Terms of Service

Last updated: April 14, 2026

1. Acceptance of Terms

By accessing or using RustLabs Security services ("Services"), including our website at security.rustlabs.ai and any security scanning, auditing, or monitoring tools we deploy, you ("Customer," "you," or "your") agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use our Services.

These Terms constitute a legally binding agreement between you and RustLabs Security ("RustLabs," "we," "us," or "our"). We may update these Terms from time to time in accordance with Section 16.

2. Description of Services

RustLabs Security provides automated and human-assisted security scanning, auditing, and monitoring services for web applications, including but not limited to:

  • Security vulnerability scanning of web applications, APIs, and databases
  • Row Level Security (RLS) configuration review for Supabase and similar backends
  • Secret and API key exposure detection in client-side code bundles
  • Authentication and authorization flow analysis
  • Rate limiting and CORS misconfiguration detection
  • Dependency vulnerability scanning
  • Security hardening implementation and remediation
  • Ongoing continuous security monitoring via deployed agent infrastructure
  • Security reporting and recommendations

Our Services are offered in two primary forms: (a) a one-time security audit and hardening engagement ("Audit"), and (b) an ongoing monthly monitoring subscription ("Monitoring").

3. Authorization and Access

By engaging our Services, you authorize RustLabs to access your web application, API endpoints, source code repositories, database configurations, and related infrastructure solely for the purpose of performing security scanning, auditing, and monitoring.

You represent that you have the legal authority to grant us this access. You are responsible for ensuring that our access does not violate any agreements you have with third parties, including cloud providers, hosting services, or your users.

We will access only the systems and data you explicitly authorize. We will not access systems or data outside the scope of the engagement without your prior written consent.

4. Service Limitations and Disclaimers

IMPORTANT: Our Services identify potential security vulnerabilities and provide recommendations. Our Services do NOT guarantee the complete security of your application.

  • No security scan or audit can identify all possible vulnerabilities. Our tools and processes may not detect every security issue present in your application.
  • New vulnerabilities may emerge after our scans are completed. The security landscape changes constantly, and results are accurate only as of the time they were generated.
  • We do not perform certified penetration testing. Our Services are not a substitute for a formal penetration test conducted by a CREST, OSCP, or equivalent certified professional.
  • Our findings and recommendations are advisory. You are solely responsible for deciding whether and how to implement them.
  • We do not guarantee that implementing our recommendations will prevent security incidents, data breaches, or unauthorized access.

5. Services Provided "AS-IS"

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. TO THE FULLEST EXTENT PERMITTED BY LAW, RUSTLABS DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

  • Implied warranties of merchantability and fitness for a particular purpose
  • Warranties of non-infringement
  • Warranties that the Services will be error-free, uninterrupted, or completely secure
  • Warranties that all security vulnerabilities will be identified
  • Warranties that our recommendations, if implemented, will prevent security incidents

6. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

IN NO EVENT SHALL RUSTLABS, ITS FOUNDERS, EMPLOYEES, CONTRACTORS, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

  • Loss of data, revenue, profits, or business opportunities
  • Damage to reputation or customer relationships
  • Security breaches, unauthorized access, or data exfiltration
  • Costs of remediation, notification, or credit monitoring resulting from a breach
  • Regulatory fines, penalties, or legal fees
  • Any damages arising from your reliance on our scan results or recommendations

OUR TOTAL AGGREGATE LIABILITY FOR ANY AND ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICES SHALL NOT EXCEED THE TOTAL AMOUNT YOU PAID TO RUSTLABS IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

This limitation applies regardless of the legal theory on which the claim is based, whether contract, tort (including negligence), strict liability, or otherwise, even if RustLabs has been advised of the possibility of such damages.

7. Indemnification

You agree to indemnify, defend, and hold harmless RustLabs, its founders, employees, contractors, and agents from and against any and all claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising from:

  • Your use of or inability to use the Services
  • Your failure to implement security recommendations provided by RustLabs
  • Any security breach or data loss affecting your application or users
  • Your violation of these Terms or any applicable law or regulation
  • Any claim by a third party that our authorized access to your systems caused harm
  • Any false or misleading information you provided to us regarding your authority to grant access

8. Confidentiality

Both parties agree to maintain the confidentiality of any proprietary or sensitive information disclosed during the engagement. This includes, but is not limited to:

  • Source code, API keys, database credentials, and infrastructure configurations shared with us
  • Security scan results, vulnerability reports, and findings
  • Business information, user data, and trade secrets

RustLabs will not disclose your confidential information to third parties except as required by law or with your prior written consent. We will use industry-standard practices to protect your confidential information.

