← Back to PullGuard

Terms of Service

Last updated: April 8, 2026

1. Service Description

PullGuard is a static analysis tool that scans source code for security vulnerabilities, code quality issues, and compliance gaps. The service runs as a GitHub Action on your own GitHub Actions runners. Your code is processed locally on your infrastructure and is never transmitted to PullGuard servers.

2. License Keys

License keys are issued per-repository and are non-transferable. Each key is cryptographically bound to the purchasing organization and, where applicable, to specific repositories. Sharing license keys outside your organization is prohibited. Free tier usage requires no license key.

3. Acceptable Use

You may use PullGuard to scan code repositories you own or have authorization to scan. You may not:

• Reverse engineer, decompile, or disassemble the PullGuard Docker image or compiled artifacts
• Use PullGuard to build a competing hosted analysis service
• Share or redistribute license keys outside your organization
• Attempt to bypass license tier restrictions or forge license keys

4. Data Handling

PullGuard processes your source code entirely on your GitHub Actions runners. No source code, findings, or analysis results are transmitted to PullGuard servers. The only external network calls made by the scanner are to public vulnerability databases (OSV API) and package registries (npm, PyPI, Maven, Go, RubyGems) for dependency version checking. See our Privacy Policy for details.

5. Payment Terms

Pro and Enterprise subscriptions are billed monthly per repository via Stripe. Prices are listed on pullguard.dev. All payments are in USD. Subscriptions can be cancelled at any time; cancellation takes effect at the end of the current billing period. License keys are revoked upon cancellation.

6. Limitation of Liability

PullGuard is provided "as is" without warranty of any kind. PullGuard is a static analysis tool and does not guarantee the detection of all security vulnerabilities. It is not a substitute for manual security review, penetration testing, or compliance auditing. PullGuard shall not be liable for any damages arising from the use or inability to use the service, including but not limited to security breaches in scanned codebases.

7. Intellectual Property

PullGuard and its analyzers, detection patterns, scoring algorithms, and compiled artifacts are the intellectual property of PullGuard, licensed under the Business Source License 1.1 (BSL-1.1). The BSL-1.1 converts to Apache 2.0 on March 20, 2030. Your source code and analysis results remain your property at all times.

8. Changes to Terms

We may update these terms from time to time. Material changes will be communicated via email to active subscribers. Continued use of PullGuard after changes constitutes acceptance of the updated terms.

9. Contact

For questions about these terms: hello@pullguard.dev