BackCANARY

Terms of Service

Last updated: January 2025

1. Acceptance of Terms

By accessing or using Canary ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, do not use the Service. These terms apply to all users, including visitors and authenticated users.

2. Description of Service

Canary is a dependency vulnerability scanning tool that monitors your software project dependencies against multiple vulnerability advisory sources including the GitHub Security Advisory Database (GHSA), Open Source Vulnerabilities (OSV), National Vulnerability Database (NVD), and npm audit. The Service provides alerts and reports to help you identify and address security vulnerabilities.

3. Account & Authentication

You must authenticate via GitHub OAuth to use the Service. You are responsible for maintaining the security of your GitHub account. You agree to notify us immediately of any unauthorized use of your account. We are not liable for any loss arising from unauthorized access to your account.

4. User Responsibilities

When using the Service, you agree to:

  • Provide accurate and current information
  • Use the Service only for lawful purposes
  • Not attempt to interfere with or disrupt the Service
  • Not reverse-engineer, decompile, or disassemble the Service
  • Not use the Service to scan repositories you do not own or have authorization to scan
  • Comply with GitHub's Terms of Service when using features that interact with GitHub

5. Intellectual Property

The Service, its original content, features, and functionality are owned by Canary and are protected by applicable intellectual property laws. The vulnerability data we aggregate is sourced from public advisory databases and is subject to their respective licensing terms.

6. Disclaimer of Warranties

The Service is provided "as is" and "as available" without warranties of any kind, either express or implied. We do not warrant that:

  • The Service will be uninterrupted, timely, or error-free
  • Vulnerability data will be complete, accurate, or up-to-date
  • The Service will detect all vulnerabilities in your dependencies
  • The Service will meet your specific security requirements

Canary is a supplementary tool and should not be your sole means of security assessment. You are responsible for your own security practices.

7. Limitation of Liability

To the fullest extent permitted by law, Canary shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or business opportunities, arising out of or in connection with your use of the Service — even if we have been advised of the possibility of such damages.

8. Termination

We may terminate or suspend your access to the Service immediately, without prior notice, for conduct that we believe violates these Terms or is harmful to other users, us, or third parties, or for any other reason at our sole discretion. Upon termination, your right to use the Service ceases immediately.

9. Changes to Terms

We reserve the right to modify these Terms at any time. Changes will be posted on this page with an updated revision date. Your continued use of the Service following the posting of changes constitutes acceptance of those changes.

10. Governing Law

These Terms shall be governed by and construed in accordance with applicable laws, without regard to conflict-of-law principles. Any disputes arising under these Terms shall be resolved in the courts of competent jurisdiction.

11. Contact

If you have questions about these Terms of Service, contact us at legal@canary.dev.