Terms of Service

1. Acceptance of Terms

By accessing, browsing, or using the Services in any manner, you agree to be bound by these Terms, our Privacy Policy, our Acceptable Use Policy, and any additional terms and conditions that may apply to specific sections of the Services or to products and services available through the Services. If you do not agree to all of these Terms, you must not access or use the Services.

We reserve the right to update or modify these Terms at any time without prior notice. Your continued use of the Services following any such changes constitutes your acceptance of the revised Terms. It is your responsibility to review these Terms periodically for updates.

You must be at least 18 years of age, or the age of legal majority in your jurisdiction, to use the Services. By using the Services, you represent and warrant that you meet this eligibility requirement.

2. Description of Services

OpsFox provides application security and operational intelligence products designed for modern engineering and security teams. The Services currently include, but are not limited to, the following products:

2.1 Sentinel

Sentinel is an agentic application security (AppSec) scanner that performs deep semantic analysis of your codebase, container images, and software supply chain. Sentinel utilizes AI-driven reasoning to identify reachable, exploitable vulnerabilities with deterministic evidence, delivering high-signal findings while minimizing false positives. Sentinel capabilities include, but are not limited to:

• Static Application Security Testing (SAST) with semantic code understanding
• Software Composition Analysis (SCA) with reachability verification
• Container image scanning and infrastructure-as-code analysis
• AI-powered triage, severity classification, and remediation guidance
• Integration with CI/CD pipelines, version control systems, and issue trackers

2.2 Farsight

Farsight is an observability platform that provides real-time operational and security monitoring, incident response orchestration, and threat intelligence correlation. Farsight capabilities include, but are not limited to:

• Real-time event ingestion, correlation, and alerting across infrastructure and application layers
• Automated incident response workflows and runbook execution
• Threat intelligence feed aggregation and contextual enrichment
• Compliance reporting and audit trail generation
• Customizable dashboards, SLA tracking, and operational analytics

2.3 General Provisions

OpsFox reserves the right to modify, suspend, or discontinue any aspect of the Services at any time, including the availability of any feature, database, or content. We may also impose limits on certain features and services or restrict your access to parts or all of the Services without notice or liability.

3. Account Registration and Security

3.1 Account Creation

To access certain features of the Services, you must register for an account. You agree to provide accurate, current, and complete information during the registration process and to update such information as necessary to keep it accurate, current, and complete. OpsFox reserves the right to suspend or terminate your account if any information provided proves to be inaccurate, not current, or incomplete.

3.2 Account Security

You are responsible for safeguarding the credentials used to access your account and for all activities that occur under your account. You must immediately notify OpsFox at legal@opsfox.com of any unauthorized use of your account or any other breach of security. OpsFox shall not be liable for any loss or damage arising from your failure to comply with this section.

3.3 Multi-Factor Authentication

OpsFox may require or strongly recommend multi-factor authentication (MFA) for account access. Where MFA is available, you are encouraged to enable it. OpsFox reserves the right to mandate MFA for accounts with elevated privileges, access to sensitive data, or administrative capabilities.

3.4 API Keys and Access Tokens

API keys, access tokens, and other programmatic credentials issued to you are confidential and must be treated with the same level of care as your account password. You are solely responsible for all activity conducted through your API keys. Compromised credentials must be revoked immediately via the platform or by contacting OpsFox support.

4. Acceptable Use Policy

You agree to use the Services only for lawful purposes and in accordance with these Terms. You agree not to use the Services in any way that:

• Violates any applicable federal, state, local, or international law or regulation
• Infringes upon or misappropriates the intellectual property rights of any third party
• Transmits any material that is unlawful, harmful, threatening, abusive, defamatory, or otherwise objectionable
• Attempts to gain unauthorized access to, interfere with, damage, or disrupt any parts of the Services, the servers on which the Services are stored, or any server, computer, or database connected to the Services
• Introduces any viruses, trojan horses, worms, logic bombs, or other material that is malicious or technologically harmful
• Uses the Services to conduct vulnerability scanning, penetration testing, or security assessments against systems you do not own or have explicit written authorization to test
• Engages in any activity that could disable, overburden, or impair the functioning of the Services, including denial of service attacks or excessive automated requests
• Reverse engineers, decompiles, disassembles, or otherwise attempts to derive the source code of the Services, except to the extent expressly permitted by applicable law
• Resells, sublicenses, or redistributes the Services or any output thereof without express written consent from OpsFox
• Uses the Services to store or process data that you do not have the right to collect, process, or transfer

