Table of Contents — 20 Sections + Amendments
Legal Document

Terms of Service

Last Updated: May 4, 2026 Effective: May 1, 2026 Version: 1.1

These Terms govern your access to and use of the Frogeye platform, including all features, tools, APIs, browser extensions, software development kits, and associated services (collectively, the "Service") made available by Frogeye, Inc., a Delaware corporation. By accessing or using the Service in any way — including using any Frogeye MCP tool, visiting frogeye.ai, or installing the Frogeye SDK — you agree to be bound by these Terms.

1 Acceptance of Terms

By accessing or using the Service, you represent that you have read, understood, and agree to be bound by these Terms and our Privacy Policy, which is incorporated herein by reference.

Anonymous and MCP Use

The Free tier permits anonymous access to the Service via the Model Context Protocol ("MCP") without creating an account. Even if you use the Service anonymously — including by invoking any Frogeye MCP tool (such as frogeye_scan, frogeye_learn, frogeye_correlate, or frogeye_register) through a third-party AI assistant — such use constitutes your acceptance of these Terms in full.

Minors

The Service is not directed to individuals under the age of 16. By using the Service, you represent that you are at least 16 years old. If you are between the ages of 16 and 18, you represent that your legal guardian has reviewed and agreed to these Terms on your behalf.

Updates

We may update these Terms from time to time. Your continued use of the Service after the effective date of any update constitutes your acceptance of the revised Terms. See Section 16 (Modifications to Terms) for how we notify you of material changes.

2 Description of Services

Frogeye provides AI-powered security scanning and vulnerability detection tools for software developers. The Service is offered in three subscription tiers:

Tier Price Scan Quota Key Features
Tadpole Free
$0 50 scans / day MCP protocol access, community vulnerability patterns, anonymous use permitted
Frog Pro
$15.00 / mo 500 scans / day Full MCP access, web dashboard, scan history & trend analysis, priority pattern updates, email support
Apex Apex
$29.00 / mo 500+ scans / day Local SDK deployment, all Frog features, local-first privacy architecture, priority support

2.1 Tadpole (Free Tier)

Access model: Anonymous access permitted; no account required. Scan quota: Up to 50 scans per day. Code submitted for scanning is processed transiently and is not stored. Community support only; no guaranteed response times. Frogeye reserves the right to modify, restrict, or discontinue Free tier access at any time without prior notice.

2.2 Frog (Pro Tier) — $15.00/month

Requires a registered account via GitHub OAuth or Google OAuth. Full MCP protocol access; web dashboard with scan history, trend analysis, and vulnerability reporting; priority access to pattern updates from the Frogeye knowledge graph; email support. Code submitted for scanning is processed transiently and is not stored. Anonymized scan metadata may be retained per Section 7.

2.3 Apex Tier — $29.00/month

Requires a registered account via GitHub OAuth or Google OAuth. All Frog features plus local SDK deployment and priority support.

Apex tier local-first architecture: Code stays in your environment. Security analysis runs through your local MCP client. To power AI-based detection, code snippets are converted to anonymized mathematical embeddings before transmission — your raw source files are never uploaded to Frogeye. These embedding vectors are designed for pattern similarity matching only and cannot be used to reconstruct your original source code. This local-first architecture is the defining privacy and security feature of the Apex tier and applies exclusively to Apex; it does not apply to the Free (Tadpole) or Frog (Pro) tiers.

2.4 Service Availability

Frogeye does not guarantee any specific level of uptime or availability. The Service is provided on an "as-is" and "as-available" basis. See Section 11 (Disclaimer of Warranties) for the full disclaimer.

3 Account Registration

3.1 Authentication Methods

Account creation for the Frog and Apex tiers requires authentication via GitHub OAuth or Google OAuth. Frogeye does not offer password-based accounts. By authenticating via a third-party OAuth provider, you agree to be bound by that provider's terms of service and privacy policy in addition to these Terms.

3.2 Anonymous Use

The Tadpole (Free) tier does not require account registration. Anonymous users may access the Service via MCP tools without providing any personally identifiable information, subject to the rate limits and feature restrictions of the Free tier.

3.3 Account Representations

By creating an account, you represent and warrant that:

  • (a) all information you provide during registration is accurate, current, and complete;
  • (b) you will maintain the accuracy of your account information and promptly update it if it changes;
  • (c) you are authorized to create an account using the OAuth credentials you provide (i.e., the GitHub or Google account belongs to you or your organization has authorized its use);
  • (d) your use of the Service will comply with all applicable laws, regulations, and these Terms.