Scan results and vulnerability reports are your property. We will not share them, publish them, or use them for marketing purposes without your explicit written permission.

9. Payment Terms

Audit (One-Time): The one-time security audit fee is due as follows: 50% upon signing the Statement of Work, 50% upon delivery of the final report and completed hardening. Payment is due within 15 days of invoice.

Monitoring (Monthly): Monthly subscription fees are billed in advance on the same date each month. Payment is due within 15 days of invoice.

Late payments may incur a fee of 1.5% per month on the outstanding balance. We reserve the right to suspend Services for accounts that are more than 30 days overdue.

10. Cancellation and Termination

Monthly Subscriptions:You may cancel your monthly monitoring subscription at any time with 30 days' written notice. You will be responsible for the final month's payment. No partial refunds are provided for mid-month cancellations.

One-Time Audits: Either party may terminate the audit engagement with written notice. If terminated by you after work has commenced, you are responsible for payment proportional to the work completed, with a minimum of 50% of the total audit fee.

Upon termination, RustLabs will cease all scanning activity and remove any deployed agents from your infrastructure within 5 business days. You will retain all reports and findings delivered prior to termination.

11. Intellectual Property

All scan results, vulnerability reports, and recommendations delivered to you are your property. You may use, share, and distribute them as you see fit.

The RustLabs scanning tools, agent software, methodologies, and underlying technology remain the exclusive property of RustLabs. You receive no license to our proprietary technology beyond what is necessary to receive the Services.

Any code fixes, configurations, or hardening changes we implement in your codebase become your property upon delivery.

12. Customer Responsibilities

You are responsible for:

  • Providing accurate and complete information about your application and infrastructure
  • Granting and maintaining the access credentials needed for us to perform the Services
  • Implementing security recommendations at your own discretion and risk
  • Maintaining backups of your data before, during, and after our engagement
  • Notifying us of any changes to your infrastructure that may affect our scanning
  • Ensuring that our scanning activity does not violate any applicable laws or third-party agreements
  • Complying with all applicable data protection and privacy laws (GDPR, CCPA, etc.)

13. Data Handling

During the course of providing Services, we may access your data, databases, and user information. We will:

  • Access only the minimum data necessary to perform the engagement
  • Not copy, download, or retain your production user data after the engagement concludes
  • Store scan metadata and vulnerability findings securely and delete them upon your written request
  • Not use your data for any purpose beyond providing the Services

Any personal data we collect through our website (contact form submissions) is handled in accordance with our Privacy Policy.

14. No Employment or Partnership

Nothing in these Terms creates an employment relationship, partnership, joint venture, or agency relationship between you and RustLabs. RustLabs is an independent contractor providing security services.

15. Governing Law and Dispute Resolution

These Terms are governed by and construed in accordance with the laws of the United States and the State of Delaware, without regard to conflict of law principles.

Any disputes arising from these Terms or the Services shall first be attempted to be resolved through good-faith negotiation. If negotiation fails, disputes shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association, conducted in Delaware. Each party shall bear its own costs.

You agree to waive any right to a jury trial or to participate in a class action lawsuit or class-wide arbitration against RustLabs.

16. Modifications to Terms

We reserve the right to modify these Terms at any time. Material changes will be communicated via email to the address on file or posted on our website with an updated "Last updated" date.

Your continued use of the Services after changes are posted constitutes acceptance of the revised Terms. If you do not agree to the changes, you must discontinue use of the Services and cancel your subscription in accordance with Section 10.

17. Severability

If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be limited or eliminated to the minimum extent necessary so that the remaining provisions remain in full force and effect.

18. Entire Agreement

These Terms, together with any Statement of Work or service agreement executed between the parties, constitute the entire agreement between you and RustLabs regarding the Services and supersede any prior agreements or understandings.

19. Contact Information

For questions about these Terms, please contact:

RustLabs Security
Email: security@rustlabs.ai
Website: security.rustlabs.ai