Terms of Service
These Terms of Service ("Terms") govern your access to and use of the security scanning services provided by Literal Security ("we," "us," "our"), including our website, dashboard, MCP server, browser/IDE extensions, command-line tool, git hooks, REST APIs, and probes (collectively, the "Service"). By using the Service, you agree to these Terms.
1. Acceptance
By creating an account, installing any of our client deliverables, or otherwise using the Service, you confirm that you have read, understood, and agree to be bound by these Terms and the Privacy Policy. If you do not agree, do not use the Service.
If you use the Service on behalf of an organization, you represent that you have authority to bind that organization, and "you" refers to both you and the organization.
2. Eligibility
You must be at least 18 years old to use the Service. By using the Service you represent that you meet this requirement and that all information you provide is accurate.
3. Account
- You're responsible for safeguarding your bearer tokens, OAuth credentials, and passwords. Treat them like API keys.
- You're responsible for all activity that occurs under your account.
- Notify us immediately if you suspect unauthorized access at @literalsec on X · hello@literalsec.com.
- One person or organization per account. You may not share login credentials.
4. Acceptable use
You agree NOT to:
- Use the Service to attack, probe, or scan systems you do not own or have explicit written permission to test.
- Reverse-engineer, decompile, or attempt to extract the source code of our backend.
- Resell, sublicense, or repackage the Service without our written consent.
- Submit content that infringes third-party rights, violates law, or contains malware.
- Use the Service to develop a competing product.
- Circumvent rate limits, abuse trial credit, or otherwise abuse our infrastructure.
- Use the Service in a manner that could damage, disable, overburden, or impair it.
Violations may result in immediate suspension or termination without refund.
5. Probe authorization
Probes execute network-level checks against URLs you designate. You must own or have written authorization to test every target. By initiating a probe you represent and warrant that you have such authorization. We may require domain verification (DNS TXT record) before running probes against a given hostname.
Unauthorized scanning of third-party systems may violate the Indian IT Act, the US Computer Fraud and Abuse Act, the UK Computer Misuse Act, and similar laws in other jurisdictions. You are solely responsible for ensuring your use of probes is lawful.
6. Pricing, billing, and subscriptions
- Free state: You may use the Service at no cost until we surface your first real (medium or above severity) vulnerability through a scan or probe. After that trigger, continued use of probe features requires a paid subscription.
- Paid plans: Solo ($14.99/mo), Startup ($49.99/mo), Business ($149.99/mo). Annual plans available at a discount.
- Billing: Processed by Dodo Payments. All prices are in US Dollars unless otherwise indicated. Indian GST may apply to Indian customers.
- Auto-renewal: Subscriptions renew automatically until cancelled. You may cancel anytime from your dashboard.
- Price changes: We may change prices with 30 days' notice via email. Changes do not affect your current billing cycle.
- Taxes: You are responsible for any taxes that apply to your purchase. We collect Indian GST where required.
7. Refunds
Refunds are governed by our Refund Policy. In summary: monthly subscriptions are non-refundable; annual subscriptions are refundable within 14 days of purchase if unused.
8. Intellectual property
- Our IP: The Service, including the scanner engine, rule database, dashboard, extensions, CLI, and all related artwork and documentation, is owned by Literal Security and protected by Indian and international IP law.
- Your IP: You retain all rights to the source code you submit to the Service. We claim no ownership over your code.
- Findings: Security findings generated by the Service belong to you. You may share them, fix them, or ignore them.
- License grant to us: You grant us a worldwide, non-exclusive, royalty-free license to process your submitted code for the sole purpose of providing the Service to you. We do not use your code to train AI models, sell, or share with third parties beyond the subprocessors listed in our Privacy Policy.
- Feedback: If you send us feedback or suggestions, we may use them without obligation.
9. Service availability
We aim for 99.5% uptime on paid tiers. Maintenance windows are announced in advance when feasible. We do not offer a formal SLA on the free tier.
The Service is provided "as is" and "as available." We may modify, suspend, or discontinue parts of the Service at our discretion, with reasonable notice for material changes.
10. Disclaimers
The Service is a security tool, not a security guarantee. Static and dynamic scans cannot detect every vulnerability. Reliance on the Service does not absolve you of the responsibility to follow secure development practices, perform manual code review, or engage human security expertise where appropriate.
To the maximum extent permitted by law, the Service is provided "AS IS" without warranties of any kind, express or implied, including merchantability, fitness for a particular purpose, accuracy, and non-infringement.
11. Limitation of liability
To the maximum extent permitted by law, in no event shall Literal Security or its founder be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including damages for loss of profits, goodwill, use, data, or other intangible losses (whether in contract, tort, or otherwise) arising out of or in connection with the Service.
Our total cumulative liability for any claim arising out of or relating to the Service shall not exceed the amount you paid us in the 12 months preceding the event giving rise to the claim, or one hundred US dollars (USD 100), whichever is greater.
12. Indemnification
You agree to indemnify, defend, and hold harmless Literal Security from any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from: (a) your use of the Service in violation of these Terms; (b) your violation of any law or third-party right; or (c) your use of probes against systems you did not have authorization to test.
13. Termination
- By you: Cancel anytime from your dashboard. Your access continues until the end of the billing period.
- By us: We may suspend or terminate your account for material breach of these Terms, with notice where feasible. We may terminate without notice for serious abuse.
- Effect: On termination, your right to use the Service ends immediately. We will delete your data per our retention policy in the Privacy Policy.
14. Governing law and dispute resolution
These Terms are governed by the laws of India, excluding conflict-of-law rules. Any dispute arising out of or relating to these Terms or the Service shall be subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka, India.
Before initiating litigation, the parties agree to attempt good-faith resolution through email correspondence at @literalsec on X · hello@literalsec.com for at least 30 days. Unresolved disputes shall be referred to binding arbitration under the Arbitration and Conciliation Act, 1996, conducted in English in Bengaluru by a sole arbitrator mutually agreed by the parties (or, failing agreement, appointed under the Act).
15. Changes to these Terms
We may update these Terms from time to time. Material changes will be announced via email to your account address at least 14 days before they take effect. Continued use of the Service after the change constitutes acceptance.
16. Miscellaneous
- Entire agreement: These Terms and the Privacy Policy constitute the entire agreement between you and us regarding the Service.
- Severability: If any provision is found unenforceable, the rest remains in effect.
- No waiver: Failure to enforce any provision is not a waiver.
- Assignment: You may not assign these Terms without our written consent. We may assign them to a successor entity (e.g., as part of a corporate transaction).
- Notices: Notices to you will be sent via email to your account address. Notices to us should be sent to @literalsec on X · hello@literalsec.com.
- Force majeure: Neither party is liable for delays caused by events beyond reasonable control (acts of God, government action, internet outages, etc.).
17. Contact
Email: @literalsec on X · hello@literalsec.com