Terms of Service

1. Acceptance of Terms

By accessing or using ShipSafe (ship-safe.co), operated by Tomer Goldstein d/b/a ShipSafe, Wilmington, DE 19801, United States, including our web application, CLI tool, and API, you agree to be bound by these Terms of Service. If you do not agree to all of these terms, you may not access or use the service.

These terms apply to all visitors, users, and others who access or use the service, whether on a free or paid plan.

2. Description of Service

ShipSafe is a SaaS security scanner designed for applications built with AI-assisted coding tools such as Cursor, Lovable, Bolt, and v0. The service allows you to:

• Submit a GitHub repository URL for automated security analysis
• Receive plain-English security reports identifying vulnerabilities, misconfigurations, and risks
• Run scans via the web dashboard or the ShipSafe CLI tool
• Track scan history and compare results over time

ShipSafe performs automated code analysis and provides recommendations. It is not a substitute for professional security audits or penetration testing.

3. Account Terms

• Authentication is managed through Clerk. You may sign in using your email, GitHub account, or other supported providers.
• Each account is intended for use by a single individual. Sharing account credentials is not permitted.
• You are responsible for maintaining the security of your account and any activity that occurs under it.
• You must provide accurate and complete information when creating your account.
• You must be at least 16 years old to use ShipSafe.
• ShipSafe reserves the right to suspend or terminate accounts that violate these terms.

4. Acceptable Use

You agree not to:

• Use ShipSafe to scan repositories you do not own or have explicit authorization to scan
• Attempt to reverse-engineer, decompile, or disassemble any part of the ShipSafe platform, scanning engine, or CLI tool
• Abuse the service by submitting an excessive number of scans designed to overload or disrupt our infrastructure
• Use scan results to exploit vulnerabilities in third-party applications
• Circumvent or attempt to circumvent scan limits, rate limits, or other usage restrictions
• Resell, redistribute, or sublicense access to ShipSafe or its scan reports without written permission
• Use automated scripts or bots to interact with the service outside of the official CLI tool and API

5. GitHub Integration

ShipSafe integrates with GitHub to read repository source code for security analysis. By using this feature:

• You grant ShipSafe read-only access to the repositories you explicitly submit for scanning
• ShipSafe only accesses repository content that you specifically request to be scanned — we do not browse, index, or access any other repositories in your account
• Repository code is processed for the purpose of generating security reports and is not stored permanently after scan completion
• You represent that you have the necessary rights and permissions to submit each repository for scanning
• You may revoke GitHub access at any time through your GitHub account settings

6. Subscription & Billing

ShipSafe offers both free and paid plans:

• Free plan: Includes up to 1 AI-powered scan per month at no cost. Rule-based scans are unlimited. Free plan usage is subject to change with reasonable notice.
• Pro Audit ($9 one-time): A one-time purchase that includes 3 AI-powered security scans.
• Launch-Ready Badge ($19/month or $190/year): Verified security badge for your project with ongoing monitoring.
• Monitoring ($15/month or $150/year): Continuous security monitoring and alerts for your repositories.
• CLI Solo ($12/month or $120/year): Expanded scan limits and CLI access for individual developers.
• CLI Builder ($29/month or $290/year): Advanced CLI features, priority support, and increased limits for active builders.
• CLI Agency ($59/month or $590/year): Full CLI access with team features, shared dashboards, and agency-level scan capacity.

All payments are processed securely through Polar. ShipSafe does not store your payment card details directly.

Paid subscriptions renew automatically at the end of each billing period. You may cancel your subscription at any time through your account settings. Cancellations take effect at the end of the current billing cycle — you will retain access to paid features until then.

Refund policy: New subscriptions are eligible for a full refund within 14 days of purchase, in accordance with the EU Consumer Rights Directive. After the 14-day period, no refunds are issued for partial billing periods. Overage charges ($1.99/scan) are non-refundable once incurred.

EU users: You have the right to withdraw from your subscription within 14 days of purchase without giving any reason. By using the service during this withdrawal period, you acknowledge that you have requested the service begin immediately and that you understand your right of withdrawal.

For billing inquiries, contact support@ship-safe.co.

