Terms of service.

AuditCode AI is operated by Ibrahim Hashimov, sole operator, based in Belgium. In these Terms, "AuditCode AI," "we," "us," and "the Service" refer to the operator of auditcode.ai and the AuditCode Research site at /research and /research/methodology.

By accessing or using the Service, including the AuditCode Research arm, you agree to be bound by these Terms.

If you do not agree, do not use the Service. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

The Service is provided for security research and code audit purposes. You may:

• Read published security advisories and research reports.
• Report vulnerabilities you have found in AuditCode AI itself to security@auditcode.ai.
• Cite published research with attribution under applicable copyright exceptions, including fair use, fair dealing, and the quotation right.

Security-research safe harbor. AuditCode AI welcomes good-faith security research on the Service itself. Researchers who (a) make a good-faith effort to avoid privacy violations, service degradation, and data destruction, (b) report findings to security@auditcode.ai before any public disclosure, and (c) provide a reasonable remediation window will not be pursued by AuditCode AI under any anti-hacking or computer-misuse law for that research. This safe harbor does not extend to social-engineering attacks against the operator or to denial-of-service testing.

You may not:

• Misrepresent your identity or affiliation when submitting vulnerability reports.
• Attempt to gain unauthorized access to non-public research, draft advisories, or coordinated-disclosure embargo material.
• Use the Service to disrupt the disclosure process for third-party projects.
• Scrape published research at rates that would constitute a denial-of-service against the Service, or otherwise interfere with normal access for other users.
• Use the Service for any unlawful purpose or in violation of applicable export-control regulations.

AuditCode Research follows coordinated vulnerability disclosure. Every advisory is first reported privately to the affected project maintainer through their published security channel (security policy, security@ alias, or designated security contact), and is published publicly only after coordination consistent with the disclosure window and principles documented at /research#disclosure. Reproducible proof-of-concept material referenced in advisories is shared privately with maintainers and is not part of public disclosure.

The full disclosure policy — including the 90-day window, narrowly defined early-disclosure triggers, manual reproduction, and minimum-necessary-detail principles — is documented at /research#disclosure. This process is consistent with ISO/IEC 29147 (vulnerability disclosure) and ISO/IEC 30111 (vulnerability handling).

Nature of published research. Each advisory represents the good-faith opinion of the named researcher at the time of publication, based on the facts disclosed in the advisory itself, formed on the basis of (i) static and dynamic analysis of the affected codebase and (ii) manual reproduction of the candidate finding in an isolated environment. The default workflow includes private notification of the project maintainer and an opportunity to confirm, contest, or supply additional context before public disclosure; where a maintainer has elected not to respond within the disclosure window described at /research#disclosure, the advisory is published with that fact noted in the advisory text. Advisories are scoped to the specific versions and conditions described therein and make no representation about other versions, configurations, or related software. AuditCode AI will correct material errors in published advisories upon receipt of a substantive technical rebuttal.

Response to legal correspondence. Legal correspondence from an affected vendor (cease-and-desist letters, demands for non-disclosure, takedown requests) does not extend the disclosure window absent a substantive technical rebuttal of the finding. AuditCode Research may refer unresolved disputes to a neutral coordinator such as CERT/CC, JPCERT, or another recognized vulnerability coordinator before publishing, at AuditCode's discretion and where such a coordinator is willing to accept the case within a reasonable time. Where no neutral coordinator accepts the referral, or where the dispute is manifestly raised in bad faith to extend the disclosure window, AuditCode reserves the right to proceed with publication consistent with its disclosure policy. All correction or dispute requests must be submitted to legal@auditcode.ai with specific factual citations.

The AuditCode Research engine, methodology, and unpublished research are the property of AuditCode AI. Published security advisories may be cited and quoted under applicable copyright exceptions, with attribution.

Republishing complete research reports without permission is not permitted. Linking to published advisories on GHSA or NVD is always permitted and encouraged.

THE SERVICE AND ALL RESEARCH, ADVISORIES, AND CONTENT PUBLISHED THROUGH IT ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. AUDITCODE AI DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, OR THAT ANY ADVISORY IS COMPLETE OR FREE OF ERRORS.

Security research is inherently imperfect; AuditCode AI does not guarantee discovery of all vulnerabilities in any analyzed software. Findings published by AuditCode Research are best-effort assessments validated through manual reproduction at the time of disclosure. Subsequent code changes by maintainers may render specific findings out-of-date; the patched_versions field of each advisory is the source of truth for remediation status.

Published advisories are informational. Remediation decisions — including whether to apply, modify, or defer any patch or mitigation — are the sole responsibility of the operator of the affected software. AuditCode AI is not liable for outcomes arising from implementation of, or reliance upon, advisory recommendations.

