Terms of Service

1. Acceptance of Terms

By accessing or using ShipSafe (ship-safe.co), operated by Tomer Goldstein d/b/a ShipSafe, Reut 12B, Hod HaSharon 4529614, Israel, including our web application, CLI tool, and API, you agree to be bound by these Terms of Service. If you do not agree to all of these terms, you may not access or use the service.

These terms apply to all visitors, users, and others who access or use the service, whether on a free or paid plan.

2. Description of Service

ShipSafe is a SaaS security scanner designed for applications built with AI-assisted coding tools such as Cursor, Lovable, Bolt, and v0. The service allows you to:

• Submit a GitHub repository URL for automated security analysis
• Receive plain-English security reports identifying vulnerabilities, misconfigurations, and risks
• Run scans via the web dashboard or the ShipSafe CLI tool
• Submit the URL of a live, deployed web application you own or are authorized to test, for read-only runtime analysis (security headers, content security policy, exposed files, and secrets shipped to the browser in client-side code)
• Track scan history and compare results over time

ShipSafe performs automated code analysis and provides recommendations. It is not a substitute for professional security audits or penetration testing.

3. Account Terms

• Authentication is managed through Clerk. You may sign in using your email, GitHub account, or other supported providers.
• Each account is intended for use by a single individual. Sharing account credentials is not permitted.
• You are responsible for maintaining the security of your account and any activity that occurs under it.
• You must provide accurate and complete information when creating your account.
• You must be at least 16 years old to use ShipSafe. By creating an account, you confirm that you are at least 16 years of age.
• ShipSafe reserves the right to suspend or terminate accounts that violate these terms.

4. Acceptable Use

You agree not to:

• Use ShipSafe to scan repositories you do not own or have explicit authorization to scan
• Use the live-URL scan on any URL or deployed application you do not own or are not explicitly authorized to security-test
• Submit URLs that resolve to private, internal, loopback, or cloud-metadata addresses, or that are designed to attack, mislead, or overload ShipSafe's infrastructure
• Use the live-URL scan to test, probe, or enumerate systems belonging to third parties
• Attempt to reverse-engineer, decompile, or disassemble any part of the ShipSafe platform, scanning engine, or CLI tool
• Abuse the service by submitting an excessive number of scans designed to overload or disrupt our infrastructure
• Use scan results to exploit vulnerabilities in third-party applications
• Circumvent or attempt to circumvent scan limits, rate limits, or other usage restrictions
• Resell, redistribute, or sublicense access to ShipSafe or its scan reports without written permission
• Use automated scripts or bots to interact with the service outside of the official CLI tool and API

5. GitHub Integration

ShipSafe integrates with GitHub to read repository source code for security analysis. By using this feature:

• You grant ShipSafe read-only access to the repositories you explicitly submit for scanning
• ShipSafe only accesses repository content that you specifically request to be scanned — we do not browse, index, or access any other repositories in your account
• Repository code is processed for the purpose of generating security reports and is not stored permanently after scan completion
• You represent that you have the necessary rights and permissions to submit each repository for scanning
• You may revoke GitHub access at any time through your GitHub account settings

5b. Live-URL & Deployed-App Scanning

ShipSafe can scan a live, deployed application by URL. When you submit a URL, our servers make read-only HTTP GET requests to that URL and to the public assets it references (such as JavaScript bundles), comparable to what a web browser loads when visiting the page. By using this feature:

• You confirm that you own, operate, or are explicitly authorized to security-test the application at the URL you submit
• ShipSafe does not log in, submit forms, modify data, or send any request intended to change the application's state; the number and rate of requests are bounded
• ShipSafe analyzes the retrieved content for security issues and retains only the resulting findings, not the raw page or bundle content
• You accept that the target server will receive and may log these requests, including ShipSafe's IP address and User-Agent
• Requests to private, internal, loopback, or cloud-metadata addresses are refused

6. Subscription & Billing

ShipSafe offers both free and paid plans:

• Free plan: Includes up to 1 AI-powered scan per month at no cost. Rule-based scans are unlimited. Free plan usage is subject to change with reasonable notice.
• Pro Audit ($9 one-time): A one-time purchase that includes 3 AI-powered security scans.
• Growth ($19/month or $190/year): AI-powered security scans plus CLI access for ongoing protection.
• Shield ($39/month or $390/year): Full AI audit, CLI access, priority support, and a verified security badge with continuous monitoring.
• AI Fix Prompt ($4.99 one-time): A copy-pasteable fix prompt tailored to your AI coding tool.