3.4 Account Security

You are solely responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You agree to notify Frogeye immediately at security@frogeye.ai if you suspect unauthorized access to or use of your account. Frogeye is not liable for any loss or damage arising from your failure to maintain the security of your credentials.

3.5 One Account Per User

Each individual or entity may maintain only one active account, unless Frogeye expressly permits otherwise in writing (e.g., for organizational team accounts). Creating duplicate accounts to circumvent rate limits or other restrictions is prohibited.

4 Acceptable Use Policy

4.1 Authorization Requirement

You must have lawful authorization to scan any code or system you submit to the Service. This means:

  • (a) Your own code: You may scan code that you own or have written.
  • (b) Employer or client code: You may scan code belonging to your employer or a client only if your role grants you authorization to conduct security scanning on such code.
  • (c) Open source code: You may scan open source code only if your scanning activity complies with the applicable open source license and does not violate any access controls or terms of that project.
  • (d) Third-party proprietary code: You may not scan third-party proprietary code unless you have explicit written authorization from the code owner to conduct security scanning.

You represent and warrant, with respect to each scan you submit, that you have the authorization described above. You bear sole responsibility for ensuring you have the required authorization before scanning.

4.2 Compliance with Law

You agree to use the Service in compliance with all applicable laws and regulations, including but not limited to the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the Electronic Communications Privacy Act, and applicable state and international computer crime laws.

4.3 Rate Limits and Quotas

You agree not to circumvent, bypass, or attempt to exceed the scan quotas applicable to your tier. This includes creating multiple accounts, using automated tools to rotate identities, or any other method designed to obtain more scans than your tier permits.

4.4 Good Faith Security Research

If you are a security researcher using the Service to identify vulnerabilities in systems, you are responsible for ensuring your research activities comply with applicable law and the policies of the system owner. Frogeye does not authorize you to scan systems you do not own or have permission to test, regardless of whether your research intent is benign.

5 Prohibited Uses

You agree that you will not use the Service to:

  • (a) Unauthorized scanning: Scan, probe, or test the security of any system, network, code, or application without explicit authorization from the system or code owner.
  • (b) Illegal activity: Engage in any activity that violates applicable local, state, national, or international law or regulation.
  • (c) Weaponization: Use vulnerability findings, scan results, or pattern data obtained through the Service to exploit, attack, compromise, damage, or gain unauthorized access to any system, network, or device. Scan results are intended for defensive security purposes only.
  • (d) Reverse engineering: Attempt to reverse engineer, decompile, disassemble, or derive source code from the Frogeye platform, knowledge graph, pattern matching algorithms, embedding models, or any other proprietary component of the Service.
  • (e) Pattern exfiltration: Systematically extract, scrape, download, or exfiltrate vulnerability patterns, knowledge graph data, or any other proprietary data from the Service, including via automated means.
  • (f) API abuse: Send requests to the Service at rates or volumes that unreasonably burden Frogeye's infrastructure, including distributed denial-of-service attacks, flood attacks, or automated scanning beyond your permitted quota.
  • (g) Resale: Resell, sublicense, redistribute, or provide the Service (or access to it) to third parties without Frogeye's express written authorization.
  • (h) Impersonation: Impersonate any person or entity, misrepresent your affiliation with any person or entity, or falsely claim authorization to scan code or systems.
  • (i) Malware: Upload, transmit, or introduce any virus, worm, trojan, ransomware, or other malicious code to the Service.
  • (j) Interference: Interfere with or disrupt the integrity or performance of the Service or the data of other users.

6 Intellectual Property Rights

6.1 Frogeye's Proprietary Rights

Frogeye owns all right, title, and interest in and to the Service, including but not limited to: the Frogeye platform and all its software components; the vulnerability knowledge graph and all patterns, signatures, and data therein; the pattern matching algorithms and embedding models; all associated trademarks, service marks, logos, and trade names; and all improvements, updates, and derivative works of any of the foregoing.

Nothing in these Terms grants you any ownership interest in the Service or Frogeye's intellectual property. Any rights not expressly granted herein are reserved by Frogeye.

6.2 Your Ownership of Code

You retain all right, title, and interest in and to any source code, repositories, or other materials you submit to the Service for scanning. Submitting code to the Service does not transfer any ownership rights to Frogeye.

6.3 Scan Results

Scan results generated by the Service based on your submitted code are yours. Frogeye does not claim ownership of individual scan results generated for your specific code.

