Skip to main content

Terms of Service

Last updated: May 19, 2026

These Terms of Service ("Terms") govern your use of Vulkro (the "Service"), the application security scanner distributed at vulkro.com, the binary distributed at dist.vulkro.com, and any related software, documentation, or services provided by Vulkro ("we", "us", "our").

By installing, running, or otherwise using Vulkro, you ("you", "your", "Customer") agree to these Terms. If you do not agree, do not install or use the Service.

1. License grant

Subject to your compliance with these Terms and payment of any applicable fees, Vulkro grants you a non-exclusive, non-transferable, non-sublicensable, revocable license to install and run the Vulkro binary on the machine(s) authorised by your license file (.lic).

Each commercial license is bound to a single machine identifier generated from your hardware (see vulkro machine-id). You may not share, redistribute, or attempt to bypass the license enforcement mechanism.

A free license is available for personal use and bona-fide open-source maintenance. Email [email protected] to request one.

2. Permitted use

You may use Vulkro to:

  • Scan source code, configuration files, dependencies, container images, and infrastructure definitions that you own or are authorised to scan.
  • Integrate Vulkro into your own development, build, or CI/CD workflows.
  • Generate and use reports, evidence packs, and SARIF/JUnit/CycloneDX exports produced by Vulkro for any purpose, including sharing with auditors, customers, and regulators.

You may not:

  • Reverse-engineer, decompile, or attempt to extract the source code, signing keys, or rule logic of Vulkro, except to the extent expressly permitted by applicable law.
  • Use Vulkro to scan systems or codebases that you do not own and are not authorised to scan.
  • Redistribute the Vulkro binary, the CVE bundle, or any rule pack without our express written permission.
  • Use Vulkro to develop a competing product or service.

3. Customer data

Vulkro is designed to run entirely on your own infrastructure. We do not receive your source code, your scan results, your endpoint inventory, or any data about the systems you scan. Vulkro makes only two outbound network calls, both to our content delivery network at dist.vulkro.com:

  1. Fetching the binary on install.
  2. Fetching signed CVE bundles when you run vulkro update.

Both can be disabled. See the Privacy Policy for the full list of what we do and do not collect.

4. Fees and payment

Pricing is published at vulkro.com/pricing. Commercial licenses are sold as one-time purchases at two duration tiers: Monthly and Annual. Fees are payable in advance via the payment processor identified at checkout.

All purchases are one-time. There is no auto-renewal and no recurring charge. When your license expires, the Vulkro CLI continues to run, but new CVE bundle updates and major detector releases are gated until you purchase another license. There is nothing to "cancel".

All fees are exclusive of any applicable taxes, which are added at checkout and remitted by our merchant-of-record on your behalf where applicable.

5. Refunds

We do not offer refunds. Once a license file is issued it cannot technically be revoked, so a refund would leave the customer with an operational copy of the software for free. See the full Refund Policy.

6. Updates and support

Every paid plan receives all updates released during its active window, including new detectors, rule pack updates, CVE bundles, and bug fixes. There is no feature gating between tiers; only the license duration varies.

Support is provided via email, without tiering. All paying customers get the same response queue. Custom arrangements (SLAs, dedicated channels, named contacts) are available on request; email [email protected].

7. Intellectual property

Vulkro, including the binary, the rule packs, the CVE bundles, the documentation, the brand name, and the logo, is the intellectual property of Vulkro. These Terms do not transfer any ownership rights to you. Findings, reports, and other output produced by Vulkro when run against your code belong to you.

8. Warranties and limitation of liability

The Service is provided "AS IS" without warranty of any kind, express or implied, including but not limited to merchantability, fitness for a particular purpose, and non-infringement. Vulkro does not warrant that the Service will identify every security vulnerability in your code or that its findings are free of false positives or false negatives.

To the maximum extent permitted by law, Vulkro's total aggregate liability for any claim arising out of or relating to these Terms or the Service is limited to the amount you paid us in the twelve months preceding the claim, or one hundred United States dollars (USD 100), whichever is greater.

In no event shall Vulkro be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, lost revenue, lost data, or business interruption, even if advised of the possibility of such damages.

9. Termination

We may suspend or terminate your license if you materially breach these Terms. Because all purchases are one-time, there is no subscription to cancel. License files already in your possession continue to validate until their expiry date regardless of any relationship change between us and you.

10. Governing law

These Terms are governed by the laws of India, without regard to its conflict-of-laws principles. Any dispute arising out of or relating to these Terms shall be subject to the exclusive jurisdiction of the courts located in India.

11. Changes to these Terms

We may update these Terms from time to time. Material changes will be announced on our website at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Terms.

12. Contact

Questions about these Terms: [email protected].