Terms of Service

These Terms govern your use of GoForLaunch — the website goforlaunch.dev, the scanner, the public API, the goforlaunch CLI, the GitHub Action and every report or output they produce (together, the “Service”). The Service is operated by the team behind goforlaunch.dev (“GoForLaunch”, “we”). By creating an account, running a scan, paying for a scan, or otherwise using the Service, you agree to these Terms. If you use the Service on behalf of an organisation, you confirm you are authorised to bind it.

This section defines what we owe you. Read it carefully — it limits the scope of the Service, not just our liability.

• GoForLaunch is an automated, best-effort scanner. It detects common, known patterns of launch-readiness and security risk using static rules, heuristics and (in hosted mode) machine-assisted review.
• It does not detect every vulnerability. It can produce false positives and, importantly, false negatives — it may miss real issues, including issues in categories it does not cover.
• It is not a guarantee that your application is secure, compliant, bug-free or “safe to launch”, and a high Health Score or a clean scan does not certify security.
• It is not a substitute for a manual security audit, a penetration test by a qualified professional, or legal, tax or compliance advice.
• We may change, add or remove rules, scoring and features at any time. Findings, scores and fix suggestions are guidance, not instructions you must or must not follow.

• You remain solely responsible for the security, legality, operation and data of your own applications — before, during and after any scan.
• You decide whether and how to act on findings. Acting on, or ignoring, any finding is your decision and your risk.
• You confirm you are authorised to scan the code, repositories and artefacts you submit. Do not submit third-party code, or code you do not own or control, without permission.
• You are responsible for keeping your account credentials and API tokens secure.
• You confirm you are at least 16 years old (the digital-consent age under Article 8 GDPR) and have the legal capacity to enter these Terms. The Service is not directed to children, and accounts for anyone under 16 are not permitted.

You agree not to:

• use the Service to scan systems or code you are not authorised to test;
• use the Service to attack, probe or compromise any third party;
• resell, sublicense or repackage the hosted Service, or attempt to reconstruct the hosted engine beyond the offline CLI we distribute;
• interfere with the Service’s integrity, bypass rate limits or quotas, or use it unlawfully.

We may suspend or terminate access that breaches this section or these Terms.

• Payments are processed by Stripe. We never receive or store your card details.
• Subscriptions renew automatically for the chosen period until cancelled; you can cancel at any time via the customer portal, effective at the end of the current period. One-time scans are charged once.
• Prices are shown exclusive of any applicable taxes unless stated otherwise; taxes are added where required by law.
• Except where mandatory law (including consumer rights) provides otherwise, fees already due are non-refundable.

We work to keep the Service available and accurate but provide it “as is” and “as available”. To the extent permitted by mandatory law, we do not warrant that the Service will be uninterrupted, error-free, or that its findings are complete or accurate. Statutory warranty rights of consumers remain unaffected.

We are fully liable for damages arising from intent (Vorsatz) and gross negligence (grobe Fahrlässigkeit); for injury to life, body or health; for claims under the German Product Liability Act (Produkthaftungsgesetz); and to the extent we have expressly assumed a guarantee.

For slight negligence (einfache Fahrlässigkeit), we are liable only for the breach of a material contractual obligation — an obligation whose fulfilment makes the proper performance of the contract possible in the first place and on whose observance you regularly rely (a “cardinal obligation”). In that case our liability is limited to the foreseeable damage typical for this type of contract.

Any further liability is excluded. In particular — and without limiting the paragraphs above — GoForLaunch is not liable for security incidents, breaches, intrusions, data loss, downtime, lost profits or other indirect or consequential damages affecting your applications or systems, including issues the Service did not detect or misclassified. The Service does not assume responsibility for the security of your applications; that responsibility remains with you (Section 3).

Where we are liable for slight negligence under the second paragraph, our aggregate liability is capped at the fees you paid to GoForLaunch in the 12 months before the event giving rise to the claim (or, for a one-time scan, the amount paid for that scan).

These limitations also apply in favour of our legal representatives, employees and vicarious agents (Erfüllungsgehilfen). Mandatory statutory liability remains unaffected.

To the extent permitted by law, you will indemnify GoForLaunch against third-party claims arising from your use of the Service in breach of these Terms, from your applications, or from scanning code you were not authorised to scan.

The Service relies on third parties such as GitHub, Stripe, hosting and model providers. We are not responsible for their availability or acts, and your use of them is subject to their own terms.

We may update these Terms and the Service. We post the effective date above and, for material changes, notify account holders by email or in-app. Continued use after the change takes effect constitutes acceptance; if you do not agree, stop using the Service.

These Terms are governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods. Mandatory consumer-protection rules of your country of residence remain unaffected. For merchants, legal entities under public law and special funds under public law, the exclusive place of jurisdiction is the operator’s registered seat.

If any provision of these Terms is or becomes invalid, the remaining provisions stay in effect.