Terms of Service

ShakerScan provides hosted security scanning, AI Gate decisions, evidence storage, attestations, approval workflows, and related dashboard, API, CLI, and CI integrations.

Customers are responsible for their own targets, credentials, code, data, deployment choices, and authorization to scan each configured surface.

ShakerScan is currently intended for United States customers and may support Canadian customers during evaluation or free-trial access. Broader international, regulated, or enterprise use requires review before use.

Hosted infrastructure is currently planned and operated in United States regions, including US-region VPS hosting, Supabase, and AWS worker infrastructure. AWS worker infrastructure is planned for us-east-1 where applicable.

A user creating an account must accept the Terms of Service, Privacy Policy, Acceptable Use Policy, and Scanning Authorization. The acceptance record includes the user, workspace, timestamp, accepted document versions, and the signup method.

The first workspace owner or administrator represents that they have authority to create the account for the organization. Invited users are still bound by the workspace terms and acceptable-use rules.

ShakerScan may offer free trials, free previews, invite-only access, or no-cost test workspaces before paid checkout is enabled. Those no-cost trials are provided only to test product interest, onboarding, and security-gate workflows.

Paid subscriptions should not be enabled until the contracting legal entity, notice address, governing law, forum, and payment terms are published in these Terms or covered by a signed agreement.

Self-serve customers may start, change, cancel, or manage a paid subscription through hosted checkout and the customer billing portal when those services are enabled. Paid checkout, renewal, cancellation, taxes, payment failure, refunds, and plan-change terms apply only after paid billing is enabled or a signed order is in effect.

Plan limits can include protected targets, scan units, AI units, retention, approval-token access, webhooks, private workers, and evidence export features.

Free trials do not convert into paid subscriptions unless the customer affirmatively starts paid checkout, signs an order, or otherwise agrees to paid terms. When paid subscriptions are enabled, plans may renew automatically for the selected billing period until canceled through the billing portal or another approved process.

Unless a signed agreement says otherwise, fees are non-refundable except where required by law or where ShakerScan confirms a billing error. Customers are responsible for applicable taxes, payment-method accuracy, failed-payment recovery, and keeping billing contacts current.

ShakerScan may enforce plan limits, request budgets, token budgets, rate limits, retention limits, target limits, and feature entitlements through throttling, scan rejection, feature disablement, or workspace-level restrictions.

ShakerScan may suspend or limit access for payment failure, security risk, abuse, unauthorized scanning, violation of the Acceptable Use Policy, violation of Scanning Authorization, or conduct that could harm ShakerScan, customers, targets, downstream providers, or third parties.

By adding a target, starting domain verification, creating an API key, or launching a scan, the customer represents that it owns, controls, or is authorized to test the relevant target, connected systems, credentials, data flows, and environments.

ShakerScan may refuse, limit, suspend, or stop scans that appear abusive, unsafe, out of scope, unauthorized, illegal, or inconsistent with the customer plan or documented authorization.

AI Gate decisions help release workflows decide allow, block, or needs_approval states based on configured policy, probe packs, and evidence available at scan time.

ShakerScan findings, scores, grades, gate decisions, attestations, approval workflows, reports, and evidence do not guarantee that software, AI systems, deployments, targets, or workflows are secure, compliant, or free from vulnerabilities. Customers remain responsible for engineering review, remediation, release decisions, and compliance obligations.

Customers retain ownership of their targets, code, data, prompts, credentials, transcripts, findings, and evidence. Customers grant ShakerScan the limited rights needed to host, process, scan, store, transmit, secure, troubleshoot, support, and improve the service for the customer and workspace.

ShakerScan retains ownership of the service, software, workflows, detectors, probe packs, policies, templates, documentation, interfaces, and platform technology. Feedback, suggestions, and product ideas may be used without restriction or obligation unless a signed agreement says otherwise.

Customers should not submit secrets, regulated data, or third-party confidential information unless the workspace, plan, and legal terms are approved for that use. Support requests should avoid raw credentials and unnecessary sensitive data.

Support, response times, uptime, private workers, custom retention, and security commitments are provided only as described in the applicable plan, product controls, or signed agreement. The hosted service may be modified, unavailable, rate-limited, or degraded from time to time.

The service is provided without warranties except where a signed agreement expressly says otherwise. ShakerScan disclaims implied warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, error-free operation, vulnerability discovery, and compliance outcome.

Liability limits, exclusions of consequential damages, and claim caps must be finalized before paid public launch or handled in a signed agreement. Until then, free trials and previews should be treated as evaluation access only and not relied on for production, regulated, or mission-critical decisions.

Customers are responsible for claims, losses, costs, damages, and expenses arising from unauthorized targets, false ownership or authorization claims, third-party credentials, out-of-scope scans, violation of the Acceptable Use Policy, violation of Scanning Authorization, customer-provided data, or claims from target owners and downstream providers.

This indemnity is a core risk allocation for any service that can generate traffic, logs, alerts, synthetic sessions, findings, or evidence against configured systems.

Customers may stop using the service, disable targets, revoke API keys, and request offboarding or deletion support through the available product controls or support channel. ShakerScan may terminate or suspend access for security, abuse, payment, legal, or product-integrity reasons.

After termination, data export and deletion depend on the plan, workspace settings, retention schedule, backup lifecycle, legal obligations, incident preservation, billing records, and implemented deletion controls. Target or workspace deletion does not guarantee immediate deletion of every scan artifact, log, backup, or legal-preservation record.

If a signed agreement, order form, statement of work, rules of engagement, DPA, security addendum, or custom retention schedule conflicts with these online terms, the signed agreement controls for the covered workspace and covered order.

Before paid public checkout is enabled, these Terms should be updated with the contracting legal entity, notice address, governing law, dispute forum, final liability terms, and final billing mechanics, or those terms should be supplied in a signed agreement.

Self-serve use is governed by these online terms and product controls. Paid pilots, private workers, regulated workloads, and enterprise procurement may require a signed order form, statement of work, rules of engagement, data processing addendum, security addendum, or custom retention schedule.

If a signed agreement conflicts with these online terms, the signed agreement controls for the covered workspace and covered order.