1. The service
Quaze ingests software bills of materials (SBOMs) you provide, continuously evaluates them against vulnerability intelligence, and helps your team triage findings, route ownership, and produce compliance evidence. We may add, change, or remove features at any time. Material changes that affect how you use the service will be announced in advance through the in-app notice or by email.
2. Your account
You are responsible for keeping your credentials and API tokens secure, for all activity that happens in your account, and for the actions of users you invite. Notify us promptly at security@quaze.io if you suspect unauthorized access.
You must be at least 18 years old and legally capable of entering into a contract to use Quaze. The service is intended for use by businesses, not consumers.
3. Acceptable use
You agree not to: (a) use Quaze for any unlawful purpose or to violate any third party's rights; (b) attempt to circumvent authentication, authorization, rate limits, or any other security control; (c) reverse-engineer, decompile, or attempt to extract the source code of the service except where applicable law overrides this restriction; (d) use the service to generate or distribute malware, spam, or content that infringes intellectual property rights; (e) interfere with the service for other customers, including by load testing without prior written consent.
4. Your content
You retain ownership of the SBOMs, finding statuses, justifications, comments, and other content you upload to or generate within Quaze ("your content"). You grant Quaze a worldwide, non-exclusive licence to host, copy, transmit, and display your content solely as needed to operate, secure, and improve the service for you. We do not use your content to train shared machine-learning models.
You represent that you have the right to upload your content and that doing so does not violate any agreement, law, or third-party right.
5. Fees, billing, and taxes
Paid plans are billed annually in advance, in United States dollars unless agreed otherwise. Fees are non-refundable except where required by law or specifically stated in an enterprise agreement. Prices may change for renewal terms; we will give you at least 30 days' notice before any price increase that affects you. You are responsible for applicable taxes other than taxes on our net income.
6. Cancellation and renewal
You can cancel any time from your account settings. After cancellation, your plan stays active until the end of your current billing period; paid fees are not refunded. After that, your account moves to the Free plan and your retained data shrinks to the Free retention window. Annual subscriptions renew automatically at the end of each term unless you cancel before renewal. Plan upgrades are prorated and applied immediately.
7. Confidentiality and data
We treat your tenant data (SBOMs, findings, triage history, and account configuration) as confidential. We process it in line with our privacy notice and our security commitments described on the security page. Data is encrypted in transit and at rest, and access by Quaze personnel is least-privilege and audited.
Enterprise customers may request a Data Processing Agreement (DPA) that sets out additional protections required by GDPR and equivalent regimes.
8. Service availability
We aim for high availability and operate Quaze as a managed service on a major cloud provider. Self-serve plans are provided on a commercially reasonable basis without a written SLA. Enterprise customers receive a written SLA as part of their order form.
9. Suspension and termination
We may suspend or terminate accounts that materially breach these terms, that pose a security risk to other customers, or that are required to be terminated by law. Where reasonable, we will give notice and an opportunity to fix the issue first. On termination, you can export your data before your access ends; after that, we will delete it in line with the privacy notice.
10. Disclaimer
Quaze surfaces vulnerability information from public and licensed intelligence sources. It does not replace professional security review or legal advice. The service is provided "as is" and "as available" without warranties of any kind, express or implied, including merchantability, fitness for a particular purpose, and non-infringement, to the maximum extent permitted by law.
11. Limitation of liability
To the maximum extent permitted by law, neither party will be liable for indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, revenue, data, or business opportunities. Our total aggregate liability for any claim relating to the service is limited to the amount you paid us under the affected order in the 12 months before the claim arose.
12. Indemnity
You agree to defend and indemnify Quaze against third-party claims arising from your use of the service in violation of these terms, your content, or your acts or omissions, except to the extent caused by Quaze's negligence or wilful misconduct.
13. Governing law and disputes
These terms are governed by the laws of the jurisdiction stated in the order form (or, for self-serve customers, the jurisdiction of Quaze's principal place of business), without regard to conflict-of-law rules. Disputes will first be raised in good faith with the other party at the contact address below; unresolved disputes will be subject to the exclusive jurisdiction of the courts of that jurisdiction.
14. Changes to these terms
We may update these terms from time to time. The "Last updated" date at the top of this page reflects the latest version. Material changes will be announced at least 30 days in advance through the in-app notice or by email. Continuing to use the service after changes take effect means you accept the updated terms.
15. Contact
Questions about these terms? Email legal@quaze.io. Security issues should go to security@quaze.io. For billing questions, write to billing@quaze.io.