Terms of Service

Last updated: November 24, 2025

These Terms of Service (“Terms”) are a contract between you (“you” or “Customer”) and SecAlly, Inc. (“SecAlly”, “we”, “us”). They govern your access to and use of:

  • our websites and web app (the “Site”),
  • our GitHub app and any integrations, and
  • any related software, features, and services (together, the “Services”).

By installing or authorizing the SecAlly GitHub app, creating an account, or using the Services in any way, you agree to these Terms and our Privacy Policy. If you do not agree, do not use the Services.

1. Eligibility and using SecAlly on behalf of an organization

You may use the Services only if:

  • you are at least 13 years old, and
  • you have the power to enter into these Terms.

If you use the Services for a company or organization, you confirm that you are authorized to accept these Terms on its behalf and that the organization is responsible for your use and for anyone who accesses the Services under its GitHub organization or SecAlly workspace.

2. Changes to these Terms

We may update these Terms from time to time. If we do, we will update the “Last updated” date above and may also provide additional notice in the product or on the Site.

If you continue using the Services after the Terms change, you accept the updated Terms. If you do not agree, you must stop using the Services.

3. What SecAlly does (and does not do)

SecAlly is a GitHub app and a web service that:

  • connects to your GitHub repositories,
  • scans pull requests and code for potential mobile app security issues, and
  • provides findings, explanations, and suggestions to help your team fix vulnerabilities.

Important limitations:

  • SecAlly does not guarantee that your code, apps, or systems are secure, free of vulnerabilities, or compliant with any law, standard, or framework.
  • SecAlly does not provide legal, compliance, or professional security consulting advice.
  • You remain responsible for your code, your infrastructure, and your decisions about which findings to act on and how.

4. Accounts, GitHub access, and organizations

To use SecAlly you need to sign in with your GitHub account and authorize the SecAlly GitHub app for one or more organizations or repositories.

By doing this, you instruct and authorize SecAlly to access and process, as needed to provide the Services: repository metadata, contents, pull requests, commits, branches, issues, comments, checks, organization and team information.

You control which organizations and repositories SecAlly can access through GitHub settings. It is your responsibility to ensure you have the right to grant SecAlly access to any repositories and data you connect.

You must keep your account and credentials secure and notify us promptly at support@secally.com if you believe your account or API tokens have been compromised.

5. Acceptable use

You may use the Services only for lawful purposes and in line with these Terms. You agree that you will not:

  • use SecAlly to scan or attack code, systems, or data that you do not own or are not authorized to test,
  • violate any law or third party rights, including intellectual property, privacy, or contract rights,
  • upload or transmit code or content that is illegal, abusive, or harmful,
  • attempt to gain unauthorized access to any systems or data,
  • interfere with or disrupt the security, integrity, or performance of the Services,
  • use the Services to build or train a competing product, except where this is allowed by applicable law.

If you become aware that the Services are used for illegal or abusive activity, you must inform us.

6. AI and model providers

SecAlly may use static analysis, custom models, and third party AI providers to generate findings and suggestions. These providers (such as OpenAI or Anthropic) may include services which have their own usage policies and terms you must not cause us to violate.

You understand and agree that:

  • AI generated outputs can be inaccurate, incomplete, misleading, or not suitable for your specific context,
  • you are responsible for reviewing and validating outputs before acting on them,
  • you will not use the Services in ways that would violate the acceptable use rules of our AI providers (for example for illegal activity, harmful content, or privacy violations).

7. Your content, code, and outputs

7.1 User Content

“User Content” means any data or content you or your users submit to the Services, including:

  • source code and configuration in your repositories,
  • pull requests, issues, comments, and metadata,
  • organization and user information,
  • settings and other information you provide.

You keep ownership of your User Content.

You grant SecAlly a worldwide, non exclusive, royalty free license to host, process, store (except source code), and use your User Content only as needed to:

  • provide, operate, and maintain the Services, and
  • comply with law and enforce these Terms.

You confirm that you have all rights and permissions needed to provide User Content to SecAlly and that your User Content and use of it in the Services will not break any law, contract, or third party rights.

You are responsible for making your own backups of User Content. We do not guarantee that User Content will always be available.

7.2 Outputs

The Services may generate comments, findings, reports, or other outputs derived from your User Content (“Outputs”). Subject to your compliance with these Terms and payment of applicable fees, SecAlly assigns to you any rights we may have in the Outputs as between you and SecAlly.

This does not give you any rights in the underlying models, analysis engines, or the Services themselves. SecAlly may generate similar Outputs for different customers if they submit similar code.

You are solely responsible for how you use Outputs, including for security decisions, fixes, and deployments.

8. Code privacy and confidentiality

SecAlly treats private repository contents and other non-public User Content as confidential.

We will not use your private repository code to train general purpose models or build unrelated products. We may use:

  • open source projects,
  • synthetic data, and
  • aggregated and de-identified information about how the Services are used

to improve the Services.

