Legal Terms and Privacy
Snyk Pro Terms of Service
These Terms of Service (together with the documents referred to in it) tell you the terms on which you may make use of the services which are made available to you via our software platform at https://snyk.io and our CLI tool (together, the “Platform”) (the “Services”), as well as all information and data made available to you in connection with the Services (“Service Data”).
Please read these Terms of Service carefully before you start to use the Services.
Other applicable terms
These Terms of Service refer to the following additional terms, which also apply to your use of the Services:
- Our Acceptable Use Policy, which sets out the permitted uses and prohibited uses of our Services, including any material and data transmitted using the Services.
- Our Data Processing Addendum, which describes how we will process any personal data.
Snyk** (“Snyk”, “us”, “our” or “we”) is the provider of the Services and operator of the Platform.
2. Your Order
The Order Form sets out the number of Developer subscriptions that you have agreed to purchase. A “Developer” is an employee agent or independent contractor who has contributed to your source code in the last 90 days, including modification, programming and testing. You shall ensure that the maximum number of Developers who has contributed to your source code in the last 90 days shall at no time exceed the number of subscriptions that you have purchased. You may purchase additional Developer subscriptions in increments of 50 by notifying us or through the self-service function on your account and paying additional fees. We may track the number of Developers contributing to your source code to verify that you are paying for the correct number of subscriptions.
3. User account
Any person authorised by you to use the Service (whether an employee or not) who requires access to our Services will be an “Authorised User” and will be issued with login credentials to access the Services. You are responsible for any use of our Services with your account details, which includes all user passwords issued to your organisation for each Authorised User, and for protecting your account details from unauthorised use. You are also responsible for the security of any computer from which you sign in to your account. You will be responsible for setting the access rights for each of your Authorised Users. You shall ensure that each Authorised User shall keep his or her account credentials confidential. You will maintain a written, up to date list of current Developers and Authorised Users at all times, and upon our request, you shall either produce such list or the results of source control logs to us within 5 business days.
4. Rights we grant you
We grant you a non-exclusive, non-transferable, revocable right to install and make use of the Services and to make use of the documentation available at https://snyk.io/docs (“Documentation”) and Service Data, solely for your internal business operations and in accordance with these Terms of Service.
This licence shall remain in effect for the Initial Term stated on the Order Form and thereafter will renew automatically for further periods of 12 months (“Renewal Terms”) until terminated with not less than one month’s notice to end at the end of the Initial Term or a Renewal Term (see clause 14 for information about termination).
You promise and agree that you will only make use of the Services, Documentation and Service Data within the scope of this licence and limits, terms and conditions set out in these Terms of Service, and that you will not redistribute or transfer the Services, Documentation or Service Data, or any part of them.
You acknowledge that all intellectual property rights in the Services, the Documentation, the Service Data and the Platform anywhere in the world belong to us or our licensors (even after installation onto a computer owned by you or integration into your system), and that you have no rights in or to the Services, Documentation, Service Data or the Platform other than the right to use each of them in accordance with the terms of these Terms of Service.
In the event that you breach the terms of the licence granted to you herein and such breach results in the creation of derivative works of the Services, the Documentation, and/or the Service Data (“Improvements”), you hereby assign with full title guarantee all such Improvements to us. Such assignment does not preclude us from taking any legal or other action against you for contravention of these terms and conditions, including for infringement of our intellectual property rights.
You may from time-to-time provide suggestions, comments, ideas or other feedback (“Feedback”) to us with respect to the Services, Service Data, Platform or Documentation. To the extent that you provide such Feedback, you grant us an unlimited licence right and license to use, disclose, reproduce, license or otherwise distribute and exploit the Feedback as we see fit, entirely without obligation or payment to you or restriction of any kind.
From time to time, we may introduce new services, features or functionality to the Services. These Terms of Service will apply to such new services, features or functionality, unless they come with separate or additional terms, in which case you will be required to agree to such separate or additional terms before being permitted to use the new services, features or functionality.
We undertake that the Services will be performed substantially in accordance with the Documentation and with reasonable skill and care. This undertaking shall not apply to the extent of any non-conformance which is caused by your use of the Services contrary to our instructions or these Terms of Service, or any alternation or modification made to the Services or the software used in the provision of the Services by a third party who is not authorised by us. You understand and agree that we have no obligation to modify software to support your use of the Services.
