Legal
Terms of Service
These Terms of Service govern your use of Preston-Check (the “Service”), comprising the open-source command-line scanner published at github.com/preston-check/preston-check and the hosted SaaS components at preston-check.com (including the customer portal at app.preston-check.com and any paid features such as audit-package generation, multi-repository dashboards, and license issuance). By installing the scanner, creating an account, or making payment, you (the “Customer”) agree to these Terms.
1. The two layers
The scanner itself is open source under Apache License 2.0; that license, not these Terms, governs your use of the source code, binaries, and any local execution. These Terms apply to the SaaS layer that consumes scanner output: hosted dashboards, audit-package PDF generation, the license-issuance Worker, and the customer/admin portals. Free-tier scanning runs entirely on your machine and requires no agreement with us beyond the Apache 2.0 license.
2. Accounts
You access the SaaS layer using a magic-link sign-in code delivered by email. You are responsible for keeping the email account associated with your subscription secure; anyone who can read sign-in codes from that inbox can sign in. We do not offer multi-factor authentication on the magic-link flow at present. Sessions last 30 days unless you explicitly sign out.
3. Subscriptions and payment
Paid plans are billed via Stripe and renew automatically unless cancelled. Pricing is shown at preston-check.com/#pricing and may change with at least 30 days’ notice for existing subscribers. You can cancel at any time through the Stripe Customer Portal, which we link to from the customer portal’s Billing tab; cancellation takes effect at the end of the current billing period. Refund eligibility is described in our Refund Policy.
4. License grant and restrictions
For the duration of your paid subscription, we grant you a non-exclusive, non-transferable license to use the SaaS layer for the number of repositories permitted by your plan. The Ed25519-signed license file we issue is bound to the subscription and may not be redistributed. You may not reverse-engineer, decompile, or otherwise attempt to extract source code from the SaaS components; you may not benchmark the Service for the purpose of publishing comparative claims without prior written consent.
5. Acceptable use
You agree not to use the Service to scan code you do not own or are not authorised to scan, to attempt to disrupt the Service for other users, to circumvent rate limits or license enforcement, or for any unlawful purpose. We may suspend access for violations after a single warning, except where the violation is severe or recurring, in which case suspension may be immediate.
6. Open-source contributions
If you submit a pull request, issue, or other contribution to the open-source repository, you do so under the project’s contribution licence (Apache 2.0 unless an explicit Developer Certificate of Origin sign-off says otherwise). Contributions to the SaaS components, where invited, are governed by a separate Contributor License Agreement linked from the relevant repository.
7. Telemetry and privacy
The scanner runs locally and does not transmit your code or findings to us. Optional telemetry (opt-in only via --telemetry) sends anonymised counters: language detected, framework count, scan duration, scanner version. The SaaS layer collects what is necessary to deliver service, as described in our Privacy Policy.
8. Warranty disclaimer
The Service is provided “as is” and “as available.” While we work hard to surface meaningful security findings, the Service is not a substitute for human security review or formal penetration testing. We do not warrant that the Service will identify every vulnerability in your code, that it will be uninterrupted, or that it will be free of bugs. To the maximum extent permitted by applicable law, all implied warranties (including merchantability, fitness for a particular purpose, and non-infringement) are disclaimed.
9. Limitation of liability
To the maximum extent permitted by applicable law, our aggregate liability under these Terms (whether in contract, tort, or otherwise) is limited to the amount you paid us in the 12 months preceding the event giving rise to the claim. We are not liable for indirect, incidental, special, consequential, or punitive damages, including lost profits, lost data, or business interruption. Some jurisdictions do not allow these limitations; in those jurisdictions our liability is limited to the maximum extent permitted.
10. Termination
You may terminate your subscription at any time through the Customer Portal. We may terminate or suspend access for material breach of these Terms, non-payment after a 14-day grace period, or for any reason on 30 days’ notice (in which case we will refund any prepaid amounts for service not yet delivered). On termination, your account is retained for 90 days for re-activation, then deleted on request or at our discretion.
11. Governing law and disputes
These Terms are governed by the laws applicable at the Customer’s principal place of business, except where mandatory consumer-protection law in the Customer’s jurisdiction provides otherwise. The parties agree to attempt good-faith resolution of any dispute by direct correspondence to legal@preston-check.com for at least 30 days before initiating formal proceedings.
12. Changes
We may update these Terms; material changes are notified by email to the address on your subscription at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
13. Contact
Questions about these Terms: legal@preston-check.com. Security disclosure: security@preston-check.com. Billing or account questions: support@preston-check.com.