Terms of Service

2.1 You must create an account to use Deptic. Account creation requires a GitHub account.

2.2 You are responsible for maintaining the security of your account credentials, API keys, and any tokens associated with your account.

2.3 You must be at least 18 years old to create an account.

2.4 You may not create accounts using automated means or create multiple accounts to circumvent usage limits.

2.5 You are responsible for all activity that occurs under your account, including scans initiated by your API keys.

4.1 API keys issued by Deptic are single-use. Each key authorizes exactly one scan via the /api/scan-local or /api/scan-cli endpoints. After use, the key is permanently invalidated.

4.2 API keys must not be committed to public source code repositories, included in public Docker images, or transmitted over unencrypted connections.

4.3 If you suspect an API key has been compromised, revoke it immediately from Settings → API Keys. Deptic is not liable for scans triggered by compromised keys.

4.4 API keys for CI/CD use should be stored as encrypted secrets in your CI/CD platform (e.g., GitHub Actions Secrets, GitLab CI Variables).

5.1 By connecting your GitHub account, you grant Deptic read access to repository file trees and manifest files for repositories you explicitly choose to scan.

5.2 By enabling the Fix with PR feature, you authorize Deptic to create branches and open Pull Requests on repositories you own or have write access to. Deptic will only modify manifest files (package.json, pom.xml, go.mod, requirements.txt, etc.) — never source code files.

5.3 By enabling webhook auto-scan, you authorize Deptic to register a webhook on specified repositories. You can revoke this at any time by disabling auto-scan in the Deptic dashboard or deleting the webhook directly in GitHub repository settings.

5.4 Deptic's use of GitHub API is subject to GitHub's API Terms of Service. We use GitHub's API within published rate limits and do not cache repository data beyond what is necessary for scan completion.

6.1 Deptic and all its components — the scanning engine, frontend interface, API, and documentation — are the intellectual property of Balasanjeev C (the developer of Deptic). All rights reserved.

6.2 The Deptic name, logo, and brand assets may not be used without explicit written permission.

6.3 Your data remains yours. Scan results, SBOMs generated from your repositories, and compliance reports are owned by you. Deptic claims no ownership over content derived from your repositories.

6.4 Vulnerability data sourced from OSV.dev is provided under the OSV data license. CVE data from NVD is public domain. PURL specifications are governed by the PURL specification working group.

6.5 CycloneDX is a trademark of the CycloneDX project. SPDX is a trademark of the Linux Foundation. Deptic's use of these formats complies with their respective specifications and does not imply endorsement.

8.1 Deptic scans known vulnerability databases but cannot guarantee detection of every vulnerability. New CVEs are published daily. A scan result of zero active threats means no CVEs were found in our data sources at the time of the scan — it does not guarantee your software is secure.

8.2 SBOM completeness depends on the accuracy and completeness of manifest files in your repository. Deptic cannot detect dependencies that are not declared in supported manifest formats.

8.3 Compliance scores are provided for informational purposes. A score of 100/100 indicates that Deptic found all 7 NTIA minimum elements in the generated SBOM. It does not constitute legal compliance certification. Consult a qualified compliance professional for regulatory submissions.

8.4 Fix with PR recommendations are based on OSV.dev data at the time of the scan. Deptic verifies the recommended version against OSV before creating the PR, but cannot guarantee the recommended version is free of all security issues — including undisclosed vulnerabilities.

8.5 DEPTIC IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED.

10.1 You may delete your account at any time from Settings → Profile → Delete Account. This permanently deletes all your data as described in our Privacy Policy.

10.2 We may suspend or terminate accounts that violate these terms, with or without notice.

10.3 Upon termination, your right to use Deptic ends immediately. Sections on Intellectual Property, Disclaimers, Limitation of Liability, and Governing Law survive termination.

11.1 Cancellations: You may cancel your paid subscription at any time from your account settings. Cancellation will take effect at the end of your current billing cycle.

11.2 Refunds: Since Deptic is a digital service, all purchases are final. We do not offer refunds or credits for partial billing periods or unused time.

11.3 Exceptions: If you believe you were charged in error, please contact us within 7 days of the charge at balasnjeev1085@gmail.com. We will review requests on a case-by-case basis.