You acknowledge that the accuracy and completeness of the Services is dependent on a number of factors outside the control of Snyk, including design, implementation, and use of your project, erroneous dependency or vulnerability data, and changes to the environment in which your project is used.
We do not warrant that:
- the Services will be able to find and monitor all vulnerabilities in all dependencies (including open source dependencies) included or used by your code or application. Whilst we endeavour to keep up to date and build on our open source vulnerability database, you acknowledge that it does not provide any legal or other professional advice in relation to the Services and that we do not guarantee it is a complete source of all vulnerabilities and license issues for all dependencies or that it is relevant or suited to all the dependencies included or used by your code or applications;
- we will be able to fix all vulnerabilities discovered using the Services; or
- a patch or recommended version upgrade will not break the functionality of your code or will not result in the introduction of new vulnerabilities. We take care when authoring patches and test all patches before making them available to you as part of the Services; however, you acknowledge that it is your responsibility to assess the impact of patch before using it.
You further acknowledge that the suggestions made by us in relation to fixes (whether for updates, patches or monitoring services) are provided for general information only, and have not been made with your particular requirements in mind. It is therefore not intended to amount to advice on which you should solely rely.
We will not be liable to you for our failure to find, fix and monitor dependencies, or for any damage or loss suffered as a result of a fix deployed.
6. Accessing the Services
Whilst we will make reasonable efforts to ensure the Services are operational 24 hours a day, 7 days a week, we do not guarantee that the Services will always be available or be uninterrupted. In particular, but without limitation:
- Maintenance Services: The Services will not be available to you when we carry out maintenance services. We will endeavour to carry out these services outside of normal business hours (being 9:00am to 5:00pm UK time) and to give you at least three hours’ notice in writing (via email where possible); however you acknowledge that this may not be possible in cases of urgency.
- Communication networks: The Services may be subject to limitations, delays and other problems inherent in the use of communication networks and facilities. We will not be liable to you if the Services are unavailable at any time, or for any period due to an event or cause outside of our control.
We reserve the right to suspend your access to or use of the Services without notice in the event you breach these Terms of Service or if we reasonably suspect that you have breached these Terms of Service.
7. Using the Services
- Provide us with all necessary cooperation in relation to this Agreement and all necessary access to information that we require to deliver the Services;
- Comply with all applicable laws and regulations with respect to your activities under this Agreement;
- Ensure that the Authorised Users’ use the Services, Platform, Service Data and the Documentation in accordance with the terms and conditions of these Terms of Service, and you shall be responsible for any Authorised User’s breach of this Agreement;
- Obtain and maintain all necessary licences, consents and permissions necessary for you, your contractors and agents to perform their obligations and exercise their rights under this Agreement, including, without limitation, to use the Services;
- Ensure that your network and systems comply with the relevant specifications provided by us from time to time;
- Be solely responsible for procuring and maintaining your network connections and telecommunications links from your systems to our data centres, and for all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to your network connections or telecommunications links or caused by the internet.
You must not use the Services for any commercial use (other than for internal use within your business), and you must not redistribute or transfer the Services, Documentation or Service Data to any third party or make any part of the Services, Documentation or Service Data available to be accessed, in whole or in part, by any third party.
The licence granted to you to install and make use of the Services, the Documentation, and Service Data, does not permit you to do, and you shall not do nor permit any third party to do, any of the following:
- Embed our Services, Platform Documentation, or Service Data into any product of yours or any third party;
- Make available through automated or manual means any part of the Services, the Platform, the Documentation, or the Service Data, by way of crawling, scraping, spidering or otherwise;
- Copy or access all or any part of the Services, the Platform, the Documentation, or the Service Data other than via the interface(s) provided to you by us;
- Use web-crawlers, bots, or scripts to copy or access any part of the Services, the Platform, the Documentation or the Service Data;
- Circumvent or attempt to override any security features we have installed around the Services, the Documentation, or the Service Data; or
- Copy in part or in whole, our database of vulnerabilities.
You further agree to comply with the Acceptable Use Policy with regards to your use of the Services, the Platform, Service Data and Documentation, including any material and data you transmit using the Services. This Acceptable Use Policy is hereby incorporated into these Terms of Service.
