Terms of Service
Last updated: 2026-05-16
1. Acceptance of Terms
By creating an account or using Violet (“Service”), you agree to these Terms of Service. If you do not agree, do not use the Service.
2. Service Description
Violet is an AI-powered penetration testing platform. You submit target URLs and optional source code repositories. Our automated agents perform security analysis and produce vulnerability reports. The Service is intended for defensive security — helping you find and fix vulnerabilities in systems you own or have explicit permission to test.
3. Acceptable Use
You agree to:
- Only test systems you own or have written authorization to test
- Not use the Service for unauthorized access, denial of service, or any illegal activity
- Not attempt to circumvent usage limits, billing, or access controls
- Not share account credentials with unauthorized parties
- Comply with all applicable laws and regulations
Violation of these terms may result in immediate account termination without refund.
3a. Customer Authorization and Indemnification
Penetration testing without the target owner’s consent is illegal in most jurisdictions and can cause real harm to third parties. Before launching any scan, you represent and warrant that:
- You either own the target system or have explicit written permission from the owner to perform a penetration test against it
- Your authorization is current and covers the techniques the Service may use (active probing, form submission, authenticated traversal, etc.)
- You are not using the Service to attack third parties, including but not limited to SaaS vendors, government systems, infrastructure providers, or competitors
Acknowledgment captured at launch. Before each scan begins, you must explicitly check a box reaffirming this authorization. Violet records the verbatim text of that acknowledgment, the user account that clicked it, the client IP, the user agent, and the timestamp. This audit row is retained for the lifetime of the organization account and is available to law enforcement under valid legal process.
Indemnification. You agree to defend, indemnify, and hold harmless Violet Security, Inc., its officers, employees, and contractors from any claim, demand, loss, liability, or expense (including reasonable attorneys’ fees) arising out of or related to your use of the Service to test a system you did not have authorization to test. This obligation survives termination of your account.
Reporting abuse. If you believe the Service is being used to attack a system you own, contact [email protected] with the target URL and the approximate time window. We investigate every report and will suspend offending accounts pending review.
4. Accounts and Organizations
Each user belongs to one organization. The organization owner is responsible for managing team members and billing. You are responsible for maintaining the security of your account credentials. Notify us immediately if you suspect unauthorized access.
5. Billing and Credits
The Service uses a credit-based billing model. Credits are consumed when a scan is initiated.
- Credits are non-refundable once a scan has started
- Subscription credits reset monthly and do not carry over beyond the rollover limit
- One-time credit pack purchases never expire
- Prices are subject to change with 30 days’ notice to active subscribers
6. Intellectual Property
You retain ownership of all data you submit (source code, configurations, target information). Violet retains ownership of the Service, its agents, prompts, and underlying technology. Reports generated by the Service are owned by your organization and may be shared at your discretion.
7. Limitation of Liability
The Service is provided “as is” without warranties of any kind, express or implied. Violet is an automated tool and does not guarantee complete vulnerability coverage. Specifically:
- Findings are point-in-time assessments and may not reflect current security posture
- The absence of findings does not guarantee the absence of vulnerabilities
- Violet is not liable for damages arising from reliance on scan results
- Our total liability is limited to the amount you paid in the 12 months preceding the claim
8. Data and Privacy
Your use of the Service is also governed by our Privacy Policy. This includes your rights under applicable data protection law — for GDPR, CCPA/CPRA, and international transfer information, see the Privacy Policy §§ 8–9. You are responsible for ensuring that submitting target URLs and source code to our Service does not violate any confidentiality obligations you may have.
Repository authorization. If you provide a source-code repository for analysis, you represent and warrant that you own it or have explicit authorization to submit it to the Service and to have it analyzed as described here.
Automated code scanning. Repositories you submit are automatically scanned for committed secrets (such as credentials and API keys) and known-vulnerable dependencies. You acknowledge that secrets or sensitive material present in the repository — including in its commit history — will be read by the Service and may be recorded as findings in your security report. Findings are retained in accordance with our Privacy Policy and are accessible to Violet personnel as described in § 9. Remove or rotate any credentials you do not wish to expose before submitting a repository.
Repository authorization. If you provide a source-code repository for analysis, you represent and warrant that you own it or have explicit authorization to submit it to the Service and to have it analyzed as described here.
Automated code scanning. Repositories you submit are automatically scanned for committed secrets (such as credentials and API keys) and known-vulnerable dependencies. You acknowledge that secrets or sensitive material present in the repository — including in its commit history — will be read by the Service and may be recorded as findings in your security report. Findings are retained in accordance with our Privacy Policy and are accessible to Violet personnel as described in § 9. Remove or rotate any credentials you do not wish to expose before submitting a repository.
9. Service Operations
To deliver and improve the Service, Violet personnel may access your scan data, reports, and configuration for the limited purposes described in our Privacy Policy (§ 6 Service Operations). Violet retains the right to perform all technical operations necessary to operate, maintain, and improve the Service.
Report re-processing. Violet may regenerate or re-process security reports for quality or correctness purposes. Re-processed reports may differ from the original; the prior version is retained and recoverable on request. When regeneration is initiated by Violet (not at your request), you will be notified by email.
Audit logging. All internal staff access to your organization’s data is audit-logged. You may request a copy of the audit log for your organization at any time by contacting [email protected].
Report re-processing. Violet may regenerate or re-process security reports for quality or correctness purposes. Re-processed reports may differ from the original; the prior version is retained and recoverable on request. When regeneration is initiated by Violet (not at your request), you will be notified by email.
Audit logging. All internal staff access to your organization’s data is audit-logged. You may request a copy of the audit log for your organization at any time by contacting [email protected].
10. Account Termination
You may delete your organization at any time from Settings. We may suspend or terminate accounts that violate these terms. Upon termination, all associated data is permanently deleted.
11. Governing Law
These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles. Any disputes arising under these Terms shall be resolved in the courts of the State of Delaware, and you consent to personal jurisdiction there.
12. Changes to Terms
We may update these terms from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect.
13. Contact
For questions about these terms, contact us at [email protected].