Back to Legal

Acceptable Use Policy

Last updated: February 2025

TL;DR

  • • Only scan code you own or have permission to scan.
  • • Don't use VibeGuard to attack systems or find vulnerabilities for malicious purposes.
  • • Don't try to circumvent licensing or abuse the service.
  • • Be a good citizen. Don't make us write more rules.

Purpose

VibeGuard is a security tool designed to help developers find and fix vulnerabilities in their own code. This Acceptable Use Policy ensures the tool is used responsibly and legally.

Permitted Uses

You may use VibeGuard to:

  • Scan code you own
  • Scan code you have explicit authorization to test
  • Scan open-source projects (for contributing fixes, not exploitation)
  • Integrate into your CI/CD pipelines for your projects
  • Generate patches for vulnerabilities in your codebase
  • Learn about security vulnerabilities and remediation

Prohibited Uses

You may NOT use VibeGuard to:

Attack or Exploit Systems

  • Scan code or systems without authorization
  • Find vulnerabilities for malicious exploitation
  • Develop malware, exploits, or attack tools
  • Conduct penetration testing without proper authorization
  • Probe production systems for weaknesses

Abuse the Service

  • Circumvent licensing restrictions or usage limits
  • Share Pro accounts or API keys with unauthorized users
  • Reverse engineer, decompile, or modify the software (beyond what's legally permitted)
  • Use automated means to abuse free tier limits
  • Resell or redistribute the service without authorization

Harm Others

  • Use findings to blackmail, extort, or harm individuals or organizations
  • Publicly disclose vulnerabilities in others' code without responsible disclosure
  • Use the service in any way that violates applicable laws

Responsible Disclosure

If you use VibeGuard to discover vulnerabilities in open-source projects:

  • Follow responsible disclosure practices
  • Report vulnerabilities to maintainers privately first
  • Give maintainers reasonable time to fix before public disclosure
  • Don't exploit vulnerabilities you discover

BYOK and LLM Usage

When using the patch feature with your own LLM API key:

  • You're responsible for complying with your LLM provider's terms
  • Don't use patch generation to create malicious code
  • Review all generated patches before applying them

Enforcement

Violations of this policy may result in:

  • Warning or suspension of your account
  • Permanent termination of service
  • Reporting to law enforcement if criminal activity is suspected
  • Legal action to recover damages

Reporting Violations

If you become aware of anyone violating this policy, please report it to abuse@vibeguard.co.

Changes

We may update this policy as needed. Continued use of VibeGuard constitutes acceptance of the current policy.

Questions?

Email legal@vibeguard.co