OpsFox reserves the right to investigate and take appropriate legal action against anyone who, in our sole discretion, violates this provision, including without limitation, removing offending content, suspending or terminating the account of such violators, and reporting them to law enforcement authorities.

5. Intellectual Property

5.1 OpsFox Intellectual Property

The Services, including all content, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof), are owned by OpsFox, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws.

5.2 Limited License

Subject to your compliance with these Terms, OpsFox grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Services solely for your internal business purposes during the term of your subscription. This license does not include any right to resell or make commercial use of the Services or any content therein, to collect and use any product listings or descriptions, or to make any derivative use of the Services or their content.

5.3 Customer Data

You retain all right, title, and interest in and to any data, code, content, and other materials you submit to the Services ("Customer Data"). You grant OpsFox a limited, non-exclusive license to access, use, and process Customer Data solely for the purpose of providing, maintaining, and improving the Services. OpsFox shall not use Customer Data for any other purpose, including but not limited to training machine learning models, without your explicit written consent.

5.4 Feedback

If you provide OpsFox with any suggestions, ideas, enhancement requests, feedback, or recommendations regarding the Services ("Feedback"), you hereby assign to OpsFox all right, title, and interest in and to such Feedback, and OpsFox shall be free to use, disclose, reproduce, license, and otherwise exploit such Feedback without restriction or obligation to you.

6. Data Processing and Security

6.1 Data Processing

OpsFox processes Customer Data in accordance with our Privacy Policy and applicable data protection laws. Where OpsFox acts as a data processor on your behalf, processing shall be governed by a Data Processing Agreement ("DPA"), which is incorporated by reference into these Terms where applicable.

6.2 Security Measures

OpsFox implements and maintains administrative, technical, and physical safeguards designed to protect Customer Data against unauthorized access, destruction, loss, alteration, or misuse. These measures include, but are not limited to:

• Encryption of data at rest (AES-256) and in transit (TLS 1.2 or higher)
• Role-based access controls and principle of least privilege enforcement
• Regular security assessments, penetration testing, and vulnerability scanning of our own infrastructure
• Incident response procedures with defined notification timelines
• SOC 2 Type II compliance (or equivalent) for infrastructure and operational controls

6.3 Data Retention and Deletion

OpsFox retains Customer Data for the duration of your subscription and for a reasonable period thereafter to fulfill legal obligations and resolve disputes. Upon termination of your account, you may request deletion of your Customer Data. OpsFox will process such requests within thirty (30) days, subject to any legal retention requirements.

6.4 Breach Notification

In the event of a confirmed data breach affecting Customer Data, OpsFox will notify affected customers without undue delay and in no event later than seventy-two (72) hours after becoming aware of the breach. Notification shall include the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach.

7. Payment Terms and Billing

7.1 Subscription Plans

The Services are offered under subscription plans as described on the OpsFox pricing page or in a separately executed Order Form. Subscription fees are based on the plan selected and the scope of usage, including but not limited to the number of users, repositories, assets monitored, or events processed.

7.2 Payment Obligations

You agree to pay all fees associated with your selected subscription plan. Fees are non-refundable except as expressly stated in these Terms or as required by applicable law. All fees are quoted in United States Dollars (USD) unless otherwise specified in an Order Form.

7.3 Billing Cycle

Subscription fees are billed in advance on a monthly or annual basis, depending on the plan selected. Your subscription will automatically renew at the end of each billing period unless you cancel prior to the renewal date. OpsFox reserves the right to change subscription fees upon thirty (30) days' prior written notice. Fee changes will take effect at the start of your next billing cycle.

