Terms of Service

1. Service description

CodeGuards.io is a SaaS platform that performs automated repository-aware review of code changes in connected Git repositories, including security review and code review depending on the products enabled for a workspace or repository. The service reviews commit diffs and merge requests, produces structured findings with severity ratings and remediation guidance, and makes those findings available through merge request comments, a web dashboard, and exportable reports.

Access is provided through a subscription plan plus usage-based billing. Each completed review run contributes to your usage count. Failed, cancelled, or errored runs are not billed.

2. Acceptable use

  • Use CodeGuards.io only on repositories and GitLab instances you are authorized to access and review.
  • Do not use findings or review output to facilitate attacks, unauthorized access, or harm to third parties.
  • Keep your access credentials, API keys, and personal access tokens secure and do not share them.
  • Do not attempt to circumvent platform rate limits, webhook quotas, or access controls.
  • Use the service in compliance with all applicable laws and regulations in your jurisdiction.

3. Repositories and code diffs

To perform a review, CodeGuards.io requests the diff of the commit or merge request from your Git provider using the access token you provide. Diffs are processed in memory during the review. CodeGuards.io does not clone, copy, or persistently store your source code or repository contents beyond what is required to generate and display findings.

Review metadata — including finding summaries, severity verdicts, affected file paths, acceptance decisions, and audit records — is stored to operate the dashboard, reporting features, and evidence trail. You can request deletion of workspace data subject to legal retention obligations.

4. Billing

  • Subscriptions renew automatically at the end of each billing period unless cancelled before renewal.
  • Usage charges (per completed review) are calculated at the end of each billing cycle and added to your invoice.
  • Failed or cancelled reviews — including those caused by expired tokens, unreadable diffs, or service errors — are not billed.
  • You may set a soft monthly review cap in your workspace settings; we will pause reviews when the cap is reached until you raise it.
  • Unpaid invoices past their due date may result in restricted or suspended access.
  • Refunds are evaluated case-by-case; contact team@codeguards.io with billing questions.

5. Audit trail and reports

For every completed review run, CodeGuards.io persists a timestamped, immutable record containing: the repository and commit identifier, the review verdict, individual findings, and any acceptance decisions with author and rationale. This audit trail is available for export and is designed to support evidence requirements for SOC 2, ISO 27001, and PCI-DSS audits. The existence of an audit trail does not constitute a certification or compliance attestation.

6. Termination

You may cancel your subscription at any time through your workspace settings. Access continues until the end of the current billing period. We may suspend or terminate access if the service is used in violation of these terms, applicable laws, or in a manner that threatens the integrity or availability of the platform.

7. Disclaimer and limitation of liability

CodeGuards.io is provided "as is." Automated review is an advisory process — findings represent issues identified in the reviewed diff but do not constitute a guarantee that a codebase is free of vulnerabilities or quality regressions. The absence of findings in a review does not mean that the reviewed code is secure. You remain responsible for the security of your applications and infrastructure.

To the extent permitted by applicable law, CodeGuards.io's liability for any claim arising out of or related to this service is limited to the amount paid for the service in the three months preceding the claim.

8. Changes to these terms

We may update these terms from time to time. Material changes will be communicated by email or by a notice in the workspace dashboard at least 14 days before they take effect. Continued use of the service after changes take effect constitutes acceptance of the updated terms.