Please read these Terms of Service carefully before using Depna. By accessing or using the Service, you agree to be bound by these Terms. If you do not agree, you must not use the Service.
01 Acceptance of Terms
These Terms of Service ("Terms") constitute a legally binding agreement between you ("User," "you," or "your") and Depna ("Depna," "we," "our," or "us") governing your access to and use of the Depna software-as-a-service platform available at depna.io (the "Service").
By creating an account, clicking "I agree," or otherwise accessing or using the Service, you confirm that you:
- Have read, understood, and agree to be bound by these Terms;
- Are at least 18 years of age or have the legal capacity to enter into a binding agreement;
- Are authorized to bind the company or organization on whose behalf you are registering, if applicable.
If you are using the Service on behalf of a company, organization, or other legal entity, the entity and you individually are each bound by these Terms.
02 Description of Service
Depna is a dependency security scanning platform. The Service enables users to:
- Upload dependency files (such as package.json, requirements.txt, or pom.xml) for automated vulnerability scanning;
- Receive security reports identifying known vulnerabilities (CVEs) in third-party packages;
- Access AI-powered analysis and remediation recommendations (paid plans);
- Integrate scanning into CI/CD pipelines via webhooks and APIs (paid plans);
- Generate audit-ready PDF reports (ISO 27001 / SOC 2) (paid plans), optionally white-labeled with your company logo (Enterprise plan);
- Receive notifications via Email, Slack, Microsoft Teams, and Discord channels (channel limits vary by plan; unlimited channel rules on all plans).
Depna reserves the right to modify, suspend, or discontinue any aspect of the Service at any time, with reasonable notice where possible.
03 Account Registration & Security
3.1 Registration
To use the Service, you must create an account by providing accurate, current, and complete information including your first name, last name, company name, and a valid work email address. You agree to keep your registration information up to date.
3.2 Account Security
You are solely responsible for:
- Maintaining the confidentiality of your password and account credentials;
- All activities that occur under your account, whether or not authorized by you;
- Promptly notifying Depna at [email protected] of any unauthorized access or security breach.
Depna will not be liable for any loss or damage arising from your failure to protect your account credentials.
3.3 One Account Per User
Each individual user may maintain only one active free account. Creating multiple free accounts to circumvent plan limitations is prohibited and may result in immediate termination of all associated accounts.
04 Acceptable Use
4.1 Permitted Use
You may use the Service solely for lawful purposes and in accordance with these Terms. Permitted uses include scanning dependency files belonging to projects you own or are authorized to scan.
4.2 Prohibited Activities
Violation of the prohibited activities below may result in immediate account suspension and legal action.
You must not:
- Use the Service to scan dependency files of projects you do not own or are not authorized to analyze;
- Attempt to probe, scan, or test the vulnerability of Depna's systems or networks;
- Use automated scripts or bots to access the Service in a manner that places an excessive or unreasonable load on our infrastructure;
- Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service;
- Copy, adapt, or create derivative works based on the Service or its content;
- Sell, resell, license, sublicense, or otherwise transfer access to the Service to third parties without our prior written consent;
- Use the Service to transmit any malicious code, viruses, or harmful software;
- Circumvent, disable, or interfere with security features of the Service;
- Submit webhook links that point at addresses other than the intended Slack, Microsoft Teams, or Discord destination, or otherwise try to use Depna to reach systems other than the configured messaging provider;
- Use the Service for any illegal purpose or in violation of any applicable laws or regulations;
- Misrepresent your identity or affiliation with any person or organization.
For your protection, every webhook link you add for Slack, Microsoft Teams, or Discord is checked both when you save it and each time a notification is about to be sent. Links that do not belong to the matching provider, or that do not use a secure public address, will be rejected automatically.
05 Subscriptions & Payment
5.1 Plan Types
| Plan | Price | Projects | Billing |
|---|---|---|---|
| Free | $0 / forever | 1 | No payment required |
| Starter | $19 / month | 3 | Monthly |
| Pro | $39 / month | 10 | Monthly |
| Enterprise | $99 / month | Unlimited | Monthly |
5.2 Billing
Paid subscriptions are billed monthly in advance. Payments are processed securely by our third-party payment provider. You authorize Depna to charge your designated payment method on a recurring basis until you cancel.