7. Intellectual Property

• ShipSafe platform: The ShipSafe service, including its scanning engine, web application, CLI tool, documentation, and branding, is the intellectual property of ShipSafe. All rights are reserved.
• Your code: You retain full ownership of all source code you submit for scanning. ShipSafe claims no ownership rights over your code.
• Scan reports: ShipSafe retains ownership of all scan reports, including their format, structure, and analysis methodology. We grant you a perpetual, non-exclusive, royalty-free license to use, copy, and share scan reports generated during your subscription for your internal business purposes, including compliance documentation and sharing with auditors or clients. You may not resell scan reports as a standalone product. This license survives termination of your account for reports generated during your active subscription.

8. AI Analysis Disclaimer

ShipSafe uses AI-powered scanning to analyze source code for potential security vulnerabilities. While we strive for accuracy, AI analysis has inherent limitations that you should be aware of:

• AI-generated results may contain false positives — flagging code as vulnerable when it is not.
• AI-generated results may contain false negatives — failing to detect actual vulnerabilities present in your code.
• AI models may produce inaccurate or fabricated findings (commonly referred to as "hallucinations").

Scan results are informational only and should not be solely relied upon for security assurance, compliance certification, or as a substitute for professional security audits and penetration testing.

You are responsible for independently verifying scan findings and making your own security decisions. ShipSafe does not guarantee that your application is free of vulnerabilities based on scan results.

9. Disclaimer of Warranties

ShipSafe is provided on an “as is” and “as available” basis without warranties of any kind, either express or implied.

Security scans are performed on a best-effort basis using automated analysis. ShipSafe does not guarantee that all vulnerabilities will be detected, nor that your application is secure after receiving a clean scan report.

ShipSafe does not warrant that the service will be uninterrupted, error-free, or free of harmful components. You use the service at your own risk.

10. Limitation of Liability

To the maximum extent permitted by applicable law, ShipSafe and its officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or goodwill, arising out of or in connection with your use of the service.

In no event shall ShipSafe's total liability to you exceed the amount you have paid to ShipSafe in the twelve (12) months preceding the event giving rise to the claim, or one hundred dollars ($100), whichever is greater.

11. Termination

Either party may terminate this agreement at any time. You may stop using the service and delete your account through your account settings or by contacting support.

ShipSafe reserves the right to suspend or terminate your account if you violate these terms, engage in abusive behavior, or for any other reason at our sole discretion with reasonable notice.

Upon termination, you may request deletion of your data by contacting support@ship-safe.co. We will process data deletion requests within 30 days.

12. Indemnification

You agree to indemnify, defend, and hold harmless ShipSafe and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising out of or in connection with:

1. Your violation of these Terms of Service
2. Your unauthorized scanning of repositories you do not own or have permission to scan
3. Your misuse of scan results, including using findings to exploit vulnerabilities in third-party systems
4. Your code, applications, or content
5. Your violation of any applicable law or third-party rights

13. Dispute Resolution

Informal resolution first: Before filing any formal claim or proceeding, you agree to contact us at support@ship-safe.co and attempt to resolve the dispute informally for at least 30 days.

Binding arbitration: Any unresolved disputes shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. Arbitration will be conducted in English, in Wilmington, Delaware or remotely at the election of the claimant.

Class action waiver: You agree to resolve disputes with ShipSafe only on an individual basis and waive any right to participate in a class action, class arbitration, or representative action.

Small claims exception: Either party may bring qualifying claims in small claims court in lieu of arbitration.

EU users exception: If you are a consumer in the European Union, this arbitration clause does not apply to you. You may bring claims in the courts of your country of residence in accordance with applicable consumer protection laws.

14. Governing Law

These terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any disputes arising under these terms shall be subject to the exclusive jurisdiction of the courts located in the State of Delaware.

15. Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under these terms where such failure or delay results from events beyond the reasonable control of the affected party, including but not limited to: natural disasters, acts of war or terrorism, pandemics, epidemics, government actions or orders, labor disputes, internet or infrastructure failures, cyberattacks, third-party service outages, or power failures. The affected party shall use commercially reasonable efforts to mitigate the impact of such events and resume performance as soon as practicable.

16. Severability

If any provision of these Terms of Service is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, or if modification is not possible, shall be severed from these terms. The remaining provisions shall continue in full force and effect.

17. Changes to Terms

ShipSafe reserves the right to modify these terms at any time. For material changes, we will provide at least 30 days' notice via email or a prominent notice on the service before the changes take effect.

Your continued use of the service after the effective date of any changes constitutes your acceptance of the updated terms. If you do not agree to the revised terms, you must stop using the service.

18. Contact

ShipSafe is operated by Tomer Goldstein, a sole proprietor doing business as ShipSafe.