Cygent Terms of Service
Last updated: April 9, 2026
These Terms of Service ("Terms") govern Your access to and use of the Cygent platform ("Service"), operated by Cyfrin Inc ("Company", "We", "Us", or "Our"). By accessing or using the Service, You agree to be bound by these Terms. If You do not agree to these Terms, do not use the Service.
1. Interpretation and Definitions
Interpretation
Words with initial capital letters have defined meanings under the following conditions. These definitions apply whether they appear in singular or plural form.
Definitions
- Account means a unique account created for You to access the Service.
- Affiliate means an entity that controls, is controlled by, or is under common control with a party.
- CARA means Cyfrin Audit & Review Assistant, the AI-powered smart contract security analysis engine integrated into the Service.
- Company refers to Cyfrin Inc, 9066 Cascada Way, Naples, FL 34114.
- Content means any code, data, text, findings, reports, or other materials submitted to, generated by, or displayed through the Service.
- Device means any device that can access the Service, such as a computer, cellphone, or tablet.
- Findings means security vulnerabilities, issues, or observations identified by the Service during audits or reviews of Your code.
- Instance means an isolated, containerized environment provisioned for Your Organization to run audits and reviews.
- Organization means a group account under which one or more users collaborate and manage Instances.
- Personal Data is any information that relates to an identified or identifiable individual.
- Service refers to the Cygent platform, including the web application, APIs, integrations, and AI-powered audit capabilities.
- Smart Contract Code means any source code, including but not limited to Solidity, Rust, Go, TypeScript, Aptos Move, or Sui Move code, submitted to the Service for analysis.
- Third-Party Integration means any external service connected to the Service, including but not limited to GitHub, Slack, Discord, and Telegram.
- You means the individual accessing or using the Service, or the company or legal entity on behalf of which such individual is accessing or using the Service.
2. Account Registration and Eligibility
2.1 Account Creation
To use the Service, You must create an Account using either (a) an email address and password, or (b) a supported OAuth identity provider (GitHub or Google). You agree to provide accurate and complete information, to verify Your email address when prompted, and to keep Your Account credentials secure. The Company may require You to verify Your email address before granting full access to the Service, and may decline to register passwords that fail Our minimum complexity requirements or that appear in known breach corpora.
Two-factor authentication ("2FA") is mandatory for all Accounts. After 2FA enrollment becomes required for Your Account, You must complete enrollment within the timeframe communicated to You in the Service; failure to do so may result in restricted access until enrollment is completed.
2.2 Eligibility
You must be at least 18 years of age to use the Service. By creating an Account, You represent and warrant that You meet this requirement.
2.3 Organization Accounts
If You create or join an Organization, the Organization owner and administrators may have access to data associated with that Organization, including audit Findings, job history, and integration configurations. You acknowledge that Your use of the Service within an Organization is subject to any policies set by that Organization's administrators.
2.4 Account Responsibility
You are responsible for all activity that occurs under Your Account, for keeping Your password and two-factor secrets and recovery codes confidential, and for not reusing Your Cygent password on any other service. You must notify Us immediately at security@cyfrin.io of any unauthorized use of Your Account, any compromise of Your password or 2FA factor, or any other breach of security.
3. Description of Service
3.1 Overview
Cygent is an AI-powered security auditing platform for smart contract code. The Service uses CARA to analyze code repositories, identify potential security vulnerabilities, and generate audit reports and Findings.
3.2 Core Capabilities
The Service provides:
- Automated Security Audits — AI-driven analysis of smart contract code for security vulnerabilities across multiple severity levels (Critical, High, Medium, Low, Informational).
- Pull Request Reviews — Automated security analysis of code changes in pull requests, identifying new issues, resolved issues, and persisting issues.
- Audit Reports — Generated HTML reports containing detailed Findings with code context, analysis, and remediation recommendations.
- Third-Party Integrations — Connections to GitHub (webhooks, issue creation, PR reviews), Slack (commands and notifications), Discord, and Telegram for workflow integration.
- Knowledge Base — Semantic search across vulnerability patterns and prior Findings.
- Project Management — Initialization, configuration, and monitoring of audit projects.
3.3 AI-Powered Analysis
The Service uses artificial intelligence and large language models to analyze Smart Contract Code. You acknowledge and agree that:
- AI-generated Findings are not a substitute for professional security audits conducted by qualified human auditors.
- The Service may produce false positives (flagging code that is not actually vulnerable) and false negatives (failing to identify actual vulnerabilities).
- Findings represent the Service's automated assessment and do not constitute a guarantee that Your code is free of vulnerabilities.
- The accuracy and completeness of Findings depend on the quality and completeness of the code provided to the Service.
