Skip to content
Français Get started

Terms of Service

Last updated:

These Terms of Service (“Terms”) govern your access to and use of Attestely's services: the marketing site at attestely.com, the dashboard at app.attestely.com, the public API at api.attestely.com, and any related software we make available (collectively, the “Service”). The open-source CLI is governed by a separate AGPLv3 license; these Terms do not override it.

1. Acceptance of these Terms

By creating an account, installing our GitHub App, or otherwise using the Service, you confirm that you accept these Terms. If you are accepting on behalf of a company, you confirm that you are authorised to bind that company to these Terms. If you do not accept, do not use the Service.

2. The Service

Attestely provides automated security scanning for software repositories. We orchestrate open-source scanners (Trivy, Semgrep, gitleaks among others), enrich findings with LLM-generated analysis, and surface results in your dashboard and as pull request review comments. The exact feature set depends on your tier — see the pricing page.

Attestely is provided “as a service”. We may improve, extend, or modify features over time. We will not silently remove a paid feature without notice; material changes will be announced at least 30 days in advance.

3. Your account

You create your account via GitHub OAuth. You are responsible for keeping your GitHub account secure (strong password, two-factor authentication enabled). You agree to provide accurate information when you sign up and to keep your billing email up to date.

You may not share your account credentials. A single workspace may have multiple collaborators on tiers that allow it (Studio, Team).

4. Acceptable use

You agree not to:

  • Use the Service to scan code or systems you do not have authorization to scan
  • Use the Service to launch attacks, scan third parties non-consensually, or otherwise interfere with other people's systems
  • Attempt to reverse-engineer or circumvent rate limits, billing, or access controls (unless explicitly permitted by law)
  • Upload malware or content that infringes third-party rights, violates law, or is grossly offensive
  • Scrape, mirror, or otherwise extract our service interfaces beyond your authorized usage
  • Use the Service for any illegal purpose, or in violation of export controls or sanctions

We may suspend or terminate accounts that violate this section. We will notify you before doing so when possible — for clear abuse, immediate suspension may be necessary.

5. Payment and subscriptions

Paid plans are billed monthly or annually in advance. Billing is processed by Stripe. Prices are quoted exclusive of VAT and other applicable taxes, which are added at checkout based on your billing country.

Your subscription renews automatically until you cancel. You can cancel at any time from your billing settings; paid access continues until the end of the current billing period.

We offer a 14-day money-back guarantee on first-time purchases of any paid tier. Email support@attestely.com within 14 days of your first paid invoice and we will refund it, no questions asked. Beyond that window, refunds are at our discretion.

If a payment fails, we will retry over a few days and notify you by email. If we cannot collect payment, your account is downgraded to the Free tier at the end of the current period; your data is preserved during the 90-day grace window described in the Privacy Policy.

6. Intellectual property

6.1 — The open-source CLI

The Attestely CLI is licensed under the GNU Affero General Public License v3.0 (“AGPLv3”). Source code lives at github.com/getAttestely/cli. Nothing in these Terms restricts the freedoms granted to you by the AGPLv3 when you use, modify, or distribute the CLI.

6.2 — The backend service

The hosted backend (analysis pipeline, dashboard UI, billing system, GitHub App integration) is proprietary software. We grant you a limited, non-exclusive, non-transferable, revocable license to access and use the backend during your active subscription, subject to these Terms. You may not copy, redistribute, sublicense, or create derivative works of the backend.

6.3 — Your content

You retain all rights to your code and to the findings generated about your code. You grant us a limited license to process them as needed to provide the Service — running scans, generating LLM analysis, posting PR comments, storing findings for your retrieval. We do not use your code or findings to train AI models, nor share them with third parties beyond the sub-processors listed in the Privacy Policy.

7. Confidentiality

Each party agrees to treat the other party's confidential information (information marked as confidential or that should reasonably be understood as confidential — including your source code) with the same care it uses for its own confidential information, and at minimum a reasonable level of care. This obligation survives termination.

8. Warranties & disclaimers

The Service is provided “as is” and “as available”. To the maximum extent permitted by law, we disclaim all warranties, express or implied, including fitness for a particular purpose and non-infringement.

Security scanning is a helpful tool, not a guarantee. Findings are best-effort: the Service may produce false positives, miss issues, or be temporarily unavailable. You remain responsible for the security of your own code and systems. Treat Attestely as one layer of defense among several.

9. Limitation of liability

To the maximum extent permitted by law, Attestely's total aggregate liability arising out of or related to these Terms is limited to the amount you paid us in the 12 months preceding the event giving rise to the claim (or €100 if you are on the Free tier).

We are not liable for indirect, incidental, special, consequential, or punitive damages, nor for loss of profits, goodwill, or data, even if we have been advised of the possibility of such damages. Nothing in these Terms limits liability that cannot be limited by law (for example, gross negligence or willful misconduct).

10. Indemnification

You will indemnify and hold Attestely harmless from any third-party claim arising out of (a) your use of the Service in violation of these Terms, (b) your violation of applicable law, or (c) content you submit through the Service that infringes third-party rights.

11. Termination

You may stop using the Service at any time and delete your account from settings. We may suspend or terminate your access if you materially breach these Terms or if we are required to do so by law. We will give you a chance to cure curable breaches when feasible. On termination, your data is handled as described in the Privacy Policy (90-day grace, then erase).

12. Changes to these Terms

We may update these Terms occasionally. Material changes will be announced by email to active users at least 14 days before they take effect. Your continued use of the Service after the effective date means you accept the revised Terms. If you do not accept, you may cancel before the effective date and any unused prepaid balance will be refunded pro-rata.

13. Governing law and jurisdiction

These Terms are governed by French law, without regard to its conflict of laws principles. Any dispute that cannot be resolved amicably will be submitted to the exclusive jurisdiction of the competent courts of [Paris] . Nothing in this section deprives consumers of mandatory protections under the law of their country of residence.

14. Contact

Questions about these Terms? Email hello@attestely.com.