Terms of Service

Last updated: 3/1/2026

RepoRisk is a product of Infosec Chicago (“Infosec Chicago,” “we,” “our,” or “us”). These Terms of Service (“Terms”) govern your access to and use of RepoRisk (the “Service”). By using the Service, you agree to these Terms.

1. The Service

RepoRisk provides automated, AI-assisted analysis of open-source repositories and browser extension code to generate structured reports, risk scores, severity groupings, and related indicators intended to support software adoption and implementation decisions.

2. Automated analysis limitations

3. Not for safety-critical systems

The Service is not designed, intended, or certified for use in safety-critical, life-critical, or mission-critical environments, including medical systems, aviation systems, autonomous vehicles, nuclear facilities, industrial control systems, or emergency response infrastructure.

You agree not to rely on the Service as the sole basis for decisions affecting human safety or critical infrastructure.

4. No professional services relationship

Use of the Service does not create a professional services relationship, security audit engagement, legal advisory relationship, or consulting engagement between you and Infosec Chicago.

5. Not a licensed audit or certification authority

RepoRisk does not issue certifications, compliance attestations, penetration test reports, or legally binding security assessments. Reports are internal decision-support tools only.

6. Your responsibilities

• You are responsible for your software approval and deployment decisions.
• You will comply with applicable laws and regulations.
• You will not attempt to disrupt or interfere with the Service.
• You are responsible for safeguarding your account credentials.
• You represent that you have the legal right and authorization to submit any repository, extension, or content to the Service for analysis.
• You are solely responsible for ensuring submissions do not violate confidentiality obligations, contractual restrictions, or applicable law.

7. Confidentiality of submitted content

While we implement reasonable safeguards designed to protect submitted content, you acknowledge that the Service is not a secure code escrow or regulated data storage environment. You are responsible for determining whether it is appropriate to submit proprietary or sensitive repositories for analysis.

8. AI processing and data handling

For fully inclusive plans, submitted code and contextual data may be processed via Anthropic Claude under a commercial API agreement that prohibits submitted data from being used to train Anthropic’s general models.

For Bring Your Own Key (BYOK) plans, processing occurs under your own Anthropic API credentials and is governed by Anthropic’s commercial API terms.

Submitted code is processed solely to generate assessment outputs. We do not sell submitted content.

9. Social login authentication

The Service may allow authentication through third-party identity providers (e.g., Google, Apple, Microsoft, Facebook) via Clerk. Use of those providers is subject to their respective terms and privacy policies.

10. Fees and billing

Paid plans are billed in advance and may be processed through a third-party billing provider. Fees are generally non-refundable except where required by law.

11. No monitoring obligation

Infosec Chicago has no obligation to monitor user activity or submitted content. We reserve the right, but not the obligation, to review, limit, or remove content that violates these Terms or creates risk to the Service.

12. Disclaimer of warranties

The Service is provided on an “AS IS” and “AS AVAILABLE” basis without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, or that the Service will be error-free or uninterrupted.

13. Limitation of liability

To the fullest extent permitted by law, Infosec Chicago shall not be liable for indirect, incidental, consequential, special, or punitive damages, including loss of profits, data, or business interruption.

Infosec Chicago’s total aggregate liability shall not exceed the greater of:

• (a) fees paid by you in the twelve (12) months preceding the claim; or
• (b) US $100.

14. Indemnification

You agree to defend, indemnify, and hold harmless Infosec Chicago from and against claims, damages, losses, and expenses (including reasonable attorneys’ fees) arising out of:

• Your use of the Service;
• Your submitted repositories or extensions;
• Your deployment decisions;
• Your violation of these Terms or applicable law.

15. Export compliance

You agree to comply with U.S. export control and sanctions laws. You represent that you are not located in a comprehensively sanctioned country and are not on a denied-party list, and you will not use the Service for any prohibited end use.

16. Force majeure

Infosec Chicago shall not be liable for delays or failures caused by events beyond reasonable control, including acts of God, internet outages, cloud provider failures, government actions, labor disputes, or cyber incidents.

17. Beta features

We may designate certain features as beta, preview, or experimental. Such features may change or be discontinued without notice and are provided without warranties.

18. Governing law and venue

These Terms are governed by the laws of the State of Illinois, without regard to conflict of law principles. Any disputes shall be resolved in state or federal courts located in Illinois, and you consent to personal jurisdiction and venue in those courts.

19. Survival

Sections relating to limitation of liability, indemnification, governing law, export compliance, disclaimers, and confidentiality of submitted content shall survive termination of your access to the Service.

20. Changes

We may update these Terms from time to time. Continued use after changes become effective constitutes acceptance of the updated Terms.

21. Contact

Questions regarding these Terms may be sent to: [email protected]