Terms of Service

Last updated: March 1, 2026

1. Agreement to Terms

By accessing or using any Vericode platform ("Service"), operated by Moon One LLC ("Company," "we," "us," or "our"), a Wyoming limited liability company, you agree to be bound by these Terms of Service. If you do not agree to these terms, do not use our Service.

These Terms apply to all Vericode products and platforms, including but not limited to:

  • vericodeai.com — Smart Contract Security Scanner
  • app.vericodeai.com — Application Security Scanner (web apps, APIs, AI applications)
  • Vericode Shield — Runtime monitoring SDK and associated services
  • Vericode API — CI/CD integration and developer API access

2. Description of Service

Vericode provides AI-powered security analysis, auditing, and runtime monitoring services across multiple platforms:

2.1 Smart Contract Security (vericodeai.com)

  • Automated static analysis of Solidity smart contracts (Slither, Mythril, Aderyn, Semgrep)
  • AI-assisted vulnerability detection with multi-model cross-validation
  • Formal verification via symbolic execution (Halmos) and fuzz testing (Echidna)
  • Automatic proof-of-concept exploit generation
  • Adversarial AI review of findings
  • Security report generation (PDF, JSON, SARIF) with severity ratings and fix recommendations
  • Continuous monitoring of deployed contracts for new vulnerabilities
  • Access to our knowledge base of 500K+ historical audit findings

2.2 Application Security (app.vericodeai.com)

  • Security scanning of web applications, APIs, and AI-powered applications
  • OWASP Top 10 and CWE vulnerability detection
  • Static analysis via Semgrep, Bandit, Gitleaks, and dependency auditing
  • AI-powered deep analysis of authentication flows, data handling, and API security
  • Vibecoding-specific vulnerability checks (incomplete auth, missing RLS, exposed env vars)
  • LLM/AI security analysis (prompt injection, system prompt leakage, excessive agency)
  • BaaS misconfiguration detection (Supabase, Firebase)
  • Security report generation with OWASP categorization

2.3 Shield Runtime Monitoring

  • Lightweight npm SDK for Express.js, Fastify, and Next.js applications
  • Real-time detection of SQL injection, XSS, path traversal, and other attack patterns
  • Production error and exception monitoring
  • Security alert generation and notification
  • Event batching and ingestion via secure API endpoints

3. Important Disclaimers

⚠️ Critical Notice

Vericode is NOT a substitute for professional security audits or penetration testing. Our AI-powered analysis is designed to assist developers and security researchers in identifying potential vulnerabilities, but it cannot guarantee the detection of all security issues.

Applications and smart contracts handling significant value or sensitive data should undergo comprehensive manual security reviews by qualified professionals in addition to automated analysis.

  • We do not guarantee the accuracy, completeness, or reliability of our analysis
  • False positives and false negatives may occur in vulnerability detection
  • Our Service does not constitute financial, legal, or investment advice
  • We are not responsible for any losses resulting from reliance on our reports
  • Shield runtime monitoring may not detect all attack patterns or zero-day exploits
  • AI-generated findings require human review and judgment before acting upon

4. User Responsibilities

By using our Service, you agree to:

  • Only submit code that you own or have authorization to analyze
  • Not use our Service for malicious purposes, including but not limited to identifying vulnerabilities for exploitation
  • Not attempt to reverse engineer, decompile, or extract our proprietary analysis methods
  • Not overwhelm our systems with excessive automated requests beyond your plan limits
  • Maintain the confidentiality of your account credentials and API keys
  • Not share, resell, or redistribute API keys or Shield SDK keys to unauthorized parties
  • Comply with all applicable laws and regulations, including data protection laws when using Shield to collect request data from your users
  • Inform your end users about data collection when deploying Shield SDK on your applications, as required by applicable privacy laws

5. Intellectual Property

Your Code: You retain all ownership rights to the source code you submit for analysis, whether smart contracts, application code, or any other software. We do not claim any ownership over your code.

Shield SDK: The Vericode Shield SDK is licensed to you under the terms of your subscription plan. You may integrate it into your applications but may not redistribute, modify, or create derivative works of the SDK without our written consent.

Our Service: All aspects of our Service, including but not limited to our analysis algorithms, knowledge base, AI models, detection patterns, user interface, and report formats, are proprietary to Moon One LLC and protected by intellectual property laws.

Reports: Security reports generated by our Service are provided for your use only and may not be publicly distributed, sold, or misrepresented as third-party audit opinions without our written consent.

6. Subscription and Payments

Some features of our Service require a paid subscription. By subscribing:

  • You authorize us to charge your payment method on a recurring basis
  • Subscription fees are non-refundable except as required by law
  • We may change pricing with 30 days notice
  • You may cancel your subscription at any time, effective at the end of the billing period
  • Plan limits (scan count, Shield apps, event quotas) reset according to your billing cycle
  • Exceeding plan limits may result in temporary suspension of certain features until the next billing cycle

We accept cryptocurrency payments (USDC, USDT, ETH) and traditional payment methods (credit/debit cards via Stripe). All cryptocurrency transactions are final and non-reversible.

7. API and CI/CD Usage

If you access our Service via API or CI/CD integrations:

  • API keys are confidential and must not be embedded in public repositories or client-side code
  • You are responsible for all activity conducted through your API keys
  • We may rate-limit or suspend API access if we detect abuse or excessive usage
  • API responses and report data may be cached or stored in your own systems, subject to the Report license terms above
  • Automated scanning via CI/CD is subject to the same plan limits as manual scanning

8. Shield SDK Terms

Additional terms apply when using the Vericode Shield runtime monitoring SDK:

  • You are responsible for ensuring Shield SDK deployment complies with your application's privacy policy and applicable data protection regulations (e.g., GDPR, CCPA)
  • Shield collects HTTP request metadata (paths, methods, status codes, IP addresses, user agents) from your application's traffic — you must disclose this to your users as required by law
  • Shield does NOT collect request or response bodies, authentication tokens, passwords, or other sensitive payload data
  • Event data is retained for 7 days and then automatically purged from our systems
  • You may delete a Shield app and its associated data at any time through the dashboard
  • We may suspend Shield event ingestion if your application exceeds your plan's event quota

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, MOON ONE LLC SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

  • Loss of funds due to smart contract exploits or application breaches
  • Loss of business, profits, or data
  • Unauthorized access to your systems or your users' data
  • Any damages resulting from vulnerabilities not detected by our scanning or monitoring services
  • Any damages resulting from false positives leading to unnecessary code changes
  • Service interruptions affecting Shield monitoring coverage

Our total liability shall not exceed the amount you paid for our Service in the 12 months preceding the claim.

10. Indemnification

You agree to indemnify and hold harmless Moon One LLC, its officers, directors, employees, and agents from any claims, damages, losses, or expenses arising from your use of the Service, your violation of these Terms, your violation of any rights of third parties, or any claim that your use of Shield SDK violated the privacy rights of your end users.

11. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted access to our Service. We may modify, suspend, or discontinue any aspect of the Service at any time without notice. We are not liable for any downtime, service interruptions, or gaps in Shield monitoring coverage. Critical security alerts should not be your sole line of defense — implement defense-in-depth practices.

12. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Wyoming, United States, without regard to its conflict of law provisions. Any disputes shall be resolved exclusively in the state or federal courts located in Wyoming.

13. Changes to Terms

We reserve the right to modify these Terms at any time. We will notify users of material changes via email or through our Service. Continued use of the Service after changes constitutes acceptance of the modified Terms.

14. Contact

For questions about these Terms, please contact us at [email protected]

Moon One LLC • Wyoming, United States