A breach of the Acceptable Use Policy will constitute a breach of these Terms of Service, and may result in termination or suspension of your account in accordance with these Terms of Service.
You shall comply with all applicable laws, rules and regulations that apply to your use of the Services, and comply with all applicable laws, rules and regulations governing export that apply to the Services.
You agree to pay us fees for the Services and number of user licences used specified on the Order Form or that you otherwise add to your account (“Subscription Fees”) (which do not include VAT). You will provide us with valid, up-to-date and complete payment card details or (if we approve payment by invoice) contact and billing details. If you have provided us with payment card details, you authorise us to bill your payment card for the Subscription Fees annually in advance and for additional purchases of subscriptions during the term of this Agreement. If we have agreed to invoice you, we will invoice you annually and you will pay each invoice within 30 days after the date of such invoice.
If we have not received your payment by the due date, we may disable your account and charge you interest at the rate of 4% over the prevailing base rate of the Bank of England, starting from the due date and continuing until fully paid.
We may increase the Subscription Fees at the start of each Renewal Term on 45 days’ notice to you. If you do not agree to the fee increase, you may terminate your agreement by giving one month’s notice to us before the end of the Initial Term or the Renewal Term.
You shall pay the Subscription Fees without any set-off, counterclaim, deduction or withholding of any kind, save as may be required by law. If any withholding or deduction is required by law, you shall, when making the payment to which the withholding or deduction relates, pay to us such additional amount as will ensure that we receive the same total amount that it would have received if no such withholding or deduction had been required.
9. Project Data and Rights you give us
We claim no intellectual property rights in and to your applications, project or any material you provide or otherwise transmit to us via the Service.
However, to enable your use of the Services, we do need to inspect portions of your project and send parts of it to our servers. This information includes, but is not limited to, information relating to the project (such as the project name and metadata), informaton on how many users are using the Services and contributing to your source code, information relating to the dependencies, including open source and closed source locally available to our tool, being used and how they are referenced by the project, Snyk-related files and environmental information (“Project Information”). We may also collect Project Information for each of the project’s dependencies (“Dependency Information”). For these purposes, we require, and you hereby grant us, a worldwide, non-exclusive, royalty free licence to store, use, reproduce, display and transmit the Project Information, the Dependency Information and any other materials transmitted via the Service to the extent necessary to enable your use of the Services, including monitoring services. This licence shall remain in effect for the duration of the Initial Term and any Renewal Term.
In addition to the rights granted to us above, we also require, and you hereby grant to us, a licence to store, use, reproduce, display and transmit the Project Information, the Dependency Information and any other materials transmitted via the Service for analytical purposes (for example, so that we can see what stage the project was in when it was deleted) and to improve our Services. This licence shall remain in effect unless and until you email us at firstname.lastname@example.org and expressly ask us to delete such data from our database. For the avoidance of doubt, this licence will not end upon termination of these Terms of Service or where you delete the relevant project on the project page of the Platform.
10. Usage Data Analysis
Our CLI tool reports to us an event for each command you issue, including, but not limited to, the version of the CLI tool, the versions of surrounding tools such as node and npm, the Snyk User and organization ID, the arguments and inputs provided to the CLI, and details about duration, success and failure of CLI actions. This information is used by us for analytical purposes and to improve our Services. It allows us to better understand how the CLI too is used, and informs our product development decisions.
If you would like to opt out of this, you can do so by setting the
disable-analytics configuration item, as explained in our FAQ page.
Snyk will implement reasonable technical and physical safeguards to protect your confidential information and data, including Project Information and personal data as defined in clause 15. You understand that the operation of the Services, including Project Information may be unencrypted and involve (a) transmissions over various networks; (b) changes to conform and adapt to technical requirements of connecting networks or devices and (c) transmission to our third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to operate and maintain the Services. Accordingly, you acknowledge that you bear sole responsibility for adequate security, protection and backup of your Project Information. Snyk does not guarantee that the Service is or will remain secure or that access to the Service will be uninterrupted
12. Limitation of Liability
You agree to the following limitations on our liability to each other:
- Exclusion of certain losses: We shall not be liable to each other for any loss of profits, business, anticipated savings, goodwill or business opportunity, business interruption, loss or corruption of data or information, or for any special, indirect or consequential loss or damage, howsoever arising under these Terms of Service; and
- Cap on liability: Our maximum aggregate liability to each other in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of these Terms of Service shall be limited to the higher of either: i) the total amount paid to us in the 12 month period preceding the date on which the claim arose; or ii) £100.