To the maximum extent permitted by law, AuditCode AI, its operator, contractors, and agents shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, data, goodwill, or business opportunity, arising out of or relating to the Service or any research or advisory published through it, whether in contract, tort (including negligence), strict liability, or any other legal theory, and whether or not AuditCode AI has been advised of the possibility of such damages.

In any event, the aggregate liability of AuditCode AI arising out of or relating to these Terms or the Service shall not exceed one hundred euros (EUR 100) or the amount you paid AuditCode AI in the twelve months preceding the claim, whichever is greater.

Nothing in this section excludes or limits liability for (a) death or personal injury caused by negligence, (b) fraud or fraudulent misrepresentation, (c) gross negligence or wilful misconduct, or (d) any other liability that cannot lawfully be excluded under mandatory applicable law, including mandatory consumer-protection law of your country of residence. Where any limitation in this section is held unenforceable, that limitation will apply to the maximum extent permitted by applicable law.

You agree to defend, indemnify, and hold harmless AuditCode AI and its operator, contractors, and agents from and against any claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to (a) your willful misconduct or gross negligence, (b) your material breach of these Terms, or (c) your infringement of intellectual property rights of a third party.

Nothing in this section applies where prohibited by mandatory consumer-protection law of your country of residence, including the EU Unfair Contract Terms Directive 93/13/EEC.

AuditCode AI may suspend or terminate your access to the Service without notice in case of material breach of these Terms or conduct that AuditCode AI reasonably believes is harmful to the Service, its users, or third parties. For non-material breach, reasonable notice will be given where required by mandatory applicable law.

Sections 4 (Coordinated disclosure), 5 (Intellectual property), 6 (Disclaimer), 7 (Limitation of liability), 8 (Indemnification), 10 (Copyright complaints), 11 (Governing law and venue), and 13 (Miscellaneous) survive any termination or expiration of these Terms.

AuditCode AI respects copyright. Notices of claimed infringement, including those filed under the U.S. Digital Millennium Copyright Act (17 U.S.C. § 512) or analogous provisions of EU copyright law, should be sent to legal@auditcode.ai with the elements required by the applicable statute (identification of the work, location of the alleged infringement, statement of good-faith belief, statement of accuracy under penalty of perjury, and signature).

Third-party code excerpts included in published advisories are used under applicable copyright exceptions (fair use, fair dealing, the quotation right) for the transformative, non-commercial security-research purpose of demonstrating a vulnerability. Excerpts are limited to the minimum necessary to make the finding intelligible to the affected maintainer. Counter-notices will be filed where AuditCode AI in good faith believes material was removed by mistake or misidentification.

These Terms are governed by the laws of the Kingdom of Belgium, without regard to conflict-of-laws principles. Any dispute arising from these Terms or your use of the Service shall be brought exclusively in the courts of Brussels, Belgium, and you irrevocably consent to personal jurisdiction there.

Nothing in this clause limits the right of EU consumers to bring proceedings in the courts of their Member State of residence under Article 18(1) of Regulation (EU) No 1215/2012 (Brussels I bis), nor the right of consumers to invoke mandatory protections under the law of their habitual residence under Regulation (EC) No 593/2008 (Rome I), nor data-protection rights under the GDPR or applicable national implementing law.

AuditCode AI may update these Terms from time to time. Material changes will be posted on this page and on the AuditCode Research page at least 14 days before they take effect, and the "Effective" date at the top of these Terms will be updated. Because the Service does not require an account, posting an updated version on this page constitutes notice to you. Your continued use of the Service after the effective date of an updated version constitutes acceptance of the updated Terms. If you do not agree to the updated Terms, your sole remedy is to stop using the Service.

Severability. If any provision of these Terms is held unenforceable, that provision shall be enforced to the maximum extent permissible, and the remaining provisions shall remain in full force and effect.

Entire agreement. These Terms, together with any policies referenced herein, constitute the entire agreement between you and AuditCode AI with respect to the Service and supersede all prior or contemporaneous communications, whether oral or written.

Assignment. You may not assign or transfer these Terms or any rights hereunder without AuditCode AI's prior written consent. AuditCode AI may assign these Terms, in whole or in part, to any successor in interest, including in connection with a merger, acquisition, reorganization, or sale of substantially all of its assets.

Force majeure. AuditCode AI shall not be liable for any failure or delay in performance caused by events beyond its reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, government action, labor disputes, internet or infrastructure failures, or any other force majeure event.

No waiver. Failure by AuditCode AI to enforce any provision of these Terms shall not constitute a waiver of that or any other provision.

For legal questions: legal@auditcode.ai

For all other inquiries: /research#contact