5.3 Free Trial
Depna may offer a 3-day free trial for the Pro plan only. The Free, Starter, and Enterprise plans do not include a trial. No credit card is required during the trial period. At the end of the trial, the Service will revert to the Free plan unless you provide payment information and upgrade.
5.4 Cancellation & Refunds
You may cancel your paid subscription at any time through your account settings. Cancellation takes effect at the end of the current billing period. We do not provide pro-rated refunds for partial months, except where required by applicable law.
5.5 Price Changes
Depna reserves the right to change subscription prices. We will provide at least 30 days' written notice before any price change takes effect. Your continued use of the Service after the price change constitutes acceptance of the new pricing.
5.6 Plan Downgrade & Resource Soft-Suspend
If you downgrade to a plan whose limits are lower than your current usage (for example, from Pro to Free), Depna will not delete any of your data. Instead, the oldest resources that fit within the new plan's limits remain active, and any resources in excess of those limits will be automatically deactivated (soft-suspended). This applies to projects, notification channels, and notification rules. Suspended resources remain stored in your account and can be manually reactivated after a subsequent upgrade; they are not reactivated automatically.
5.7 Failed Payments & Expiration
If a renewal payment fails, the subscription enters a past due state and your current plan features remain available while you resolve the payment issue. Once payment is successfully captured, the subscription automatically returns to active. If the payment issue is not resolved within 14 days of entering the past due state, the subscription will automatically expire and your plan will be downgraded to the Free tier, at which point the soft-suspend behaviour described in Section 5.6 applies. You are responsible for keeping your payment method up to date and for resolving payment issues within this 14-day window.
06 Free Plan
The Depna Free plan is available at no cost and does not have a time limit. It provides access to core scanning functionality with limitations described in our pricing page.
Depna reserves the right to modify the features included in the Free plan at any time, with at least 30 days' notice for material feature reductions. We will not retroactively charge users who were using features on the Free plan prior to such changes.
The Weekly Summary notification trigger is not available on the Free plan. This feature is available on the Starter plan and above.
07 Intellectual Property
7.1 Depna's Rights
The Service, including all software, algorithms, databases, user interfaces, documentation, trademarks, and content provided by Depna, is the exclusive property of Depna and its licensors. These Terms do not grant you any right, title, or interest in the Service except for the limited license expressly set forth herein.
7.2 License to Use
Subject to your compliance with these Terms and payment of applicable fees, Depna grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Service for your internal business purposes during the subscription term.
7.3 Your Content
You retain all ownership rights to the dependency files you upload. By uploading files to the Service, you grant Depna a limited license to process those files and retain the extracted scan data (package names, versions, vulnerability findings) for the purpose of providing the Service to you. Data handling is described in detail in our Privacy Policy.
7.4 Feedback
If you submit feedback, suggestions, or ideas about the Service ("Feedback"), you grant Depna a royalty-free, worldwide, irrevocable license to use and incorporate such Feedback into the Service without any obligation to compensate you.
08 Data & Privacy
Your privacy is important to us. Our collection, use, and processing of personal data is governed by our Privacy Policy, which is incorporated into these Terms by reference.
By using the Service, you consent to the data practices described in our Privacy Policy. Key commitments include:
- Personal data is processed in compliance with the EU General Data Protection Regulation (GDPR);
- We apply industry-standard protections, including strong encryption in transit and strict access controls;
- Your notification history (what was sent, when, to which channel, and whether it succeeded) is kept for 7 years so it can support your own security and compliance audits. Any webhook links inside the history are hidden, so the history is safe to share with your team;
- We keep an audit log of security-relevant actions (sign-ins, password changes, scan uploads, report downloads, API token creation, notification channel changes, and similar events). Entries are append-only, retained for security and compliance purposes, and made available to users in your organization strictly on a role-based, need-to-know basis. For the Auditor role, IP address and user-agent fields are masked in line with GDPR data-minimisation. See the Documentation and Privacy Policy for the full breakdown;
- We do not sell personal data to third parties.
