Terms of Service

1. Acceptance of Terms

By accessing or using ShipSafe (ship-safe.co), operated by Tomer Goldstein d/b/a ShipSafe, Reut 12B, Hod HaSharon 4529614, Israel, including our web application, CLI tool, and API, you agree to be bound by these Terms of Service. If you do not agree to all of these terms, you may not access or use the service.

These terms apply to all visitors, users, and others who access or use the service, whether on a free or paid plan.

2. Description of Service

ShipSafe is a SaaS security scanner designed for applications built with AI-assisted coding tools such as Cursor, Lovable, Bolt, and v0. The service allows you to:

• Submit a GitHub repository URL for automated security analysis
• Receive plain-English security reports identifying vulnerabilities, misconfigurations, and risks
• Run scans via the web dashboard or the ShipSafe CLI tool
• Track scan history and compare results over time

ShipSafe performs automated code analysis and provides recommendations. It is not a substitute for professional security audits or penetration testing.

3. Account Terms

• Authentication is managed through Clerk. You may sign in using your email, GitHub account, or other supported providers.
• Each account is intended for use by a single individual. Sharing account credentials is not permitted.
• You are responsible for maintaining the security of your account and any activity that occurs under it.
• You must provide accurate and complete information when creating your account.
• You must be at least 16 years old to use ShipSafe. By creating an account, you confirm that you are at least 16 years of age.
• ShipSafe reserves the right to suspend or terminate accounts that violate these terms.

4. Acceptable Use

You agree not to:

• Use ShipSafe to scan repositories you do not own or have explicit authorization to scan
• Attempt to reverse-engineer, decompile, or disassemble any part of the ShipSafe platform, scanning engine, or CLI tool
• Abuse the service by submitting an excessive number of scans designed to overload or disrupt our infrastructure
• Use scan results to exploit vulnerabilities in third-party applications
• Circumvent or attempt to circumvent scan limits, rate limits, or other usage restrictions
• Resell, redistribute, or sublicense access to ShipSafe or its scan reports without written permission
• Use automated scripts or bots to interact with the service outside of the official CLI tool and API

5. GitHub Integration

ShipSafe integrates with GitHub to read repository source code for security analysis. By using this feature:

• You grant ShipSafe read-only access to the repositories you explicitly submit for scanning
• ShipSafe only accesses repository content that you specifically request to be scanned — we do not browse, index, or access any other repositories in your account
• Repository code is processed for the purpose of generating security reports and is not stored permanently after scan completion
• You represent that you have the necessary rights and permissions to submit each repository for scanning
• You may revoke GitHub access at any time through your GitHub account settings

6. Subscription & Billing

ShipSafe offers both free and paid plans:

• Free plan: Includes up to 1 AI-powered scan per month at no cost. Rule-based scans are unlimited. Free plan usage is subject to change with reasonable notice.
• Pro Audit ($9 one-time): A one-time purchase that includes 3 AI-powered security scans.
• Launch-Ready Badge ($19/month or $190/year): Verified security badge for your project with ongoing monitoring.
• Monitoring ($15/month or $150/year): Continuous security monitoring and alerts for your repositories.
• CLI Solo ($12/month or $120/year): Expanded scan limits and CLI access for individual developers.
• CLI Builder ($29/month or $290/year): Advanced CLI features, priority support, and increased limits for active builders.
• CLI Agency ($59/month or $590/year): Full CLI access with team features, shared dashboards, and agency-level scan capacity.

Overage Scans: When you exhaust your plan's included AI scans, you may purchase additional scans individually at $1.99 per scan. Overage purchases are one-time charges processed through Polar and are non-refundable.

All payments are processed securely through Polar. ShipSafe does not store your payment card details directly. Purchase confirmations are provided by our payment processor, Polar.

Paid subscriptions renew automatically at the end of each billing period. You may cancel your subscription at any time through your account settings. Cancellations take effect at the end of the current billing cycle — you will retain access to paid features until then.

Refund policy: New subscriptions are eligible for a full refund within 14 days of purchase, in accordance with the EU Consumer Rights Directive. After the 14-day period, no refunds are issued for partial billing periods. Overage charges ($1.99/scan) are non-refundable once incurred.

