Legal

Terms of Service

Last updated: February 19, 2026

Contents

Acceptance The Service Accounts Acceptable Use Your Source Code Scan Findings Subscriptions & Billing Free Tier API Usage Intellectual Property Disclaimers Limitation of Liability Indemnification Termination Changes Governing Law Contact

1. Acceptance of Terms

By accessing or using DeepThreat (the "Service"), operated by Gilchrist Research ("we," "us," "our"), you agree to be bound by these Terms of Service. If you're using the Service on behalf of an organization, you represent that you have authority to bind that organization to these terms.

If you don't agree with these terms, don't use the Service. It's that simple.

2. The Service

DeepThreat provides automated security analysis for smart contracts and software projects. The Service includes:

  • DeepThreat Hunt: Autonomous bug bounty hunting and vulnerability discovery
  • DeepThreat Review: Automated PR security review via GitHub App
  • DeepThreat Guard: CI/CD security pipeline integration
  • DeepThreat Wiki: Codebase threat mapping and documentation
  • DeepThreat Intel: Threat intelligence feed and alerts
  • DeepThreat Cloud: Infrastructure and dependency scanning

We may add, modify, or discontinue features at any time. We'll provide reasonable notice for material changes that affect paid functionality.

3. Accounts

To use most features, you need an account. You agree to:

  • Provide accurate registration information
  • Keep your credentials secure (use a password manager, enable 2FA)
  • Notify us immediately if you suspect unauthorized access
  • Not share account access with unauthorized users

You're responsible for all activity under your account. If someone scans a repo under your account, that's on you.

4. Acceptable Use

You may use DeepThreat to:

  • Scan repositories you own or have explicit authorization to test
  • Review and act on security findings
  • Integrate with your development workflow via CLI, API, or GitHub App
  • Share findings with your team members

You may NOT use DeepThreat to:

Scan repositories without authorization from the owner

Exploit vulnerabilities discovered through the Service against live systems

Reverse-engineer, decompile, or extract our detection rules or AI models

Resell, sublicense, or provide the Service to third parties without written agreement

Abuse rate limits, scrape the platform, or interfere with service availability

Upload malicious code designed to attack our infrastructure

Violation of acceptable use may result in immediate account termination without refund.

5. Your Source Code

You retain all rights to your source code. By using DeepThreat, you grant us a limited, temporary license to:

  • Clone your repository into an isolated environment
  • Run static analysis and AI-powered security scanning
  • Extract vulnerability findings and relevant code snippets

This license terminates when the scan completes and your source code is deleted from our systems. See our Privacy Policy for detailed information on source code handling.

Plain English: We need to read your code to scan it. We don't keep it, sell it, or use it for anything else. Once the scan is done, the code is gone.

6. Scan Findings

Scan findings (vulnerability reports, severity ratings, AI analysis, remediation suggestions) are generated by DeepThreat and provided to you. You may:

  • Use findings internally without restriction
  • Share findings with your team and stakeholders
  • Reference findings in audit reports (with attribution to DeepThreat)

Important Limitations

DeepThreat findings are not a substitute for a professional security audit. Our scans are automated and may:

  • Produce false positives (flagging safe code as vulnerable)
  • Miss vulnerabilities (no scanner catches everything)
  • Provide incorrect severity assessments

You are solely responsible for evaluating and acting on findings. We recommend using DeepThreat alongside, not instead of, manual expert review for high-value deployments.

7. Subscriptions & Billing

Paid plans are billed monthly or annually. By subscribing, you authorize us to charge your payment method on each billing cycle.

  • Upgrades take effect immediately; you'll be charged a prorated amount
  • Downgrades take effect at the end of the current billing period
  • Cancellation can be done at any time; access continues until the end of the paid period
  • Refunds are available within 14 days of initial purchase if you're unsatisfied

We may change pricing with 30 days' notice. Price changes don't apply to the current billing period.

8. Free Tier

The free tier includes limited scans per month on public repositories. We reserve the right to modify free tier limits at any time. The free tier is provided "as is" with no SLA or support guarantees.

Free tier accounts inactive for 12 months may be deleted along with associated data.

9. API Usage

API access is subject to rate limits based on your plan tier. You agree to:

  • Respect published rate limits (currently 100 req/min for Pro, 1000 req/min for Enterprise)
  • Include a valid API key with every request
  • Not share API keys or use them in client-side code
  • Implement exponential backoff for retries

We may throttle or suspend API access for accounts that consistently exceed rate limits or exhibit abusive patterns.

10. Intellectual Property

DeepThreat, including its detection rules, AI models, user interface, documentation, and branding, is owned by Gilchrist Research. Nothing in these terms grants you rights to our intellectual property beyond using the Service as intended.

Your source code, repositories, and original content remain yours. We claim no ownership over anything you upload or create.

11. Disclaimers

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." WE MAKE NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

Specifically, we do not warrant that:

  • DeepThreat will find all vulnerabilities in your code
  • All findings will be accurate (false positives happen)
  • The Service will be uninterrupted or error-free
  • Using DeepThreat makes your code "secure" or "audited"

12. Limitation of Liability

To the maximum extent permitted by law, Gilchrist Research's total liability under these terms shall not exceed the amount you paid us in the 12 months preceding the claim.

We are not liable for:

  • Losses from vulnerabilities our tools failed to detect
  • Damages from acting (or failing to act) on scan findings
  • Indirect, incidental, consequential, or punitive damages
  • Lost profits, data loss, or business interruption

13. Indemnification

You agree to indemnify and hold harmless Gilchrist Research from claims arising from:

  • Your violation of these terms
  • Your use of scan findings (including acting on or ignoring them)
  • Scanning repositories you weren't authorized to scan
  • Any claim that content you uploaded infringes third-party rights

14. Termination

You may close your account at any time through account settings or by emailing support@deepthreat.ai.

We may suspend or terminate your account if you:

  • Violate these terms or our Acceptable Use policy
  • Fail to pay for a paid subscription after notice
  • Use the Service in a way that threatens our infrastructure or other users

Upon termination, your right to use the Service ends immediately. We'll retain your data for 30 days in case you change your mind, then delete it permanently.

15. Changes to These Terms

We may update these terms from time to time. For material changes, we'll provide at least 30 days' notice via email or in-app notification. Continued use after the effective date constitutes acceptance.

If you disagree with changes, your remedy is to close your account before the changes take effect.

16. Governing Law

These terms are governed by the laws of the State of Texas, United States, without regard to conflict of law principles. Any disputes will be resolved in the courts of Travis County, Texas.

For users in the EU, nothing in these terms affects your statutory rights under applicable consumer protection law.

17. Contact

Questions about these terms?

Email: legal@deepthreat.ai

Mailing Address:
Gilchrist Research
Austin, TX
United States