6.4 License to Process Submitted Code (Tadpole and Frog Tiers)

For the Tadpole (Free) and Frog (Pro) tiers, where code is transmitted to Frogeye's servers for processing, you grant Frogeye a limited, non-exclusive, royalty-free license to:

  • (a) receive and transiently process your code for the purpose of performing the requested security scan; and
  • (b) extract and retain anonymized vulnerability pattern signatures — with all identifying information removed, including file names, variable names, code structure, and any other information that could identify you or your code — for the purpose of improving and expanding the Frogeye vulnerability knowledge graph.

This license does not include any right to: store your raw source code; use your source code to train AI or machine learning models; or share, license, or transfer your source code or identifiable derivatives thereof to any third party.

6.5 License Scope for Apex Tier

For the Apex tier, your source code is processed entirely on your local device and is never transmitted to Frogeye. Accordingly, Frogeye's license with respect to Apex tier usage is limited solely to the mathematical embedding vectors transmitted for pattern matching. Frogeye may use these vectors for the purpose of performing pattern matching against the knowledge graph. Frogeye has no right to use Apex tier vectors to reconstruct source code, identify the user's codebase, or train AI models.

6.6 Feedback

If you provide Frogeye with any feedback, suggestions, ideas, or improvements regarding the Service ("Feedback"), you grant Frogeye a perpetual, irrevocable, worldwide, royalty-free license to use, reproduce, modify, and incorporate such Feedback into the Service without any obligation to you.

6.7 DMCA Takedown and Counter-Notice Procedure

Frogeye respects intellectual property rights and complies with the Digital Millennium Copyright Act (17 U.S.C. § 512). If you believe content accessible through the Service infringes your copyright, you may submit a DMCA takedown notice to legal@frogeye.ai.

Counter-Notice Procedure: If you believe that content was removed or disabled as a result of a mistake or misidentification, you may submit a counter-notice to legal@frogeye.ai. A valid counter-notice must include:

  • (a) your full legal name, physical address, telephone number, and email address;
  • (b) identification of the content that was removed or disabled and the location (URL or description) where it appeared before removal;
  • (c) a statement under penalty of perjury that you have a good faith belief that the content was removed or disabled as a result of mistake or misidentification;
  • (d) a statement that you consent to the jurisdiction of the federal district court for the judicial district in which your address is located (or, if outside the United States, that you consent to jurisdiction in any judicial district in which Frogeye may be found); and
  • (e) your physical or electronic signature.

Upon receipt of a valid counter-notice, Frogeye will forward it to the original complainant and may restore the removed content after not less than 10 business days unless the complainant obtains a court order restraining restoration. Frogeye is not required to restore content and may decline to do so at its discretion.

7 User Content and Data

7.1 Tadpole and Frog Tiers — Code Processing

When you submit code for scanning via the Tadpole (Free) or Frog (Pro) tiers, your code is transmitted to Frogeye's servers and processed to perform the requested security analysis. Frogeye does not permanently store your raw source code. Code submitted for scanning is processed transiently in memory and is not written to persistent storage.

Frogeye may retain the following anonymized scan metadata:

  • Programming language detected
  • Category of vulnerability type detected (e.g., "SQL injection," "path traversal") — not the specific vulnerable code
  • Scan timestamp
  • Tier used (Tadpole or Frog)

Such metadata contains no raw code, no file paths, no variable names, no function names, and no information that could identify you or your specific codebase.

7.2 Knowledge Graph — Anonymized Patterns Only

Frogeye's vulnerability knowledge graph stores only anonymized vulnerability pattern signatures. The knowledge graph does not store raw source code, file paths, repository names, user identifiers, or any other information that could identify you or your code. The anonymization process is designed to be irreversible — anonymized patterns cannot be used to reconstruct the original code from which they were derived.

7.3 Apex Tier — Local Processing

Apex tier data commitment: Code stays in your environment. Security analysis runs through your local MCP client. To power AI-based detection, code snippets are converted to anonymized mathematical embeddings before transmission — your raw source files are never uploaded to Frogeye.

The transmitted embedding vectors:

  • (a) are numerical representations used solely for pattern similarity matching;
  • (b) are not designed to be reversible and cannot be used by Frogeye to reconstruct your source code;
  • (c) are not stored by Frogeye beyond what is necessary to complete the pattern matching operation; and
  • (d) do not contain file names, variable names, function names, or other code identifiers.

7.4 Authorization Representation

By submitting any code to the Service, you represent and warrant that you have all necessary rights, permissions, and authorizations to submit such code for scanning, including the right to grant Frogeye the limited license described in Section 6.4.