7.4 Late Payment

If payment is not received by the due date, OpsFox reserves the right to: (a) charge interest on overdue amounts at the lesser of 1.5% per month or the maximum rate permitted by applicable law; (b) suspend access to the Services until all outstanding amounts are paid in full; and (c) engage collection efforts, including the use of third-party collection agencies, with all associated costs borne by you.

7.5 Taxes

All fees are exclusive of applicable taxes, levies, and duties. You are responsible for payment of all such taxes (excluding taxes based on OpsFox's net income), levies, and duties. If OpsFox is required to collect or pay taxes for which you are responsible, the appropriate amount shall be invoiced to and paid by you.

8. Service Level Agreements

8.1 Uptime Commitment

OpsFox targets a monthly uptime of 99.9% for the Services, measured as the percentage of total minutes in a calendar month during which the Services are available, excluding scheduled maintenance windows and force majeure events. Specific SLA terms, including uptime commitments and service credits, may be defined in your Order Form or Enterprise Agreement.

8.2 Scheduled Maintenance

OpsFox will provide reasonable advance notice (minimum 48 hours) of scheduled maintenance that may affect Service availability. Scheduled maintenance windows will be published on the OpsFox status page. Emergency maintenance required to address critical security vulnerabilities or system stability issues may be performed without advance notice.

8.3 Service Credits

If OpsFox fails to meet the uptime commitment in any given calendar month, eligible customers may request service credits in accordance with the SLA terms specified in their Order Form. Service credits are the sole and exclusive remedy for any failure by OpsFox to meet the uptime commitment. Service credits may not exceed 30% of the monthly fees for the affected month and may not be exchanged for cash or applied to future invoices beyond twelve (12) months from the date of the SLA breach.

8.4 Support

OpsFox provides technical support in accordance with the support plan included in your subscription. Standard support includes access to documentation, community forums, and email support during business hours (9:00 AM to 6:00 PM Pacific Time, Monday through Friday, excluding U.S. federal holidays). Premium and Enterprise support tiers with enhanced response times, dedicated account managers, and 24/7 coverage are available under separate agreement.

9. Limitation of Liability

9.1 Disclaimer of Warranties

THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, OPSFOX DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. OPSFOX DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, COMPLETELY SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.

9.2 No Guarantee of Security

While OpsFox employs commercially reasonable security measures, no security solution can guarantee complete protection against all threats. The Services are designed to assist in identifying and mitigating security vulnerabilities, but they do not guarantee the detection of all vulnerabilities or the prevention of all security incidents. You acknowledge that the use of the Services does not eliminate the need for your own independent security measures and due diligence.

9.3 Limitation of Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL OPSFOX, ITS AFFILIATES, DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM: (A) YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICES; (B) ANY CONDUCT OR CONTENT OF ANY THIRD PARTY ON THE SERVICES; (C) ANY CONTENT OBTAINED FROM THE SERVICES; (D) UNAUTHORIZED ACCESS, USE, OR ALTERATION OF YOUR TRANSMISSIONS OR CONTENT; OR (E) ANY SECURITY BREACH OR VULNERABILITY NOT DETECTED BY THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT WE HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

9.4 Cap on Liability

IN NO EVENT SHALL OPSFOX'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICES EXCEED THE GREATER OF: (A) THE TOTAL AMOUNT PAID BY YOU TO OPSFOX DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED UNITED STATES DOLLARS ($100.00). THE FOREGOING LIMITATION SHALL APPLY REGARDLESS OF THE FORM OF ACTION AND WHETHER THE CLAIM IS IN CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE.

10. Indemnification

10.1 Your Indemnification Obligations

You agree to defend, indemnify, and hold harmless OpsFox, its affiliates, and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to: (a) your violation of these Terms; (b) your use of the Services, including but not limited to any data or content transmitted or received by you; (c) your violation of any third-party rights, including without limitation any intellectual property, privacy, or proprietary right; or (d) any claim that your Customer Data caused damage to a third party.

