Terms of Service
Last updated: June 2026
1. Agreement to Terms
These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer," "you," or "your") and SafeShip, Inc. ("Ship Safe," "we," "us," or "our") governing your access to and use of the Ship Safe security audit service at shipsafe.dev, including all associated APIs, tools, and documentation (collectively, the "Service"). By creating an account or using the Service, you agree to be bound by these Terms.
2. Description of Service
Ship Safe is a SOC 2-aligned security audit platform that scans GitHub repositories for vulnerabilities. The Service identifies security issues mapped to OWASP Top 10 and CWE classifications, grades repositories on an A-F scale, and can generate AI-powered auto-fix pull requests. The Service is designed for development teams shipping AI-generated code.
3. Account Registration
To use the Service, you must create an account by authenticating through GitHub OAuth. You agree to provide accurate, current, and complete information and to maintain the security of your account credentials.
You are responsible for all activity that occurs under your account. You must notify us immediately at privacy@shipsafe.dev if you suspect unauthorized access to your account.
4. Subscription Plans and Billing
Ship Safe offers three tiers: Free, Pro, and Team. Features, scan quotas, and auto-fix limits vary by tier and are described on our Pricing page.
Paid subscriptions are billed in advance on a monthly or annual basis through Stripe. All fees are non-refundable except as required by applicable law or as explicitly stated in these Terms. We reserve the right to change pricing with 30 days' written notice.
If payment fails, we will attempt to collect payment for up to 14 days. If payment remains unsuccessful, your account will be downgraded to the Free tier and features above the Free quota will be suspended.
5. Acceptable Use
You agree not to:
- Use the Service to scan repositories you do not own or have authorization to scan.
- Attempt to circumvent usage quotas, rate limits, or security measures.
- Reverse engineer, decompile, or attempt to extract the source code of the Service.
- Use the Service to develop a competing product or service.
- Transmit malware, exploit code, or any content designed to damage or disrupt the Service.
- Share your account credentials or API keys with unauthorized third parties.
- Use the Service in any manner that violates applicable laws or regulations.
6. Source Code and Data Handling
You retain all ownership rights to your source code. Ship Safe does not claim any intellectual property rights over your code or repositories.
Source code is cloned ephemerally into an isolated sandbox for the duration of a scan and is deleted immediately upon completion. Ship Safe does not store, log, or transmit your source code beyond the scan window. For full details, see our Privacy Policy.
Scan results, findings, and repository metadata are stored to provide the Service and are subject to our data retention and deletion policies.
7. Auto-Fix Pull Requests
For paid tiers, Ship Safe may generate AI-powered code fixes and open pull requests on your repository. These pull requests are opened on a dedicated branch and are never auto-merged. You are solely responsible for reviewing, testing, and merging any auto-fix pull requests.
Ship Safe does not guarantee that auto-fix suggestions will be correct, complete, or free of bugs. You should review all suggested changes before merging.
8. API Access
Ship Safe provides API access subject to rate limits and usage quotas defined by your subscription tier. API keys are confidential and must not be shared publicly or embedded in client-side code. We reserve the right to revoke API keys that are found to be compromised or used in violation of these Terms.
9. Disclaimer of Warranties
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
Ship Safe does not warrant that the Service will detect all security vulnerabilities in your code. The Service is a supplementary security tool and should not be relied upon as the sole means of securing your applications. Security scan results are informational and do not constitute professional security advice.
10. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, SAFESHIP, INC. SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUE, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM (A) YOUR USE OF OR INABILITY TO USE THE SERVICE; (B) ANY UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR DATA; (C) ANY THIRD-PARTY CONDUCT ON THE SERVICE; OR (D) ANY OTHER MATTER RELATING TO THE SERVICE. OUR TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNT YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
11. Indemnification
You agree to indemnify and hold harmless SafeShip, Inc. and its officers, directors, employees, and agents from any claims, damages, losses, or expenses (including reasonable legal fees) arising from your use of the Service, your violation of these Terms, or your violation of any rights of a third party.
12. Termination
You may terminate your account at any time through your account settings or by contacting privacy@shipsafe.dev. Upon termination, your right to use the Service ceases immediately.
We may suspend or terminate your account if you violate these Terms, fail to pay applicable fees, or if we reasonably believe your use poses a security risk. We will provide reasonable notice before termination except in cases of serious violations.
Upon termination, we will retain your data for 30 days to allow for export, after which it will be permanently deleted unless a longer retention period is required by law.
13. Changes to These Terms
We may update these Terms from time to time. We will notify you of material changes by email or by posting a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the revised Terms.
14. Governing Law
These Terms are governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions. Any disputes arising from these Terms or the Service shall be resolved in the state or federal courts located in Delaware.