Overage Scans: When you exhaust your plan's included AI scans, you may purchase additional scans individually at $1.99 per scan. Overage purchases are one-time charges processed through Polar and are non-refundable.

All payments are processed securely through Polar. ShipSafe does not store your payment card details directly. Purchase confirmations are provided by our payment processor, Polar.

Automatic renewal: Paid subscriptions renew automatically at the end of each billing period (monthly or annual) at the then-current price for your plan, charged to your payment method on file, until you cancel. By selecting a paid plan at checkout you provide affirmative consent to this automatic renewal. We will send a reminder email before each renewal with the renewal date, amount, and a link to cancel.

Cancellation: You may cancel at any time, with no cancellation fee, from your account settings (Billing) — cancellation is self-service and as easy as signing up; you do not need to contact us. Cancellation stops the next charge immediately and takes effect at the end of your current billing cycle, during which you retain access to paid features. Where required by applicable law (including the California Automatic Renewal Law and the U.S. FTC Negative Option Rule), cancellation methods are at least as simple as the method of enrollment.

Refund policy: New subscriptions are eligible for a full refund within 14 days of purchase, in accordance with the EU Consumer Rights Directive. After the 14-day period, no refunds are issued for partial billing periods. Overage charges ($1.99/scan) are non-refundable once incurred.

EU users: You have the right to withdraw from your subscription within 14 days of purchase without giving any reason. By using the service during this withdrawal period, you acknowledge that you have requested the service begin immediately and that you understand your right of withdrawal.

Israeli users: Under the Israeli Consumer Protection Law (Section 14C(4)(a)), you have the right to cancel a remote transaction for a digital service within 14 days of purchase, provided the service has not been fully performed. A cancellation fee of up to 5% of the transaction price or 100 NIS (whichever is lower) may apply. To exercise this right, contact support@ship-safe.co.

For billing inquiries, contact support@ship-safe.co.

7. Intellectual Property

• ShipSafe platform: The ShipSafe service, including its scanning engine, web application, CLI tool, documentation, and branding, is the intellectual property of ShipSafe. All rights are reserved.
• Your code: You retain full ownership of all source code you submit for scanning. ShipSafe claims no ownership rights over your code.
• Scan reports: ShipSafe retains ownership of all scan reports, including their format, structure, and analysis methodology. We grant you a perpetual, non-exclusive, royalty-free license to use, copy, and share scan reports generated during your subscription for your internal business purposes, including compliance documentation and sharing with auditors or clients. You may not resell scan reports as a standalone product. This license survives termination of your account for reports generated during your active subscription.

8. AI Analysis Disclaimer

ShipSafe uses AI-powered scanning to analyze source code for potential security vulnerabilities. While we strive for accuracy, AI analysis has inherent limitations that you should be aware of:

• AI-generated results may contain false positives — flagging code as vulnerable when it is not.
• AI-generated results may contain false negatives — failing to detect actual vulnerabilities present in your code.
• AI models may produce inaccurate or fabricated findings (commonly referred to as "hallucinations").

Scan results are informational only and should not be solely relied upon for security assurance, compliance certification, or as a substitute for professional security audits and penetration testing.

Scans of deployed applications may surface secrets, API keys, or tokens that were unintentionally included in production client-side code. Treat any such finding as potentially compromised: rotate the credential and remove it from the deployed build. ShipSafe reports these findings on a best-effort basis and does not guarantee that all exposed secrets are detected.

You are responsible for independently verifying scan findings and making your own security decisions. ShipSafe does not guarantee that your application is free of vulnerabilities based on scan results.