10.2 OpsFox Indemnification

OpsFox shall defend, indemnify, and hold harmless Customer from and against any third-party claim that the Services, as provided by OpsFox, infringe or misappropriate any valid United States patent, copyright, or trade secret of such third party, provided that Customer: (a) promptly notifies OpsFox in writing of such claim; (b) grants OpsFox sole control of the defense and settlement of such claim; and (c) provides OpsFox with all reasonable assistance at OpsFox's expense.

11. Term and Termination

11.1 Term

These Terms are effective as of the date you first access or use the Services and continue until terminated by either party in accordance with this section. The subscription term shall be as specified in your Order Form or, in the absence of an Order Form, shall be month-to-month.

11.2 Termination by You

You may terminate your account at any time by contacting OpsFox support or through the account settings in the platform. Termination of your account does not relieve you of any obligation to pay fees incurred prior to termination. Prepaid subscription fees for the remainder of the current billing period are non-refundable unless otherwise specified in your Order Form.

11.3 Termination by OpsFox

OpsFox may terminate or suspend your access to the Services immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach these Terms. In the event of termination for cause, no refund of prepaid fees shall be provided. In the event of termination without cause, OpsFox shall provide a pro-rata refund of any prepaid fees for the unused portion of the subscription term.

11.4 Effect of Termination

Upon termination: (a) your right to access and use the Services will immediately cease; (b) you must cease all use of the Services; (c) OpsFox will retain Customer Data for thirty (30) days following termination, during which you may request an export; and (d) after the thirty (30) day period, OpsFox may delete your Customer Data in accordance with our data retention policies. Sections that by their nature should survive termination shall survive, including but not limited to Sections 5, 6, 9, 10, and 13.

12. Modifications to Terms

OpsFox reserves the right to modify these Terms at any time. We will provide notice of material changes by posting the updated Terms on our website and updating the "Effective Date" at the top of this page. For material changes that adversely affect your rights, we will make reasonable efforts to provide additional notice, such as via email to the address associated with your account or through a prominent notification within the Services.

Your continued use of the Services following the posting of revised Terms constitutes your acceptance of such changes. If you do not agree to the revised Terms, you must discontinue your use of the Services before the changes take effect. Material changes to these Terms will not be applied retroactively and will become effective no earlier than thirty (30) days after posting, unless the changes are required by law or relate to new features or functionality.

13. Governing Law and Dispute Resolution

13.1 Governing Law

These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions.

13.2 Dispute Resolution

Any dispute arising under or in connection with these Terms shall first be subject to good-faith negotiation between the parties for a period of thirty (30) days. If the dispute cannot be resolved through negotiation, either party may initiate binding arbitration administered by the American Arbitration Association ("AAA") in accordance with its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator in Wilmington, Delaware. The arbitrator's decision shall be final, binding, and enforceable in any court of competent jurisdiction.

13.3 Class Action Waiver

YOU AND OPSFOX AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Unless both you and OpsFox agree otherwise, the arbitrator may not consolidate or join more than one person's or party's claims and may not otherwise preside over any form of a consolidated, representative, or class proceeding.

13.4 Injunctive Relief

Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of a party's copyrights, trademarks, trade secrets, patents, or other intellectual property rights.

14. Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving the original intent. If modification is not possible, the provision shall be severed from these Terms, and the remaining provisions shall continue in full force and effect.

The failure of OpsFox to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. No waiver of any term of these Terms shall be deemed a further or continuing waiver of such term or any other term, and OpsFox's failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision.

These Terms, together with the Privacy Policy and any applicable Order Forms or Enterprise Agreements, constitute the entire agreement between you and OpsFox regarding the Services and supersede all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, regarding the Services.

15. Contact Information

If you have any questions about these Terms of Service, please contact us at:

For general inquiries, you may also reach us at hello@opsfox.com. For security-related concerns, including the reporting of potential vulnerabilities in the Services, please contact security@opsfox.com.

Last updated: March 22, 2026