Terms of Service
1. Agreement
These Terms of Service (“Terms”) govern your access to and use of the misconfigs platform (“Service”), including the website, scanners, API, and related tools operated by misconfigs (“we,” “us,” or “our”). By creating an account, running a scan, or otherwise using the Service, you agree to these Terms. If you do not agree, do not use the Service.
2. The Service
misconfigs provides automated static analysis of uploaded configuration files and related artifacts across infrastructure-as-code, AI systems, CI/CD pipelines, network configs, and identity policies. The Service produces reports and findings intended to assist your own security review — it does not modify your systems, deploy fixes, or guarantee secure outcomes.
The Service is intended to assist users and does not guarantee the identification, prevention, or elimination of security vulnerabilities.
3. Eligibility & accounts
You must be at least 18 years old and able to form a binding contract. You are responsible for safeguarding your account credentials and API keys, and for all activity that occurs under your account. Notify us promptly at misconfigs@gmail.com if you suspect unauthorized access.
4. Acceptable use
You agree not to:
- Use the Service for any illegal purpose or in violation of applicable law
- Upload files you do not have the right to analyze, or that contain unlawful content
- Upload malware, malicious code, or content designed to disrupt or damage systems
- Abuse the platform, including excessive automated requests, quota evasion, or harassment of our staff or other users
- Attempt to probe, scan, compromise, or gain unauthorized access to the Service or its infrastructure
- Reverse engineer, decompile, or disassemble the Service except to the extent such restriction is prohibited by applicable law
- Resell, sublicense, or provide access to the Service without our written permission
- Use the Service in a manner that violates applicable law or third-party rights
You represent that you have authority to submit uploaded materials for analysis and that doing so does not breach any confidentiality, employment, or contractual obligation.
5. User content
You retain ownership of files and other content you upload (“User Content”). You grant us a limited license to host, store, process, and analyze User Content solely as needed to provide the Service, as described in our Privacy Policy.
We may refuse to process, remove, or delete User Content that we reasonably believe violates these Terms, applicable law, or poses a security or operational risk to the Service or others. We are not obligated to monitor User Content but may do so to enforce these Terms or comply with legal obligations.
6. Subscriptions & billing
Paid plans are billed monthly (or on another interval shown at checkout) through Stripe. Subscriptions automatically renew at the end of each billing period unless you cancel before renewal. You authorize us and Stripe to charge your payment method on a recurring basis until cancellation.
Fees are stated exclusive of applicable taxes, levies, duties, and similar governmental charges (“Taxes”) unless otherwise noted. You are responsible for all Taxes associated with your subscription except taxes based on our net income. Stripe or your card issuer may itemize taxes at checkout where required.
Fees are non-refundable except where required by law. Scan quotas reset monthly as described on the Pricing page. When you reach your monthly limit, scans are paused until the next billing period or until you upgrade to a higher plan. Contact us at misconfigs@gmail.com if you need additional scan capacity beyond your plan. We may change pricing with reasonable notice; continued use after a price change constitutes acceptance.
6a. Public beta
misconfigs is currently offered as a public beta. Scans and reports are intended for production use, but the Service — including features, scan coverage, UI, API, limits, and pricing — may change without prior notice except where stated below.
You acknowledge that during beta:
- The Service may contain bugs, downtime, or incomplete functionality
- We do not guarantee uptime, response times, or an SLA
- Features may be added, modified, or removed
- We will provide reasonable notice before material changes to paid plan pricing or included scan limits
When we exit beta, we will update these Terms and may remove or revise this section. Continued use after general availability constitutes acceptance of updated terms.
7. Scan results & compliance disclaimer
The Service provides automated assessments, not professional security, legal, accounting, or regulatory advice. Findings are generated by static rules and heuristics. They may include false positives, false negatives, incomplete coverage, or outdated guidance. Results do not constitute a penetration test, vulnerability assessment, compliance audit, certification, or guarantee that your systems are secure or compliant with any standard (including SOC 2, ISO 27001, PCI DSS, HIPAA, FedRAMP, or similar frameworks).
You are solely responsible for your own compliance obligations and for evaluating, validating, prioritizing, and remediating any findings before relying on them in production, contractual, or regulatory contexts. misconfigs does not determine whether you meet any legal, regulatory, or industry requirement.
7a. AI assistant & generative AI
The Service may include an optional scan assistant, Explain actions on findings, and other features powered by generative AI. We currently use Google Gemini via the Gemini API. These features are provided for convenience only — they are not required to run scans or view results.