7.5 frogeye_learn Submissions — Explicit Confirmation Required

⚠ frogeye_learn submission confirmation: By submitting a vulnerability pattern via the frogeye_learn MCP tool, you explicitly confirm that:
  • (i) the code snippet is from a codebase you own or are expressly authorized to share with third-party services;
  • (ii) you are not submitting confidential, proprietary, or trade secret information belonging to your employer or any third party without their prior written consent; and
  • (iii) you understand that once anonymized and ingested, submitted patterns are incorporated into Frogeye's shared vulnerability knowledge graph and cannot be individually recalled or deleted.

Submitting a pattern via frogeye_learn constitutes your affirmative confirmation of the above representations at the time of each submission. If you cannot make these representations, do not submit the pattern.

7.6 MCP Indirect Data Flow Disclosure

When you use Frogeye via the MCP protocol through a third-party AI assistant (including, without limitation, Anthropic Claude, Cursor, GitHub Copilot, or any other AI coding assistant), scan results returned by Frogeye's MCP tools may appear in and become part of the context window of that third-party AI system. You acknowledge and agree that:

  • (a) Frogeye is not responsible for how third-party AI assistants handle, store, process, transmit, or use data that appears in their context windows, including Frogeye scan results;
  • (b) your use of Frogeye through a third-party AI assistant is also governed by that assistant's terms of service and privacy policy; and
  • (c) you assume all risk associated with transmitting Frogeye scan results through third-party AI assistant platforms.

Frogeye recommends that you review the privacy policies of any AI assistant you use with Frogeye's MCP tools before using the Service in this manner.

8 Privacy

8.1 Privacy Policy

Your use of the Service is also governed by Frogeye's Privacy Policy, which is incorporated into these Terms by reference. Please review the Privacy Policy carefully to understand how we collect, use, and share information.

8.2 Key Privacy Commitments

Without limiting the full terms of the Privacy Policy, Frogeye commits to the following:

  • (a) No sale of personal data. Frogeye does not sell your personal information to third parties.
  • (b) No raw code storage. Frogeye does not permanently store raw source code submitted for scanning (Tadpole or Frog tiers) or transmitted (Apex tier).
  • (c) Anonymized patterns only. The knowledge graph contains only anonymized vulnerability patterns, not raw code or user-identifiable information.
  • (d) GDPR and CCPA compliance. Frogeye complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for California residents. See the Privacy Policy for details on your rights and how to exercise them.

8.3 Anonymous Free Tier Users

Anonymous users who access the Service via the Tadpole (Free) tier without creating an account are not required to provide any personally identifiable information. Frogeye does not collect PII from anonymous Free tier users unless they subsequently create an account via OAuth.

9 Payment Terms

9.1 Payment Processor

All payments for Frog and Apex tier subscriptions are processed by Stripe, Inc. ("Stripe"). By subscribing, you agree to Stripe's terms of service and authorize Stripe to charge your designated payment method on Frogeye's behalf. Frogeye does not store your credit card or payment instrument information on its servers.

9.2 Pricing and Currency

Subscription fees are charged in United States Dollars (USD). Current pricing is:

Tier Monthly Price Notes
Tadpole (Free) $0.00 No payment required
Frog (Pro) $15.00 / month GitHub or Google OAuth required
Apex $29.00 / month GitHub or Google OAuth required

Frogeye reserves the right to change subscription pricing at any time, subject to the notice requirements in Section 16.

9.3 Billing Cycle

Subscriptions are billed on a monthly cycle. Your first billing date is the date you subscribe. Subsequent charges occur on the same calendar day of each month (or the last day of the month if the billing day does not exist in a given month).

9.4 Failed Payments

If your payment method is declined or a charge fails, Frogeye will attempt to reprocess the payment up to three times over a period of seven days. If payment remains unsuccessful after retry attempts, your subscription may be downgraded to the Tadpole (Free) tier and your access to Frog or Apex features will be suspended until payment is successfully processed.

9.5 Taxes

Subscription fees are exclusive of any applicable taxes (including VAT, GST, sales tax, or similar). You are responsible for paying all applicable taxes arising from your subscription, except for taxes based on Frogeye's net income. Where Frogeye is required by law to collect taxes on your behalf, such taxes will be added to and collected with your subscription fee.

9.6 Pro-ration

Frogeye does not pro-rate subscription fees for partial billing periods. If you upgrade from Frog to Apex mid-cycle, you will be charged the Apex rate at the start of the next billing cycle. Frogeye may, at its discretion, offer pro-rated credits for upgrades.

10 Subscription, Cancellation, and Refunds

10.1 Subscription Term

Frog and Apex subscriptions are monthly and renew automatically at the end of each billing cycle unless cancelled in accordance with this Section.

