Terms of Service

Last Updated: April 4, 2026

Please read these Terms of Service ("Terms") carefully before using the Sekrd platform. By accessing or using our Service, you agree to be bound by these Terms. If you do not agree, you must not use the Service.

1. Definitions

"Platform" refers to the Sekrd website located at sekrd.com, including all associated subdomains, APIs, and client applications.

"Service" refers to the security scanning, vulnerability analysis, reporting, fix prompt generation, monitoring, and badge features provided through the Platform.

"User" (also "you" or "your") refers to any individual or entity that accesses or uses the Platform.

"Account" refers to the registered profile created by a User to access the Service, authenticated via a supported OAuth provider.

"Sekrd" (also "we," "us," or "our") refers to WIT.KZ LLP (ТОО "WIT.KZ"), a limited liability partnership registered in the Republic of Kazakhstan, operating the Sekrd platform and brand.

"Scan" refers to a single security audit operation performed by the Service against a target URL or application.

"Scan Data" refers to the URLs submitted, scan results, findings, trust scores, and reports generated through the Service.

2. Service Description

Sekrd is a software-as-a-service (SaaS) platform that performs automated security audits of web applications. The Service includes, but is not limited to:

• Security Scanning: Automated analysis of web applications for vulnerabilities including exposed secrets, broken authentication, misconfigured Supabase Row Level Security, insecure Firebase rules, payment integration issues, and other common security weaknesses.
• Reports: Detailed findings with severity classifications (critical, high, medium, low, info) and trust scores.
• Fix Prompts: AI-generated remediation guidance for identified vulnerabilities.
• Monitoring: Ongoing surveillance of previously scanned applications for new or recurring vulnerabilities (available on applicable plans).
• Badges: Embeddable trust badges indicating the security posture of scanned applications.

3. Account Registration

To use the Service, you must create an Account by authenticating through one of our supported OAuth providers: Google, GitHub, or GitLab. By registering, you represent and warrant that:

• You are at least 18 years of age, or you have obtained verifiable parental or guardian consent to use the Service.
• The information associated with your OAuth account is accurate and current.
• You will maintain the security of your authentication credentials and not share access to your Account.
• You accept full responsibility for all activities that occur under your Account.

We reserve the right to suspend or terminate any Account that we reasonably believe violates these Terms or is being used fraudulently.

4. Acceptable Use

You agree to use the Service only for lawful purposes and in accordance with these Terms. Specifically, you must not:

• Scan unauthorized targets: You may only scan web applications that you own or for which you have explicit, documented authorization from the owner. Unauthorized scanning of third-party applications is strictly prohibited and may constitute a violation of applicable computer fraud and abuse laws.
• Attack or exploit: Use scan results, fix prompts, or any information obtained through the Service to attack, exploit, or compromise any system, whether or not it was the subject of a scan.
• Reverse engineer: Decompile, disassemble, reverse engineer, or otherwise attempt to derive the source code, algorithms, or underlying architecture of the Platform.
• Automated abuse: Use bots, scrapers, or automated tools to access the Platform in a manner that exceeds reasonable use, circumvents rate limits, or places undue load on our infrastructure.
• Resale without authorization: Resell, sublicense, or redistribute access to the Service or its outputs without our prior written consent.
• Interfere with the Service: Attempt to disrupt, degrade, or interfere with the operation of the Platform or the experience of other Users.

Authorization & Compliance with Law: You represent and warrant that you hold explicit legal authority to perform security scans on the submitted URLs, APIs, and databases. You agree to comply with all applicable local, state, national, and international laws, including but not limited to the U.S. Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act 1990, and the Council of Europe Convention on Cybercrime. Sekrd serves solely as an authorized diagnostic tool initiated by you.

Offensive Use Prohibition: The Service is strictly a defensive posture tool. You are explicitly prohibited from using Sekrd's findings, reports, or fix prompts to exploit, weaponize, or conduct unauthorized penetration testing against unowned targets. Any such action constitutes a material breach and will result in immediate termination of your Account and potential reporting to relevant authorities.

Violation of this Acceptable Use policy may result in immediate Account termination and, where appropriate, referral to law enforcement authorities.