AI output is not professional advice. Responses are generated automatically and may be inaccurate, incomplete, biased, or fabricated (“hallucinations”). They do not constitute security, legal, compliance, accounting, or regulatory advice. You must independently verify any AI suggestion before acting on it, especially in production or regulated environments.
Official documents control. The authoritative sources for legal, privacy, pricing, and product terms are our published pages — including this Terms page, our Privacy Policy, Pricing, and API documentation — not anything the assistant states, summarizes, or paraphrases, whether intentionally or unintentionally. If an AI response conflicts with an official document, the official document prevails.
Data sent to Google. Using AI features sends your messages and relevant context (findings, scan summaries, file paths, account/plan summaries, etc.) to Google for processing. See our Privacy Policy (AI section). Do not submit secrets you are not willing to disclose to a third-party AI provider.
No warranties for AI. AI features are provided “as is” without warranties of accuracy, availability, or fitness for purpose, in addition to the disclaimers in Sections 9 and 10.
Limitation of liability. To the fullest extent permitted by law, we are not liable for any harm arising from reliance on AI-generated content, including incorrect remediation steps, misstated pricing, or inaccurate legal summaries. Section 10 applies to AI features the same as to the rest of the Service.
We may change AI providers, models, or availability at any time. Continued use of AI features after changes constitutes acceptance of updated terms and privacy disclosures.
8. Third-party services
The Service integrates with or relies on third-party providers — including, without limitation, Google (OAuth and Gemini), GitHub (OAuth), Stripe (payments), email delivery services, and cloud infrastructure hosts. Your use of those integrations may be subject to the third party’s own terms and policies.
We are not responsible for the availability, performance, actions, or failures of third-party services, including outages, authentication errors, payment processing issues, or changes to third-party APIs. To the fullest extent permitted by law, any claim arising from a third-party service is solely between you and that provider.
9. Disclaimer of warranties
THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, OR QUIET ENJOYMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR THAT SCAN RESULTS WILL BE COMPLETE OR RELIABLE.
10. Limitation of liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MISCONFIGS AND ITS FOUNDERS, OFFICERS, EMPLOYEES, CONTRACTORS, AND AFFILIATES SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, DATA, GOODWILL, BUSINESS INTERRUPTION, OR SECURITY INCIDENT, ARISING OUT OF OR RELATED TO YOUR USE OF (OR INABILITY TO USE) THE SERVICE OR ANY SCAN RESULTS — EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE SERVICE OR THESE TERMS SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100).
Some jurisdictions do not allow certain limitations; in those cases, our liability is limited to the fullest extent permitted by law.
11. Indemnification
You agree to defend, indemnify, and hold harmless misconfigs and its personnel from any claims, damages, losses, or expenses (including reasonable attorneys’ fees) arising from your uploaded content, your use of the Service, your violation of these Terms, or your violation of any third-party rights.
12. Intellectual property
We retain all rights in the Service, including software, trademarks, service marks, branding, documentation, and rule sets. You retain ownership of User Content you upload. You grant us a limited license to process uploads solely to provide the Service, as described in our Privacy Policy.
13. Suspension & termination
You may stop using the Service at any time. We may suspend or terminate your access immediately for violation of these Terms, suspected abuse, non-payment, legal requirement, or to protect the Service, our users, or third parties. Upon termination, your right to use the Service ends; provisions that by nature should survive (including disclaimers, limitations of liability, and indemnification) will survive.
14. Changes to the Service
We may modify, suspend, or discontinue any part of the Service at any time, including features, scanners, API endpoints, limits, and pricing tiers. We will use reasonable efforts to provide notice of material changes that adversely affect paid subscribers, except where changes are required for security, legal compliance, or third-party constraints. Continued use after changes take effect constitutes acceptance of the updated Service.
15. Changes to these Terms
We may update these Terms from time to time. Material changes will be posted on this page with an updated date. Continued use after changes become effective constitutes acceptance.
16. Force majeure
We are not liable for any delay or failure to perform our obligations under these Terms when caused by events beyond our reasonable control, including natural disasters, floods, fires, earthquakes, epidemics or pandemics, war, terrorism, civil unrest, labor disputes, power or internet or telecommunications failures, government actions, embargoes, or failures or outages of third-party hosting, cloud, payment, authentication, or AI providers.
Our obligations are suspended for the duration of the event. We will use reasonable efforts to restore the Service and resume normal operations when the event ends.
17. Governing law
These Terms are governed by the laws of the State of California, United States, without regard to conflict-of-law principles. Disputes shall be resolved in the state or federal courts located in California, and you consent to their jurisdiction.
18. Contact
Questions about these Terms: misconfigs@gmail.com