10.2 Cancellation

You may cancel your subscription at any time through your account settings or by contacting legal@frogeye.ai. Upon cancellation:

  • (a) your subscription will remain active through the end of the current billing period;
  • (b) you will not be charged for the following billing period; and
  • (c) your account will be downgraded to the Tadpole (Free) tier at the end of the billing period.

Cancellation does not entitle you to a refund for the current billing period.

10.3 Refund Policy

Frogeye does not provide refunds for partial subscription months. All charges are non-refundable, except:

  • (a) at Frogeye's sole discretion, refunds may be issued for documented service outages of significant duration (generally exceeding 72 consecutive hours of unavailability);
  • (b) as required by applicable law; or
  • (c) as expressly agreed in writing between you and Frogeye.

If you believe you are entitled to a refund, contact legal@frogeye.ai within 30 days of the charge in question.

10.4 Downgrade Rules

If you downgrade from Apex to Frog, or from Frog to Tadpole, the downgrade takes effect at the start of the next billing cycle. You retain access to higher-tier features through the end of the current billing period.

10.5 Data Upon Cancellation or Downgrade

Upon cancellation or downgrade:

  • (a) Frogeye will delete or anonymize any scan metadata associated with your account within 30 days of account termination, subject to legal hold or regulatory retention requirements.
  • (b) Anonymized vulnerability patterns contributed to the knowledge graph from your scans cannot be removed, as they are anonymized and are no longer associated with your account or your code.
  • (c) If you wish to delete your account in full, you may request account deletion through your account settings or by contacting legal@frogeye.ai. Account deletion will be processed within 30 days of your request.

11 Disclaimer of Warranties

⚖ Legal Notice — Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, FROGEYE EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

(a) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT;

(b) ANY WARRANTY THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, TIMELY, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS;

(c) ANY WARRANTY THAT THE SERVICE WILL DETECT ALL SECURITY VULNERABILITIES, BUGS, OR DEFECTS IN YOUR CODE. SCAN RESULTS ARE INFORMATIONAL ONLY AND DO NOT CONSTITUTE A SECURITY GUARANTEE, SECURITY AUDIT, OR CERTIFICATION THAT YOUR CODE IS SECURE OR FREE OF VULNERABILITIES. FALSE NEGATIVES (UNDETECTED VULNERABILITIES) AND FALSE POSITIVES (INCORRECTLY FLAGGED CODE) ARE POSSIBLE AND EXPECTED IN ANY AUTOMATED SECURITY TOOL. YOU SHOULD NOT RELY SOLELY ON FROGEYE FOR SECURITY ASSURANCE;

(d) ANY WARRANTY REGARDING THE ACCURACY, COMPLETENESS, OR RELIABILITY OF SCAN RESULTS; OR

(e) ANY WARRANTY THAT ANY PARTICULAR VULNERABILITY WILL BE DETECTED, THAT ALL KNOWN VULNERABILITY TYPES ARE COVERED, OR THAT THE SERVICE'S KNOWLEDGE GRAPH IS CURRENT OR COMPLETE.

Some jurisdictions do not allow the exclusion of implied warranties, so some of the above exclusions may not apply to you.

12 Limitation of Liability

12.1 Exclusion of Consequential Damages

⚖ Legal Notice — Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL FROGEYE, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY (INCLUDING CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE), ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF, OR INABILITY TO USE, THE SERVICE, EVEN IF FROGEYE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

12.2 Specific Exclusions

⚖ Specific Exclusions

WITHOUT LIMITING THE FOREGOING, FROGEYE IS SPECIFICALLY NOT LIABLE FOR:

(a) SECURITY BREACHES, DATA BREACHES, UNAUTHORIZED ACCESS, OR CYBERATTACKS THAT OCCUR IN SYSTEMS OR CODE THAT YOU SUBMITTED TO FROGEYE FOR SCANNING, WHETHER OR NOT FROGEYE DETECTED A VULNERABILITY IN SUCH CODE;

(b) VULNERABILITIES IN YOUR CODE THAT FROGEYE DID NOT DETECT OR REPORT;

(c) LOSSES ARISING FROM YOUR RELIANCE ON SCAN RESULTS AS A COMPLETE SECURITY ASSESSMENT;

(d) LOSS OF PROFITS, REVENUE, DATA, BUSINESS, OR GOODWILL; OR

(e) COSTS OF SUBSTITUTE SERVICES OR COVER.

12.3 Liability Cap

⚖ Aggregate Liability Cap

FROGEYE'S TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR YOUR USE OF THE SERVICE WILL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY YOU TO FROGEYE IN THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) USD $100.00 (ONE HUNDRED DOLLARS) IF YOU HAVE NOT PAID ANY FEES (INCLUDING TADPOLE FREE TIER USERS).