5. Plans and Billing

Sekrd offers the following plans:

• Free: URL scans at no cost, subject to a per-user monthly quota and a per-IP daily quota published on the pricing page. Anonymous scans show the top 3 findings as a teaser; signing in unlocks the full findings list. Free scans run external checks only — deep Supabase / Firebase / MCP auditing and the compliance review are on the Pre-Launch and Continuous Pro plans.
• Pre-Launch Audit: A one-time payment of $39 USD for the full deep scan, compliance review, generated privacy policy and terms of service templates, App Store and Google Play submission checklists, signed PDF report, and 7 days of unlimited re-scans on the audited URL.
• Continuous Pro: A recurring subscription at $29 USD per month (or $24 USD per month billed annually), providing unlimited deep scans, continuous monitoring, drift alerts, priority processing, and all premium features.
• Existing customers: Customers who purchased the previous Scan ($9 one-time) or Compliance Audit ($29 one-time) plans before May 2026 retain access to their purchased deliverables for the duration of the coverage period stated at purchase. New sales of those plans have ended.

All payments are processed by Paddle.com, which acts as our Merchant of Record. Paddle handles all payment processing, sales tax collection, VAT, invoicing, and currency conversion on our behalf. By making a purchase, you also agree to Paddle's terms of service and privacy policy.

Prices are stated in USD and may be subject to applicable taxes as determined by Paddle based on your location. Subscription plans renew automatically at the end of each billing cycle unless cancelled before the renewal date. You may cancel your subscription at any time through your Account dashboard or by contacting support@sekrd.com.

6. Refund Policy

We offer refunds under the following conditions:

• 14-day refund window: You may request a full refund within 14 days of purchase, provided that no scan credits have been consumed and no deep scans have been initiated or completed.
• No refund for completed scans: Once a scan has been initiated or completed, the associated credit or payment is non-refundable, as the computational resources and analysis have already been consumed.
• Pro subscription: For the Pro plan, you may request a refund within 14 days of your initial subscription or any renewal, provided no scans were performed during that billing period.

All refunds are processed by Paddle as our Merchant of Record. To request a refund, contact support@sekrd.com with your order reference. Refunds are typically processed within 5 to 10 business days, depending on your payment method and financial institution.

7. Intellectual Property

Platform ownership: Sekrd and its licensors retain all right, title, and interest in and to the Platform, including all software, algorithms, user interface designs, documentation, trademarks, and other intellectual property. Nothing in these Terms grants you any right to use our trademarks, logos, or branding without our prior written consent.

Your Scan Data: You retain ownership of the URLs you submit and the scan results generated from your applications. We do not claim ownership of your Scan Data. However, you grant us a limited, non-exclusive license to process, store, and display your Scan Data as necessary to provide the Service.

Aggregated data: We may use anonymized, aggregated data derived from the Service (which cannot identify you or your applications) for research, analytics, and service improvement purposes.

8. Limitation of Liability

To the maximum extent permitted by applicable law:

• The Service is advisory in nature. Scan results, findings, trust scores, and fix prompts are provided as guidance and do not constitute a guarantee of security. You are solely responsible for evaluating findings and implementing appropriate remediation measures.
• Sekrd shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or goodwill, arising out of or in connection with your use of the Service.
• Our total aggregate liability for any claims arising under these Terms shall not exceed the amount you paid to Sekrd in the twelve (12) months preceding the claim, or $100 USD, whichever is greater.
• Sekrd is not responsible for any damages, losses, or legal consequences resulting from vulnerabilities not detected by the Service, nor for any actions taken or not taken based on scan results.
• Infrastructure Costs & Data Loss: Sekrd employs automated scanning techniques that generate web traffic. You acknowledge that utilizing the Service may result in standard bandwidth and compute consumption on your target infrastructure. Sekrd is not liable for any infrastructure, hosting, or third-party service provider costs (e.g., AWS, Vercel, Supabase, Firebase bills) incurred during or as a result of a scan. Furthermore, we are not liable for any data loss, corruption of databases, or service downtime on your target applications, whether occurring concurrently with a scan or otherwise.

9. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY. TO THE FULLEST EXTENT PERMITTED BY LAW, SEKRD DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

• IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
• ANY WARRANTY THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
• ANY WARRANTY THAT THE SERVICE WILL DETECT ALL VULNERABILITIES, SECURITY ISSUES, OR THREATS IN YOUR APPLICATIONS.
• ANY WARRANTY REGARDING THE ACCURACY, RELIABILITY, OR COMPLETENESS OF SCAN RESULTS, TRUST SCORES, OR FIX PROMPTS.

No security scanning tool can guarantee the discovery of all vulnerabilities. The Service is designed to identify common and known vulnerability patterns and should be used as one component of a comprehensive security program.

10. Indemnification

You agree to defend, indemnify, and hold harmless Sekrd, its officers, employees, and affiliates from any claims, damages, liabilities, costs, and expenses (including reasonable attorney's fees) arising out of or related to your use of the Service, your violation of these Terms, or your unauthorized scanning of any third-party infrastructure.

