Terms of Service

1. Service description

CodeRecon provides automated supply chain risk analysis for open source packages via a REST API and MCP server. We analyze publicly available package data from registries (RubyGems, npm, PyPI) and assign gradient risk scores across multiple dimensions. Analysis results are global and shared — a package version is analyzed once and results are served to all consumers.

2. Account terms

• You must provide a valid email address to create an account.
• You are responsible for maintaining the security of your account and API keys. CodeRecon will not be liable for any loss or damage from your failure to secure your credentials.
• You may not use the service for any illegal purpose or to violate any laws in your jurisdiction.
• One person or legal entity may maintain no more than one free account.

3. API usage and rate limits

API access is governed by the plan associated with your organization. We reserve the right to throttle or suspend access if usage patterns suggest abuse, automated scraping beyond normal CI integration use, or activity that degrades service for other users.

4. Payment and billing

Paid plans include a monthly base fee and a set number of included package checks. The billable unit is a package check — each package version with a completed analysis returned in a query counts as one check. Each organization-package-version pair is billed at most once per billing period, regardless of how many times it is queried. Packages that are unknown or still pending analysis are not billed. Overage beyond included checks is billed at a per-check rate determined by your plan tier. Payments are processed through Stripe.

5. Public package data

CodeRecon analyzes packages published to public registries. We do not claim ownership of any package data. Analysis results (scores, signals, metadata) generated by CodeRecon are our proprietary data and may not be bulk-exported, resold, or redistributed without written permission.

6. Disclaimer of warranties

The service is provided "as is" and "as available" without warranty of any kind, express or implied. CodeRecon does not guarantee that risk scores will identify all vulnerabilities, malware, or supply chain threats. Analysis results are informational and should not be the sole basis for security decisions.

7. Limitation of liability

To the maximum extent permitted by law, CodeRecon shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses resulting from your use of the service.

8. Changes to these terms

We reserve the right to modify these terms at any time. We will notify users of material changes via email or a prominent notice on the service. Continued use after changes take effect constitutes acceptance of the revised terms.

9. Contact

Questions about these terms? Contact us at support@coderecon.com.