EU users: You have the right to withdraw from your subscription within 14 days of purchase without giving any reason. By using the service during this withdrawal period, you acknowledge that you have requested the service begin immediately and that you understand your right of withdrawal.

Israeli users: Under the Israeli Consumer Protection Law (Section 14C(4)(a)), you have the right to cancel a remote transaction for a digital service within 14 days of purchase, provided the service has not been fully performed. A cancellation fee of up to 5% of the transaction price or 100 NIS (whichever is lower) may apply. To exercise this right, contact support@ship-safe.co.

For billing inquiries, contact support@ship-safe.co.

7. Intellectual Property

• ShipSafe platform: The ShipSafe service, including its scanning engine, web application, CLI tool, documentation, and branding, is the intellectual property of ShipSafe. All rights are reserved.
• Your code: You retain full ownership of all source code you submit for scanning. ShipSafe claims no ownership rights over your code.
• Scan reports: ShipSafe retains ownership of all scan reports, including their format, structure, and analysis methodology. We grant you a perpetual, non-exclusive, royalty-free license to use, copy, and share scan reports generated during your subscription for your internal business purposes, including compliance documentation and sharing with auditors or clients. You may not resell scan reports as a standalone product. This license survives termination of your account for reports generated during your active subscription.

8. AI Analysis Disclaimer

ShipSafe uses AI-powered scanning to analyze source code for potential security vulnerabilities. While we strive for accuracy, AI analysis has inherent limitations that you should be aware of:

• AI-generated results may contain false positives — flagging code as vulnerable when it is not.
• AI-generated results may contain false negatives — failing to detect actual vulnerabilities present in your code.
• AI models may produce inaccurate or fabricated findings (commonly referred to as "hallucinations").

Scan results are informational only and should not be solely relied upon for security assurance, compliance certification, or as a substitute for professional security audits and penetration testing.

You are responsible for independently verifying scan findings and making your own security decisions. ShipSafe does not guarantee that your application is free of vulnerabilities based on scan results.

9. Disclaimer of Warranties

ShipSafe is provided on an “as is” and “as available” basis without warranties of any kind, either express or implied.

Security scans are performed on a best-effort basis using automated analysis. ShipSafe does not guarantee that all vulnerabilities will be detected, nor that your application is secure after receiving a clean scan report.

ShipSafe does not warrant that the service will be uninterrupted, error-free, or free of harmful components. You use the service at your own risk.

10. Limitation of Liability

To the maximum extent permitted by applicable law, ShipSafe and its officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or goodwill, arising out of or in connection with your use of the service.

In no event shall ShipSafe's total liability to you exceed the amount you have paid to ShipSafe in the twelve (12) months preceding the event giving rise to the claim, or one hundred dollars ($100), whichever is greater.

11. Termination

Either party may terminate this agreement at any time. You may stop using the service and delete your account through your account settings or by contacting support.

ShipSafe reserves the right to suspend or terminate your account if you violate these terms, engage in abusive behavior, or for any other reason at our sole discretion with reasonable notice.

Upon termination, you may request deletion of your data by contacting support@ship-safe.co. We will process data deletion requests within 30 days.

12. Indemnification

You agree to indemnify, defend, and hold harmless ShipSafe and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising out of or in connection with:

1. Your violation of these Terms of Service
2. Your unauthorized scanning of repositories you do not own or have permission to scan
3. Your misuse of scan results, including using findings to exploit vulnerabilities in third-party systems
4. Your code, applications, or content
5. Your violation of any applicable law or third-party rights

13. Dispute Resolution

Informal resolution first: Before filing any formal claim or proceeding, you agree to contact us at support@ship-safe.co and attempt to resolve the dispute informally for at least 30 days.

Binding arbitration: Any unresolved disputes shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. Arbitration will be conducted in English, in Wilmington, Delaware or remotely at the election of the claimant.

Class action waiver: You agree to resolve disputes with ShipSafe only on an individual basis and waive any right to participate in a class action, class arbitration, or representative action.