09 Confidentiality
Each party agrees to maintain the confidentiality of the other party's non-public information disclosed in connection with the Service ("Confidential Information"), and not to disclose such information to third parties without prior written consent, except:
- As required by applicable law, court order, or regulatory authority;
- To employees or contractors who have a need to know and are bound by confidentiality obligations no less restrictive than these Terms;
- With the prior written consent of the disclosing party.
Depna treats all scan results, reports, and data processed on your behalf as your Confidential Information.
10 Disclaimers
Scan results reflect known vulnerabilities in public databases at the time of scanning. No scan is exhaustive. Results should not replace professional security audits.
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. To the fullest extent permitted by law, Depna disclaims all warranties, including but not limited to:
- Implied warranties of merchantability, fitness for a particular purpose, and non-infringement;
- That the Service will be uninterrupted, error-free, or completely secure;
- That scan results will be complete, accurate, or current;
- That the Service will identify all security vulnerabilities present in your dependencies;
- That the Service will meet your specific compliance requirements without independent verification.
Depna's vulnerability data is sourced from publicly available vulnerability databases. We make reasonable efforts to keep this data current but do not guarantee its completeness or accuracy.
11 Limitation of Liability
To the maximum extent permitted by applicable law:
- In no event will Depna be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including loss of profits, revenue, data, goodwill, or other intangible losses;
- Depna's total aggregate liability to you for all claims arising from or related to these Terms or the Service shall not exceed the greater of (i) the total fees paid by you to Depna in the 12 months preceding the claim, or (ii) $100 USD;
- These limitations apply regardless of the legal theory (contract, tort, negligence, strict liability, or otherwise) and even if Depna has been advised of the possibility of such damages.
Some jurisdictions do not allow the exclusion or limitation of certain warranties or liabilities. In such jurisdictions, Depna's liability is limited to the extent permitted by law.
12 Indemnification
You agree to defend, indemnify, and hold harmless Depna and its officers, directors, employees, agents, and licensors from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to:
- Your violation of these Terms;
- Your use of the Service in a manner not authorized by these Terms;
- Your violation of any applicable law or third-party rights;
- Any content or data you submit through the Service.
13 Termination
13.1 Termination by You
You may terminate your account at any time by contacting us at [email protected] or through your account settings. Upon termination, your right to access the Service ceases immediately.
13.2 Termination by Depna
Depna may suspend or terminate your account immediately and without prior notice if:
- You materially breach these Terms and fail to cure the breach within 7 days of written notice;
- You engage in prohibited activities as described in Section 4;
- Required by applicable law or a government authority;
- We determine, in our sole discretion, that continued provision of the Service poses a security risk.
13.3 Effect of Termination
Upon termination for any reason:
- All licenses granted under these Terms terminate immediately;
- Your account and associated data will be deleted within 30 days per our data retention policy;
- Sections that by their nature should survive termination (including Intellectual Property, Disclaimers, Limitation of Liability, Indemnification, and Governing Law) shall survive.
14 Changes to Terms
Depna reserves the right to modify these Terms at any time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page;
- Send an email notification to the address associated with your account;
- Display a prominent notice within the Service at least 14 days before the changes take effect.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Terms. If you do not agree to the revised Terms, you must stop using the Service and delete your account.
15 Governing Law & Disputes
15.1 Governing Law
These Terms and any disputes arising from or related to them or the Service shall be governed by and construed in accordance with applicable law, without regard to its conflict of law principles.
15.2 Dispute Resolution
Before initiating formal proceedings, you agree to first contact Depna at [email protected] and attempt to resolve the dispute informally for a period of 30 days. This obligation does not apply to claims for intellectual property infringement or injunctive relief.
15.3 Severability
If any provision of these Terms is found to be unenforceable or invalid, that provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall continue in full force and effect.
15.4 Entire Agreement
These Terms, together with our Privacy Policy, constitute the entire agreement between you and Depna regarding the Service and supersede all prior agreements, representations, and understandings.
16 Contact
For questions, concerns, or notices regarding these Terms, please contact us:
We will respond to all inquiries within 2 business days. For urgent security matters, please mark your email subject with [URGENT].