11. Export Compliance & Sanctions

The Service is subject to US and international export control laws. You represent and warrant that you are not located in, under the control of, or a national or resident of any country or territory subject to comprehensive US sanctions (including, but not limited to, Cuba, Iran, North Korea, Syria, and the Crimea/DPR/LNR regions), nor are you on any US Government list of prohibited or restricted parties (such as the OFAC Specially Designated Nationals List).

12. Termination

By you: You may terminate your Account at any time by deleting it through your dashboard settings or by contacting support@sekrd.com. Upon termination, your active subscription (if any) will be cancelled, and your Scan Data will be scheduled for deletion in accordance with our data retention policy.

By us: We reserve the right to suspend or terminate your Account, with or without notice, if we reasonably believe that you have violated these Terms, engaged in fraudulent activity, or used the Service in a manner that could harm Sekrd, other Users, or third parties. In cases of severe or repeated violations, termination may be immediate and without refund.

Effect of termination: Upon termination, your right to access the Service ceases immediately. Sections 7, 8, 9, 10, 11, and 13 of these Terms shall survive termination.

13. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States of America, without regard to its conflict of law provisions.

Any disputes arising out of or relating to these Terms or the Service shall first be resolved through good-faith negotiation between the parties. If a resolution cannot be reached within thirty (30) days, either party may pursue binding arbitration or litigation in the courts of Delaware, USA.

Nothing in this section shall prevent either party from seeking injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property rights or to prevent irreparable harm.

For Users located in the European Union, nothing in these Terms limits your rights under mandatory consumer protection laws of your country of residence. EU Users may also bring claims in the courts of their country of residence.

14. Compliance Audit — Not Legal Advice

Where the Service produces compliance findings, generated privacy policy or terms of service templates, jurisdiction-specific citations, or any related artifact (collectively, "Compliance Output"), the following terms apply in addition to the rest of these Terms:

• 14.1 No Legal Advice. Compliance Output is generated by an automated scanner and large language model. It does not constitute legal advice, audit opinion, or compliance certification. No attorney-client relationship is created by your use of the Service.
• 14.2 No Warranty. Compliance Output is provided AS-IS, without warranty of merchantability, fitness for a particular purpose, accuracy, or completeness. Sekrd does not warrant that use of Compliance Output will result in regulatory compliance with the GDPR, UK GDPR, CCPA, CPRA, LGPD, App Store policies, Google Play policies, or any other regulation, framework, or store policy.
• 14.3 Limitation of Liability. Notwithstanding any other provision of these Terms, Sekrd's total liability arising out of or related to Compliance Output shall not exceed the fee paid by you for the specific compliance audit in the 12 months preceding the claim. Sekrd is not liable for indirect, consequential, or regulatory damages including fines, penalties, enforcement actions, or third-party claims.
• 14.4 Indemnification. You shall indemnify and hold Sekrd harmless from any third-party claim, demand, fine, or proceeding arising from your use of, reliance on, or publication of Compliance Output, including without limitation generated privacy policy or terms of service drafts.
• 14.5 Counsel Review Required. You agree that Compliance Output is intended as a starting draft and detection signal only, and you will obtain qualified legal counsel review before relying on Compliance Output for compliance decisions, regulatory submissions, or publication on a live application.
• 14.6 Detection Score. Where the Service displays a numeric "Detection Score" for compliance findings, that score reflects the coverage of automated checks performed by Sekrd. It is not a compliance rating, certification, or predictor of regulatory outcome.
• 14.7 B2B Use. The compliance audit Service is offered to developers and businesses for use within their professional or commercial activities. The compliance audit is not intended for use by consumers acting outside of any trade, business, craft, or profession.
• 14.8 Jurisdictional Limitations. Sekrd's automated detection covers a defined and explicitly listed set of jurisdictions. The absence of a finding under one jurisdiction does not imply compliance under another, and the presence of a finding under one jurisdiction does not necessarily imply applicability to your specific operation.

15. Changes to Terms

We may update these Terms from time to time to reflect changes in our Service, legal requirements, or business practices. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Provide notice via email to the address associated with your Account or through a prominent notification on the Platform.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Terms. If you do not agree with the updated Terms, you must discontinue use of the Service and terminate your Account.

16. Contact Information

If you have any questions, concerns, or requests regarding these Terms of Service, please contact us:

• General support: support@sekrd.com
• Legal inquiries: legal@sekrd.com
• Privacy matters: privacy@sekrd.com
• Legal entity: WIT.KZ LLP (ТОО "WIT.KZ")
• Legal address: Kazakhstan, Astana, Nura District, Korgalzhyn Highway, Building 13B, Office 402, Postal Code 010000

By using Sekrd, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.