9. Disclaimer of Warranties

ShipSafe is provided on an “as is” and “as available” basis without warranties of any kind, either express or implied.

Security scans are performed on a best-effort basis using automated analysis. ShipSafe does not guarantee that all vulnerabilities will be detected, nor that your application is secure after receiving a clean scan report.

ShipSafe does not warrant that the service will be uninterrupted, error-free, or free of harmful components. You use the service at your own risk.

Consumer rights: Nothing in this section excludes or limits any statutory guarantee, warranty, or right that cannot be excluded under the law applicable to you as a consumer — including the EU/UK consumer guarantee of conformity and the consumer guarantees under the Australian Consumer Law. Those rights apply in addition to, and prevail over, the disclaimers above where they conflict.

10. Limitation of Liability

To the maximum extent permitted by applicable law, ShipSafe and its officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or goodwill, arising out of or in connection with your use of the service.

In no event shall ShipSafe's total liability to you exceed the amount you have paid to ShipSafe in the twelve (12) months preceding the event giving rise to the claim, or one hundred dollars ($100), whichever is greater.

Consumers in the EU, UK, and Switzerland: The exclusions and the cap above do not limit our liability for (a) death or personal injury caused by our negligence, (b) fraud or fraudulent misrepresentation, (c) failure to perform the core scanning service we agreed to provide, or (d) any other liability that cannot be limited or excluded under the mandatory consumer law applicable to you. For such consumers, we remain liable for foreseeable loss arising from a material breach of the service in accordance with applicable law; the cap continues to apply to indirect or unforeseeable losses to the fullest extent permitted.

11. Termination

Either party may terminate this agreement at any time. You may stop using the service and delete your account through your account settings or by contacting support.

ShipSafe may suspend or terminate your account if you (a) breach these terms, (b) engage in abusive, fraudulent, or unlawful use, or (c) create security or legal risk to the service or others. Except where immediate action is needed to stop abuse, illegal activity, or a security threat, we will give you reasonable advance notice.

Consumers in the EU, UK, and Switzerland: If we terminate or suspend your paid subscription for reasons not caused by your breach, we will give you at least 30 days' notice (except where immediate action is legally required) and refund the unused, pro-rata portion of your current billing period. You may cancel at any time without penalty.

Upon termination, you may request deletion of your data by contacting support@ship-safe.co. We will process data deletion requests within 30 days.

12. Indemnification

You agree to indemnify, defend, and hold harmless ShipSafe and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising out of or in connection with:

1. Your violation of these Terms of Service
2. Your unauthorized scanning of repositories, URLs, or deployed applications that you do not own or do not have explicit permission to scan
3. Your misuse of scan results, including using findings to exploit vulnerabilities in third-party systems
4. Your code, applications, or content
5. Your violation of any applicable law or third-party rights

13. Dispute Resolution

Informal resolution first: Before filing any formal claim or proceeding, you agree to contact us at support@ship-safe.co and attempt to resolve the dispute informally for at least 30 days.

Binding arbitration: Any unresolved disputes shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. Arbitration will be conducted in English, in Wilmington, Delaware or remotely at the election of the claimant.

Class action waiver: You agree to resolve disputes with ShipSafe only on an individual basis and waive any right to participate in a class action, class arbitration, or representative action.

Small claims exception: Either party may bring qualifying claims in small claims court in lieu of arbitration.

EU / UK / EEA / Switzerland users exception: If you are a consumer in the European Union, the United Kingdom, the EEA, or Switzerland, this arbitration clause and the Delaware forum selection do not apply to you. You may bring claims in the courts of your country of residence in accordance with applicable consumer protection laws, and the mandatory consumer law of your country applies.

Other consumers (including Singapore, India, Australia, Japan, and South Korea): Nothing in this section deprives you of the protection of mandatory consumer-protection laws of your country of residence, or of any right you have to bring proceedings in your local courts where such laws so provide. Where those laws conflict with this clause, they prevail.

