Terms of Service

By accessing or using Veriva (“the Service”), you agree to be bound by these Terms of Service. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these terms.

Veriva is an AI Code Governance platform that analyzes pull requests for code quality, security vulnerabilities, and AI-generated code patterns. The Service integrates with GitHub as a GitHub App and provides analysis results via check runs, PR comments, and a web dashboard.

You may authenticate with GitHub OAuth, Google OAuth, or email verification to use the Service. You are responsible for maintaining the security of your identity provider account and for all activities that occur under your account.

You agree not to:

• Use the Service to violate any applicable law or regulation
• Attempt to reverse engineer, decompile, or disassemble the Service
• Use the Service to transmit malicious code
• Interfere with or disrupt the Service or its infrastructure
• Exceed the rate limits or usage quotas for your plan
• Connect repositories that you do not own or that you are not authorized to analyze on behalf of the rights holder
• Use the Service to evaluate the Service itself for the purpose of building a competing product

Veriva accesses your repository code solely for the purpose of analysis. We process pull request diffs and file contents in memory during analysis and do not permanently store your source code. Cookie usage, data retention schedules, and your data-subject rights (access, deletion, portability, etc.) are described in our Privacy Policy, which is incorporated into these Terms by reference. Customers processing personal data through the Service should also review our Data Processing Addendum.

Your content. You retain all rights, title, and interest in and to your source code, repository data, and any other content you submit to the Service (“Customer Content”). You grant Veriva a limited, non-exclusive, worldwide license to access, process, and analyze Customer Content solely to provide the Service to you.

Our technology. Veriva and its licensors retain all rights in the Service, including the analysis engine, rule definitions, AI models and prompts, trust-scoring methodology, source code, user interfaces, documentation, and trademarks. Nothing in these Terms transfers ownership of any Veriva intellectual property to you.

Analysis outputs. Findings, trust scores, reports, and other outputs we generate from your Customer Content (“Outputs”) are licensed to you for your internal business use, including storing, sharing within your organization, and incorporating into your own engineering workflows. Veriva may use de-identified, aggregated statistics derived from Outputs (e.g., “X% of repositories flagged slopsquatting last month”) to improve the Service and publish benchmarks, provided that such data cannot reasonably be used to identify you or your Customer Content.

Feedback. If you send us suggestions or feedback about the Service, you grant Veriva a perpetual, royalty-free license to use that feedback without restriction or obligation to you.

Veriva maintains administrative, physical, and technical safeguards designed to protect Customer Content, including encryption in transit and at rest, PostgreSQL row-level security for tenant isolation, audit logging, and least-privilege access controls. A summary of current sub-processors and security measures is available on request at security@veriva.dev.

If we become aware of a confirmed security incident affecting your Customer Content, we will notify the primary administrative contact on your account without undue delay and in any event within 72 hours of confirmation, and provide the information reasonably necessary for you to meet any notification obligations you may have under applicable law. Detailed processor-controller incident obligations are set out in our Data Processing Addendum.

You agree to promptly notify us at security@veriva.dev of any suspected security vulnerability, compromise of your credentials, or unauthorized use of the Service under your account.

Current plans, per-seat prices, included usage, and plan-specific limits are described on our Pricing page, which is incorporated into these Terms by reference. We may adjust prices or plan features by posting the change to the Pricing page and giving paid subscribers at least 30 days' notice before the change takes effect for them.

Paid plans are billed monthly via Stripe on a per-seat basis (one seat per active organization member). New organizations receive a 14-day Pro trial with no card required; on day 14, organizations without a payment method on file are automatically downgraded to the free Hobby tier and may continue using the Service within Hobby limits. You may cancel at any time through the billing dashboard. Cancellations take effect at the end of the current billing period. No refunds are provided for partial months. Cancelled organizations may rejoin a paid plan within 30 days without losing data.

THE SERVICE IS PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND. Veriva does not guarantee that the analysis will detect all security vulnerabilities or code quality issues. The Service is a supplementary tool and does not replace manual code review.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, VERIVA SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES.

You agree to indemnify and hold harmless Veriva, its affiliates, and their officers, employees, and agents from any claims, liabilities, damages, or expenses (including reasonable attorneys' fees) arising from your use of the Service, your violation of these Terms, or your infringement of any third-party right — except to the extent caused by Veriva's own gross negligence or willful misconduct.

Neither party will be liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, labor disputes, government action, epidemics or pandemics, failures of the internet or public telecommunications networks, or outages of third-party cloud infrastructure, software dependencies, or AI providers on which the Service depends. The affected party will use commercially reasonable efforts to mitigate the impact and resume performance as soon as practicable. This section does not excuse a party's obligation to pay amounts due for Service already rendered.

You may terminate your account at any time by uninstalling the GitHub App and deleting your organization from the Veriva dashboard. We may suspend or terminate your access if you materially breach these Terms, with notice where practicable. Termination does not relieve you of obligations accrued before termination (e.g., outstanding invoices). Sections 6 (Intellectual Property), 9 (Disclaimer), 10 (Limitation of Liability), 11 (Indemnification), and 14 (Governing Law) survive termination.

These Terms are governed by the laws of the State of New Jersey, United States, without regard to its conflict-of-laws rules. Any dispute arising out of or relating to these Terms or the Service shall be resolved in the state or federal courts located in New Jersey, and you consent to the exclusive jurisdiction and venue of those courts. Nothing in this section limits any mandatory consumer-protection rights that apply to you under the law of your country of residence.

We may update these terms from time to time. We will notify you of material changes via email or through the Service. Continued use after changes constitutes acceptance.

For questions about these terms, contact us at legal@veriva.dev.