Small claims exception: Either party may bring qualifying claims in small claims court in lieu of arbitration.

EU users exception: If you are a consumer in the European Union, this arbitration clause does not apply to you. You may bring claims in the courts of your country of residence in accordance with applicable consumer protection laws.

Israeli users exception: If you are a consumer in Israel, the mandatory consumer-protection provisions of Israeli law (including the Consumer Protection Law, 5741-1981 and the Protection of Privacy Law, 5741-1981) apply to you. You may bring claims in the competent courts in Israel, and nothing in this arbitration clause limits your statutory rights under Israeli law.

14. Governing Law

These terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any disputes arising under these terms shall be subject to the exclusive jurisdiction of the courts located in the State of Delaware.

For users who are consumers residing in Israel, the mandatory provisions of Israeli law, including the Consumer Protection Law, 5741-1981 and the Protection of Privacy Law, 5741-1981, shall apply to the extent they cannot be derogated from by agreement. ShipSafe is operated by Tomer Goldstein, registered as an Osek Patur (exempt dealer) with the Israel Tax Authority.

15. Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under these terms where such failure or delay results from events beyond the reasonable control of the affected party, including but not limited to: natural disasters, acts of war or terrorism, pandemics, epidemics, government actions or orders, labor disputes, internet or infrastructure failures, cyberattacks, third-party service outages, or power failures. The affected party shall use commercially reasonable efforts to mitigate the impact of such events and resume performance as soon as practicable.

16. Severability

If any provision of these Terms of Service is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, or if modification is not possible, shall be severed from these terms. The remaining provisions shall continue in full force and effect.

17. Changes to Terms

ShipSafe reserves the right to modify these terms at any time. For material changes, we will provide at least 30 days' notice via email or a prominent notice on the service before the changes take effect.

Your continued use of the service after the effective date of any changes constitutes your acceptance of the updated terms. If you do not agree to the revised terms, you must stop using the service.

18. DMCA / Copyright Policy

Last updated: March 2026

Overview

ShipSafe respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act of 1998 ("DMCA"), we will respond expeditiously to claims of copyright infringement committed using the ShipSafe service.

Submitting a DMCA Takedown Notice

If you believe that your copyrighted work has been copied or made available through ShipSafe in a way that constitutes copyright infringement, please submit a written notice to our designated agent (see below) containing the following information:

1. Identification of the copyrighted work — a description of the copyrighted work that you claim has been infringed.
2. Identification of the infringing material — the URL(s) or other specific identification of the material that you claim is infringing, with enough detail for us to locate it.
3. Your contact information — your name, mailing address, telephone number, and email address.
4. Good faith statement — a statement that you have a good faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
5. Accuracy statement — a statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
6. Signature — a physical or electronic signature of the copyright owner or a person authorized to act on their behalf.

Counter-Notification Process

If you believe that your content was removed or disabled as a result of a mistake or misidentification, you may submit a counter-notification to our designated agent containing:

1. Your physical or electronic signature.
2. Identification of the material that has been removed or disabled, and the location at which the material appeared before it was removed or disabled.
3. A statement under penalty of perjury that you have a good faith belief that the material was removed or disabled as a result of mistake or misidentification.
4. Your name, address, and telephone number, and a statement that you consent to the jurisdiction of the federal court in your district (or, if outside the United States, any judicial district in which ShipSafe may be found), and that you will accept service of process from the person who provided the original takedown notification or an agent of such person.

Upon receipt of a valid counter-notification, we will forward it to the complaining party and restore the removed material within 10–14 business days, unless the complaining party notifies us that they have filed a court action seeking to restrain you from engaging in infringing activity.

Repeat Infringers

In accordance with the DMCA and other applicable law, ShipSafe has adopted a policy of terminating, in appropriate circumstances, the accounts of users who are deemed to be repeat infringers. ShipSafe may also, in its sole discretion, limit access to the service or terminate the accounts of any users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

Designated Agent

DMCA notices and counter-notifications should be sent to our designated agent:

19. Contact

ShipSafe is operated by Tomer Goldstein, a sole proprietor doing business as ShipSafe.