12.4 Essential Basis

The limitations of liability in this Section reflect a reasonable allocation of risk between you and Frogeye, and are an essential element of the basis of the bargain between the parties. Frogeye would not provide the Service on these terms without these limitations.

Some jurisdictions do not allow certain limitations of liability, so some of the above limitations may not apply to you.

13 Indemnification

You agree to defend, indemnify, and hold harmless Frogeye and its officers, directors, employees, agents, licensors, and service providers (collectively, "Frogeye Parties") from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, expenses, and fees (including reasonable attorneys' fees) arising out of or relating to:

  • (a) Unauthorized scanning: your scanning of code, systems, networks, or applications without the authorization required under Section 4;
  • (b) Acceptable Use violations: your violation of any provision of Section 4 (Acceptable Use Policy) or Section 5 (Prohibited Uses);
  • (c) IP infringement: any claim by a third party that code you submitted to the Service infringes or misappropriates any intellectual property right of that third party;
  • (d) Misuse of findings: your use of scan results or vulnerability findings to exploit, attack, or compromise any system, network, or device;
  • (e) Breach of representations: your breach of any representation or warranty made in these Terms; or
  • (f) Negligence or misconduct: your gross negligence or willful misconduct in connection with your use of the Service.

Frogeye reserves the right, at its own expense, to assume exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will cooperate with Frogeye in asserting any available defenses.

13.7 Submission Authorization Indemnification

Content submission liability: Submitting code or patterns you are not authorized to share exposes you — not Frogeye — to third-party claims. This clause makes that allocation explicit.

Without limiting the foregoing, you specifically agree to indemnify, defend, and hold harmless Frogeye and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

  • (a) your submission of any code, snippet, or pattern you were not authorized to share, including code owned by your employer, a client, or a third party without their express consent;
  • (b) your violation of any third party's intellectual property rights, trade secret rights, or confidentiality obligations in connection with your use of the Service; or
  • (c) any breach of your representation in Section 7.4 that you have full rights to submit the content you provide.

14 Third-Party Services

14.1 Third-Party Service Providers

The Service integrates with or relies upon the following third-party services:

  • (a) GitHub — OAuth authentication provider. Use of GitHub OAuth is governed by GitHub's Terms of Service and Privacy Policy.
  • (b) Google — OAuth authentication provider. Use of Google OAuth is governed by Google's Terms of Service and Privacy Policy.
  • (c) Stripe — Payment processing. Use of Stripe is governed by Stripe's Terms of Service and Privacy Policy.
  • (d) Third-party AI assistants and MCP host platforms — If you use Frogeye through a third-party AI assistant via the MCP protocol (e.g., Anthropic Claude, Cursor), that use is additionally governed by the terms of service and privacy policies of those third-party platforms.

14.2 No Responsibility for Third Parties

Frogeye is not responsible for the terms, privacy practices, security, availability, or conduct of any third-party service. The inclusion of links to or integrations with third-party services does not imply Frogeye's endorsement of such services. Your use of any third-party service is at your own risk and is subject to that service's terms and policies.

14.3 Third-Party Changes

Third-party services may change their terms, APIs, or availability at any time. Frogeye is not liable for any disruption to the Service caused by changes in third-party services beyond Frogeye's reasonable control.

15 Security Research and Responsible Disclosure

15.1 Frogeye's Commitment to Security Research

Frogeye respects and supports the security research community. We are committed to working collaboratively with security researchers who discover vulnerabilities in the Frogeye platform itself.

15.2 Reporting Vulnerabilities in Frogeye

If you discover a potential security vulnerability in the Frogeye platform, website, API, MCP server, or SDK, we ask that you report it responsibly to:

security@frogeye.ai

Please include: a clear description of the vulnerability; the potential impact; steps to reproduce; any proof-of-concept code (if applicable); and your contact information for follow-up.

We will acknowledge receipt of your report within 5 business days and will work with you in good faith to assess, remediate, and publicly disclose (where appropriate) confirmed vulnerabilities. Frogeye targets a 90-day remediation window for critical vulnerabilities, subject to complexity.

15.3 Safe Harbor

Frogeye will not initiate civil or criminal legal action against security researchers who:

  • (a) report discovered vulnerabilities to security@frogeye.ai in good faith before public disclosure;
  • (b) avoid accessing, modifying, or exfiltrating user data beyond what is strictly necessary to demonstrate the vulnerability;
  • (c) do not degrade or disrupt the availability of the Service;
  • (d) do not use discovered vulnerabilities for any purpose other than demonstrating the security issue to Frogeye; and
  • (e) comply with applicable law in the conduct of their research.