4. Your Code and Data
4.1 Code Submission
When You use the Service, You grant the Company a limited, non-exclusive license to access, clone, analyze, and process Your Smart Contract Code solely for the purpose of providing the Service to You. This license terminates when You delete Your project or Account, subject to our data retention obligations.
4.2 Ownership
You retain all ownership rights to Your Smart Contract Code. The Company does not claim ownership of any code You submit to the Service. Findings and reports generated by the Service based on Your code are provided to You for Your use.
4.3 Data Processing
To provide the Service, We process the following data:
- Smart Contract Code — Repository source code cloned from connected repositories for analysis.
- Audit Findings — Security vulnerabilities, code context, severity classifications, and remediation recommendations generated by the Service.
- Integration Data — Tokens and configuration for connected Third-Party Integrations (encrypted at rest using AES-256-GCM).
- Usage Data — Job execution history, audit statistics, and operational logs.
- Account Data — Information provided through Your authentication provider (name, email, avatar).
4.4 Data Isolation
Each Organization's data is processed within an isolated Instance. Your Smart Contract Code and Findings are not shared with other Organizations or users outside Your Organization.
4.5 Data Retention
We retain Your data for as long as Your Account is active or as needed to provide the Service. Upon Account or project deletion, We will remove Your data in accordance with our data retention policies, except where retention is required by law.
4.6 Confidentiality
We treat Your Smart Contract Code as confidential information. We will not disclose Your code to third parties except as required to provide the Service (e.g., processing through our AI analysis engine) or as required by law.
5. Acceptable Use
5.1 Permitted Use
You may use the Service only for its intended purpose: security analysis and auditing of smart contract code that You own or have authorization to analyze.
5.2 Prohibited Conduct
You agree not to:
- Submit code that You do not own or have the right to analyze.
- Use the Service to facilitate attacks, exploits, or malicious activity against any blockchain, protocol, or system.
- Attempt to gain unauthorized access to the Service, other Accounts, or the underlying infrastructure.
- Reverse engineer, decompile, or disassemble any part of the Service.
- Interfere with or disrupt the Service or its infrastructure.
- Use the Service to generate, store, or transmit malware or malicious code.
- Resell, sublicense, or redistribute the Service or its output without prior written consent.
- Use automated scripts, bots, or scrapers to access the Service outside of approved integrations.
- Circumvent any usage limits, rate limits, or access controls imposed by the Service.
5.3 Enforcement
We reserve the right to suspend or terminate Your Account if You violate these Terms, with or without notice, at Our sole discretion.
6. Third-Party Integrations
6.1 Authorization
Connecting Third-Party Integrations (GitHub, Slack, Discord, Telegram) requires Your explicit authorization. You are responsible for reviewing and understanding the terms and privacy policies of any third-party service You connect to the Service.
6.2 Data Sharing
When You connect a Third-Party Integration, certain data may be shared between the Service and the third-party platform, including:
- Repository and pull request metadata (GitHub)
- Messages, commands, and notifications (Slack, Discord, Telegram)
- User identity information from the third-party platform
6.3 Responsibility
The Company is not responsible for the availability, accuracy, or practices of any third-party service. Your use of Third-Party Integrations is at Your own risk.
7. Fees and Payment
7.1 Plan Tiers
The Service may be offered under various plan tiers with different feature sets and usage limits. Your Organization's plan tier determines the number of Instances and features available to You.
7.2 Changes to Pricing
We reserve the right to modify pricing and plan tiers at any time. We will provide reasonable notice of any pricing changes that affect Your current plan.
7.3 Usage Limits
Certain features of the Service may be subject to usage limits, including but not limited to the number of audit jobs, API calls, or Instance resources. Exceeding these limits may result in temporary service restrictions or require an upgrade to a higher plan tier.
8. Intellectual Property
8.1 Service Ownership
The Service, including its underlying technology, CARA engine, algorithms, user interface, and documentation, is owned by the Company and is protected by intellectual property laws. Nothing in these Terms grants You any right to the Company's intellectual property except the limited right to use the Service as described herein.
8.2 Feedback
If You provide suggestions, ideas, or feedback about the Service ("Feedback"), You grant the Company a non-exclusive, worldwide, royalty-free, perpetual license to use, modify, and incorporate such Feedback into the Service without obligation to You.
9. Disclaimers
9.1 "As Is" Basis
THE SERVICE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR COURSE OF PERFORMANCE.