We implement reasonable technical and organizational measures to protect your confidential information. No system is perfectly secure. You acknowledge that you share code with SecAlly at your own risk and that you remain responsible for your own secure development practices, access controls, and compliance.

9. Subscriptions, trials, and payment

SecAlly may offer free trials and paid subscriptions. Details, including current pricing and features, are shown on our pricing page or in the product.

If you sign up for a paid plan:

  • you authorize SecAlly and our payment processors (for example Stripe) to charge your chosen payment method for all fees and applicable taxes,
  • subscriptions are typically billed in advance on a recurring basis, such as monthly,
  • subscriptions auto renew at the end of each billing period unless you cancel before renewal.

Unless required by law, fees are non refundable. We may provide refunds or credits at our discretion, and doing so once does not mean we will do so again.

If you do not pay fees on time, we may suspend or terminate your access to the Services.

10. Third party services

The Services rely on third party platforms and services such as GitHub, CI providers, communication tools, and AI model providers.

Those services have their own terms and privacy policies. You are responsible for reviewing and complying with them. SecAlly is not responsible for the content, availability, or behavior of any third party services and will not be liable for any loss or damage caused by them.

11. Intellectual property

The Services, including all software, models, designs, text, graphics, logos, and other content, are owned by SecAlly or its licensors and are protected by intellectual property laws.

Subject to these Terms and payment of applicable fees, SecAlly grants you a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Services for your internal business purposes.

You may not:

  • copy, modify, or create derivative works of the Services,
  • reverse engineer or attempt to extract the source code of any part of the Services where this is restricted by law,
  • remove or alter any proprietary notices,
  • use SecAlly’s name or logos without our permission,
  • use the Services to build or help build a competing service, except where allowed by law.

If you provide feedback or suggestions, SecAlly may use them for any lawful purpose without obligation to you.

12. Termination and suspension

You may stop using the Services and cancel your subscription at any time, for example through the billing or account settings page or by contacting us. Cancellation usually takes effect at the end of your current billing period unless stated otherwise.

We may suspend or end your access to all or part of the Services at any time, for example if:

  • you violate these Terms,
  • you fail to pay fees when due,
  • we are required to do so by law or a third party provider, or
  • we decide to discontinue the Services.

If your account is terminated, your right to use the Services ends immediately, and we may delete or disable access to your account and data, subject to any legal obligations to retain it.

Sections that by their nature should survive termination will continue to apply, including confidentiality, intellectual property, disclaimers, limitations of liability, and indemnity.

13. Disclaimers

To the maximum extent allowed by law, the Services are provided “as is” and “as available”.

SecAlly and its suppliers do not make any promises or warranties about the Services, including any implied warranties of merchantability, fitness for a particular purpose, non infringement, or that the Services will be uninterrupted or error free.

Among other things, we do not warrant that:

  • every vulnerability will be found,
  • there will be no false positives, or
  • the Outputs are correct, complete, or suitable for your specific environment.

You use the Services and Outputs at your own risk.

Some jurisdictions do not allow the exclusion of certain warranties, so some of the above may not apply to you.

14. Limitation of liability

To the maximum extent allowed by law:

  • SecAlly will not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or goodwill, arising out of or related to the Services or these Terms, even if we have been advised of the possibility of such damages.
  • SecAlly’s total liability for all claims arising out of or relating to the Services or these Terms will not exceed the greater of:
    • the amounts you paid to SecAlly for the Services in the six months before the event giving rise to the claim, or
    • one hundred US dollars (USD 100).

Nothing in these Terms limits liability that cannot be limited under applicable law.

15. Indemnification

You agree to indemnify and hold harmless SecAlly and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising out of or related to:

  • your use of the Services,
  • your User Content, or
  • your violation of these Terms or any law or third party rights.

We may control the defense of any claim subject to indemnification and you will cooperate with us.

16. Governing law and venue

These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict of law rules.

Any dispute arising out of or related to these Terms or the Services that is not subject to mandatory arbitration or other mandatory rules will be brought only in the state or federal courts located in Delaware, and you and SecAlly consent to the jurisdiction and venue of those courts.

17. Changes to the Services

We may change, suspend, or discontinue all or part of the Services at any time. If we discontinue the Services in a material way, we will try to give reasonable notice where practical.

We are not liable to you or others for any change, suspension, or discontinuation of the Services, subject to any obligations under an active order or subscription.

18. Miscellaneous

  • Entire agreement – These Terms and the Privacy Policy form the entire agreement between you and SecAlly regarding the Services and replace any prior agreements.
  • Assignment – You may not assign or transfer these Terms without our prior written consent. We may assign these Terms as part of a merger, acquisition, sale of assets, or similar event.
  • Severability – If any provision of these Terms is held invalid, the remaining provisions will remain in full force and effect.
  • No waiver – If we do not enforce a provision, it does not mean we waive the right to enforce it later.

19. Contact

For questions or concerns related to these Terms, please contact us at: support@secally.com