This safe harbor applies to good-faith security research on the Frogeye platform only. It does not authorize you to conduct security research on third-party systems.

15.4 Security.txt

Frogeye maintains a security.txt file at frogeye.ai/.well-known/security.txt in accordance with RFC 9116. The security.txt file contains current contact information, our public PGP key for encrypted disclosures, and links to this policy.

15.5 Users Scanning Third-Party Systems

If you use Frogeye as part of security research or penetration testing on third-party systems, you are solely responsible for ensuring your activities comply with all applicable laws, including the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the UK Computer Misuse Act, and equivalent laws in your jurisdiction. Frogeye's safe harbor in Section 15.3 does not extend to your activities on third-party systems.

16 Modifications to Terms

16.1 Right to Modify

Frogeye reserves the right to modify these Terms at any time. We will use reasonable efforts to provide notice of material changes.

16.2 Notice of Material Changes

For material changes to these Terms, Frogeye will provide at least 30 days' advance notice by:

  • (a) sending an email notification to the email address associated with your account (for registered Frog and Apex users); and
  • (b) posting a prominent notice on frogeye.ai and/or within the Frogeye dashboard.

Non-material changes (such as corrections, clarifications, or changes that do not adversely affect your rights) may be made without prior notice and will be effective upon posting.

16.3 Acceptance of Changes

Your continued use of the Service after the effective date of any modification constitutes your acceptance of the modified Terms. If you do not agree to the modified Terms, you must stop using the Service and, if applicable, cancel your subscription before the effective date of the change.

16.4 Right to Terminate

If you disagree with a material modification to these Terms and wish to terminate your account, you may do so in accordance with Section 19. In such case, Frogeye will, at its discretion, provide a pro-rated refund for any prepaid subscription fees covering the period after the effective date of the change.

17 Governing Law

These Terms and any dispute arising out of or relating to these Terms or your use of the Service shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles that would cause the laws of any other jurisdiction to apply. The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms.

Any legal action or proceeding that is not subject to arbitration under Section 18 shall be brought exclusively in the state courts of the State of Delaware or the United States District Court for the District of Delaware, and you consent to the personal jurisdiction of such courts for this purpose.

18 Dispute Resolution

18.1 Informal Resolution — Required First Step

Before initiating any formal dispute resolution process, you agree to first contact Frogeye at legal@frogeye.ai and provide a written description of the dispute, the relief sought, and your contact information. The parties agree to attempt to resolve the dispute informally for a period of 30 days from the date Frogeye receives your notice. If the dispute is not resolved within 30 days, either party may proceed with arbitration as described below.

18.2 Binding Arbitration

Except as provided in Sections 18.4 and 18.5, any dispute, controversy, or claim arising out of or relating to these Terms, the Service, or any breach, termination, or validity thereof ("Dispute"), shall be resolved by binding individual arbitration administered by JAMS (or, if JAMS is unavailable, by the American Arbitration Association ("AAA")) pursuant to its then-current Streamlined Arbitration Rules and Procedures (for Disputes under $250,000) or Comprehensive Arbitration Rules and Procedures (for larger Disputes).

The arbitration shall be conducted in the English language. Unless you and Frogeye agree otherwise, the arbitration will be conducted in Wilmington, Delaware; provided, however, that if you are a consumer (i.e., you use the Service for personal, non-business purposes), the arbitration may be conducted in the county where you reside.

The arbitrator's decision shall be final and binding, and judgment on the award may be entered in any court of competent jurisdiction. The arbitrator may award any individual relief or individual remedies that are permitted by applicable law, but not relief benefiting any person other than you individually.

18.3 Arbitration Fees

Frogeye will pay all JAMS or AAA filing, administration, and arbitrator fees for any Dispute unless the arbitrator determines that your claim is frivolous or brought in bad faith. If the arbitrator determines that your claim is frivolous or in bad faith, the payment of fees shall be governed by the applicable arbitration rules.

18.4 Class Action Waiver

⚖ Class Action Waiver

YOU AND FROGEYE EACH AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS, WHETHER IN ARBITRATION OR IN COURT, WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, COLLECTIVE, OR REPRESENTATIVE ACTION. NEITHER YOU NOR FROGEYE MAY JOIN OR CONSOLIDATE CLAIMS IN ARBITRATION OR LITIGATION WITH THOSE OF ANY THIRD PARTY. IF A COURT OR ARBITRATOR DETERMINES THAT THE CLASS ACTION WAIVER IN THIS SECTION IS UNENFORCEABLE, THEN THE ARBITRATION AGREEMENT IN SECTION 18.2 SHALL BE VOID WITH RESPECT TO SUCH CLAIM, AND SUCH CLAIM SHALL PROCEED IN COURT PURSUANT TO SECTION 17.