9.2 No Security Guarantee
THE COMPANY DOES NOT WARRANT THAT THE SERVICE WILL IDENTIFY ALL SECURITY VULNERABILITIES IN YOUR CODE. THE SERVICE IS AN AUTOMATED TOOL AND IS NOT A SUBSTITUTE FOR A COMPREHENSIVE SECURITY AUDIT BY QUALIFIED PROFESSIONALS. YOU ACKNOWLEDGE THAT THE SERVICE MAY FAIL TO DETECT CRITICAL VULNERABILITIES AND THAT RELIANCE ON THE SERVICE'S FINDINGS IS AT YOUR OWN RISK.
9.3 No Financial Guarantee
THE COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE FINANCIAL SECURITY OF ANY SMART CONTRACT OR BLOCKCHAIN APPLICATION ANALYZED BY THE SERVICE. THE COMPANY IS NOT LIABLE FOR ANY FINANCIAL LOSSES RESULTING FROM VULNERABILITIES NOT IDENTIFIED BY THE SERVICE.
9.4 Third-Party Services
THE COMPANY DOES NOT WARRANT THE AVAILABILITY, ACCURACY, OR RELIABILITY OF ANY THIRD-PARTY INTEGRATION OR SERVICE CONNECTED TO THE SERVICE.
10. Limitation of Liability
10.1 Exclusion of Damages
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY, ITS DIRECTORS, EMPLOYEES, PARTNERS, AGENTS, SUPPLIERS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION:
- Loss of profits, revenue, data, or business opportunities
- Financial losses from undetected smart contract vulnerabilities
- Losses from exploits, hacks, or attacks on smart contracts analyzed by the Service
- Cost of procurement of substitute services
- Losses arising from unauthorized access to or alteration of Your data
WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT THE COMPANY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.
10.2 Liability Cap
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE COMPANY'S TOTAL LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR YOUR USE OF THE SERVICE SHALL NOT EXCEED THE AMOUNT YOU HAVE PAID TO THE COMPANY FOR THE SERVICE IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR ONE HUNDRED U.S. DOLLARS ($100), WHICHEVER IS GREATER.
11. Indemnification
You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, agents, and affiliates from and against any claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys' fees) arising from:
- Your use of the Service
- Your violation of these Terms
- Your violation of any third-party rights
- Any Smart Contract Code or Content You submit to the Service
- Any financial losses incurred by You or third parties resulting from smart contracts You deployed after analysis by the Service
12. Termination
12.1 By You
You may terminate Your Account at any time by contacting Us. Upon termination, Your right to use the Service will cease immediately.
12.2 By Us
We may suspend or terminate Your Account at any time, with or without cause, and with or without notice. Grounds for termination include, but are not limited to, violations of these Terms, fraudulent activity, or extended periods of inactivity.
12.3 Effect of Termination
Upon termination, We will make reasonable efforts to delete Your data, including Smart Contract Code, Findings, and integration configurations, subject to our data retention obligations and legal requirements.
12.4 Survival
Sections 4.2 (Ownership), 8 (Intellectual Property), 9 (Disclaimers), 10 (Limitation of Liability), 11 (Indemnification), and 14 (Governing Law) shall survive termination of these Terms.
13. Modifications to Terms
We reserve the right to modify these Terms at any time. We will notify You of material changes by posting the updated Terms on the Service and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the modified Terms.
14. Governing Law and Dispute Resolution
14.1 Governing Law
These Terms shall be governed by and construed in accordance with the laws of the State of Florida, United States, without regard to its conflict of law provisions.
14.2 Dispute Resolution
Any dispute arising out of or relating to these Terms or the Service shall first be attempted to be resolved through good-faith negotiation. If the dispute cannot be resolved within thirty (30) days, either party may pursue resolution through binding arbitration in accordance with the rules of the American Arbitration Association, conducted in the State of Florida.
14.3 Class Action Waiver
YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.
15. General Provisions
15.1 Entire Agreement
These Terms constitute the entire agreement between You and the Company regarding the Service and supersede all prior agreements and understandings.
15.2 Severability
If any provision of these Terms is held to be unenforceable, the remaining provisions shall remain in full force and effect.
15.3 Waiver
The failure of the Company to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.
15.4 Assignment
You may not assign or transfer these Terms or Your rights under these Terms without the Company's prior written consent. The Company may assign these Terms without restriction.
15.5 Force Majeure
The Company shall not be liable for any failure or delay in performance due to circumstances beyond its reasonable control, including but not limited to natural disasters, acts of government, blockchain network disruptions, or third-party service outages.
16. Contact Us
If You have any questions about these Terms of Service, You can contact Us:
- Email: [support@cyfrin.io]
- Website: [https://support.cyfrin.io]
These Terms of Service should be reviewed by qualified legal counsel before publication. This document is a template and may require modifications to comply with applicable laws in Your jurisdiction.