent; we may assign them in connection with a merger, acquisition, or sale of assets. Neither party is liable for delay or failure caused by events beyond its reasonable control. Notices to us go to [email protected]; notices to you go to your account email. Nothing here creates a partnership, employment, or agency relationship. You will comply with applicable export-control and sanctions laws in using the Service.
19Contact#
UNPWND Inc. — a Canadian federal corporation
[email protected] · [email protected]