18.5 Exceptions — Small Claims and Injunctive Relief

Notwithstanding Section 18.2:

  • (a) Small claims: Either party may bring an individual action in small claims court for Disputes within the small claims court's jurisdiction, so long as the action is brought and maintained as an individual (not class, collective, or representative) action.
  • (b) Injunctive relief: Either party may seek emergency or preliminary injunctive or other equitable relief from a court of competent jurisdiction to protect intellectual property rights or confidential information, pending resolution of a Dispute through arbitration.

18.6 Opt-Out

If you are a new user, you may opt out of the binding arbitration agreement and class action waiver within 30 days of first accepting these Terms by sending an email to legal@frogeye.ai with the subject line "Arbitration Opt-Out" and your full name, email address, and a statement that you wish to opt out of arbitration. Opting out does not affect any other provision of these Terms.

19 Termination

19.1 Termination by Frogeye

Frogeye may suspend or terminate your access to the Service, in whole or in part, at any time and without prior notice, for any of the following reasons:

  • (a) your violation of any provision of these Terms, including the Acceptable Use Policy and Prohibited Uses;
  • (b) non-payment of applicable subscription fees following the retry period in Section 9.4;
  • (c) suspected illegal use of the Service, including unauthorized scanning of third-party systems;
  • (d) conduct that Frogeye reasonably believes poses a risk to the security, integrity, or availability of the Service or to other users;
  • (e) legal or regulatory requirement; or
  • (f) at Frogeye's discretion, if Frogeye decides to discontinue the Service or any portion thereof.

Frogeye will use reasonable efforts to notify you prior to termination except where prohibited by law or where immediate action is required to protect the Service or other users.

19.2 Termination or Downgrade of Tadpole (Free) Tier

Frogeye may terminate, restrict, or modify Tadpole (Free) tier access at any time and without notice, including for operational, commercial, or legal reasons. Frogeye has no obligation to provide Free tier access indefinitely.

19.3 Termination by You

You may terminate your account at any time by accessing your account settings and selecting the account deletion option, or by contacting legal@frogeye.ai. Termination takes effect upon processing of your request, typically within 5 business days.

19.4 Effect of Termination — Data Handling

Upon termination of your account:

  • (a) Scan metadata associated with your account will be deleted or anonymized within 30 days of the termination effective date, subject to Frogeye's legal obligations (e.g., fraud prevention, regulatory compliance).
  • (b) Knowledge graph patterns that were derived from your scans are anonymized and are not linked to your account. These anonymized patterns are not deleted upon account termination, as they cannot be attributed to you and form part of Frogeye's shared vulnerability knowledge base.
  • (c) Your raw source code is not stored by Frogeye and therefore is not subject to deletion upon termination (since it does not exist on Frogeye's systems in permanent form).

19.5 Repeat Infringer Policy

Frogeye maintains a repeat infringer policy in accordance with applicable law. Users who repeatedly submit content — including code snippets, vulnerability patterns, or other materials — that violates the intellectual property rights, trade secret rights, or confidentiality obligations of third parties will have their API keys revoked and their accounts suspended or terminated. Frogeye reserves the right to determine, in its reasonable discretion, what constitutes repeated infringement for purposes of this policy. This policy applies regardless of whether a formal DMCA notice has been received with respect to the infringing submissions.

19.6 Survival

The following Sections will survive the termination of these Terms for any reason: Sections 6 (Intellectual Property Rights), 11 (Disclaimer of Warranties), 12 (Limitation of Liability), 13 (Indemnification), 17 (Governing Law), 18 (Dispute Resolution), 19.4 (Effect of Termination — Data Handling), and 20 (Contact Information).

20 Contact Information

For any questions, concerns, or notices regarding these Terms, please contact us using the appropriate channel below:

General & Legal Inquiries
legal@frogeye.ai
Security & Vulnerability Reports
security@frogeye.ai
Website
frogeye.ai
Mailing Address
Frogeye, Inc.
c/o Registered Agent
Corporation Trust Center
1209 Orange Street
Wilmington, DE 19801

For privacy-related inquiries, including GDPR data subject requests and CCPA rights requests, please contact legal@frogeye.ai with the subject line "Privacy Request."

For security vulnerability reports, please review our Responsible Disclosure policy in Section 15 and our security.txt before contacting security@frogeye.ai.

For arbitration opt-out requests, email legal@frogeye.ai with the subject line "Arbitration Opt-Out" within 30 days of first accepting these Terms. See Section 18.6 for details.