Israeli users exception: If you are a consumer in Israel, the mandatory consumer-protection provisions of Israeli law (including the Consumer Protection Law, 5741-1981 and the Protection of Privacy Law, 5741-1981) apply to you. You may bring claims in the competent courts in Israel, and nothing in this arbitration clause limits your statutory rights under Israeli law.

14. Governing Law

These terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any disputes arising under these terms shall be subject to the exclusive jurisdiction of the courts located in the State of Delaware.

Consumer override: If you use ShipSafe as a consumer, this choice of law and forum does not override the mandatory consumer-protection laws of your country of residence. Where the law of your country grants you rights that cannot be waived by contract (including in the EU, UK, EEA, Switzerland, Australia, Singapore, India, Japan, and South Korea), those rights continue to apply to you and prevail over this clause to the extent of any conflict.

For users who are consumers residing in Israel, the mandatory provisions of Israeli law, including the Consumer Protection Law, 5741-1981 and the Protection of Privacy Law, 5741-1981, shall apply to the extent they cannot be derogated from by agreement. ShipSafe is operated by Tomer Goldstein, registered as an Osek Patur (exempt dealer) with the Israel Tax Authority.

15. Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under these terms where such failure or delay results from events beyond the reasonable control of the affected party, including but not limited to: natural disasters, acts of war or terrorism, pandemics, epidemics, government actions or orders, labor disputes, internet or infrastructure failures, cyberattacks, third-party service outages, or power failures. The affected party shall use commercially reasonable efforts to mitigate the impact of such events and resume performance as soon as practicable.

16. Severability

If any provision of these Terms of Service is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, or if modification is not possible, shall be severed from these terms. The remaining provisions shall continue in full force and effect.

17. Changes to Terms

ShipSafe reserves the right to modify these terms at any time. For material changes, we will provide at least 30 days' notice via email or a prominent notice on the service before the changes take effect.

Your continued use of the service after the effective date of any changes constitutes your acceptance of the updated terms. If you do not agree to the revised terms, you must stop using the service.

18. DMCA / Copyright Policy

Last updated: March 2026

Overview

ShipSafe respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act of 1998 ("DMCA"), we will respond expeditiously to claims of copyright infringement committed using the ShipSafe service.

Submitting a DMCA Takedown Notice

If you believe that your copyrighted work has been copied or made available through ShipSafe in a way that constitutes copyright infringement, please submit a written notice to our designated agent (see below) containing the following information:

1. Identification of the copyrighted work — a description of the copyrighted work that you claim has been infringed.
2. Identification of the infringing material — the URL(s) or other specific identification of the material that you claim is infringing, with enough detail for us to locate it.
3. Your contact information — your name, mailing address, telephone number, and email address.
4. Good faith statement — a statement that you have a good faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
5. Accuracy statement — a statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
6. Signature — a physical or electronic signature of the copyright owner or a person authorized to act on their behalf.

Counter-Notification Process

If you believe that your content was removed or disabled as a result of a mistake or misidentification, you may submit a counter-notification to our designated agent containing:

1. Your physical or electronic signature.
2. Identification of the material that has been removed or disabled, and the location at which the material appeared before it was removed or disabled.
3. A statement under penalty of perjury that you have a good faith belief that the material was removed or disabled as a result of mistake or misidentification.
4. Your name, address, and telephone number, and a statement that you consent to the jurisdiction of the federal court in your district (or, if outside the United States, any judicial district in which ShipSafe may be found), and that you will accept service of process from the person who provided the original takedown notification or an agent of such person.

Upon receipt of a valid counter-notification, we will forward it to the complaining party and restore the removed material within 10–14 business days, unless the complaining party notifies us that they have filed a court action seeking to restrain you from engaging in infringing activity.

Repeat Infringers

In accordance with the DMCA and other applicable law, ShipSafe has adopted a policy of terminating, in appropriate circumstances, the accounts of users who are deemed to be repeat infringers. ShipSafe may also, in its sole discretion, limit access to the service or terminate the accounts of any users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

Designated Agent

DMCA notices and counter-notifications should be sent to our designated agent:

19. Contact

ShipSafe is operated by Tomer Goldstein, a sole proprietor doing business as ShipSafe.