Further, due to the nature of the Services, we do not take responsibility for any damage caused by errors or omissions in any content or omissions in any information, instructions or scripts provided by you to us in connection with the Services, or any action taken by us (or not taken by us) at your direction.
Nothing in these Terms of Service shall exclude either party’s liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation or any other liability that cannot be excluded or limited by law.
All warranties, conditions, representations or other terms implied by statute or common law in relation to the Services, Documentation, the Service Data and the Platform provided by us are excluded to the fullest extent permitted by law.
Subject to the cap on liability in clause 12 above, you will defend, indemnify and hold harmless Snyk against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with your use of the Services, Documentation, Service Data or Platform in breach of these Terms of Service or other agreements referred to in these Terms of Service (including, but not limited to, the acceptable use policy).
Subject to the cap on liability in clause 12 above, Snyk will defend, indemnify and hold you harmless against claims, actions, proceedings, losses, damages and costs arising out of any claim made against you by a third party alleging infringement of their intellectual property rights through or in connection with your use of the Services, Documentation, Service Data or Platform as long as:
- You give us prompt notice of any claim;
- You provide us reasonable co-operation in the defence and settlement of such claim, at our expense; and
- You give us sole authority to defend or settle the claim.
In the defence or settlement of any such claim, we may procure the right for you to continue using the Services, Documentation, Service Data or Platform, replace or modify them so that they become non-infringing or terminate this agreement on two days’ notice to you without any additional liability or obligation to pay you damages or other additional costs.
This clause 13 sets out your sole and exclusive rights and remedies, and our entire obligations and liability, for infringement of any third party intellectual property rights.
You may terminate these Terms of Service by giving one month’s notice before the end of the Initial Term or any Renewal Term via email to email@example.com (as applicable) and ceasing all use of the Services, Documentation and Service Data.
We may terminate these Terms of Service with you immediately, without notice, in the event you commit a material or persistent breach of these Terms of Service (including the Acceptable Use Policy), the Services are discontinued, we lose the right to provide you with the Services, or where the provision of the Services becomes unlawful.
- all rights granted to you under these Terms of Service, including the licence in clause 4, shall cease;
- you must cease all activities authorised by these Terms of Service, including use of the Services, Documentation and Service Data;
- all fees payable to us under these Terms of Service shall become due and shall be billed immediately, despite any other provision; and
- you must immediately uninstall, delete or remove from all computer equipment in your possession or control, and destroy or return to us all copies of, any software used in the provision of the Services including our CLI tool.
15. Data Protection
For the purposes of providing the Services, we may collect, process and store certain data concerning Developers and Authorised Users, including personal data, for which we will be the data controller. To the extent that we process any personal data on your behalf when providing the Services, you will be the data controller and we will be a data processor and in any such case:
- you acknowledge and agree that the personal data may be transferred or stored outside the EEA or the country where you and the Developers and Authorised Users are located in order to carry out the Services;
- you will ensure that you are entitled to transfer the relevant personal data to us so that we may lawfully use, process and transfer the personal data in accordance with this agreement on your behalf; and
- you will ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by the Data Protection Laws.
We will process the personal data in compliance with the Data Protection Laws and with the Snyk Data Processing Addendum (which forms part of this Agreement), and in particular, we will;
- implement adequate technical and organisational measures to protect against the unauthorised loss, disclosure or destruction of or damage to such personal data; and
- process such personal data solely in accordance with your instructions.
For the purposes of this Agreement, Data Protection Laws shall mean the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679, and any applicable replacement laws or regulations as may be in force, from time to time, and “personal data”, “data controller”, “data processor” and “process” shall have the meaning given to them by the Data Protection Laws.
You and Snyk agree that each shall maintain the confidentiality of and shall not disclose to any third party all confidential documents and information of the other party, its respective vendors, licensors and other third parties, that such party may furnish (the “Disclosing Party”) to the other party or which the Disclosing Party makes available to the other party (the “Receiving Party”) and that the Disclosing Party treats as confidential, including without limitation, business information, pricing of products or services, technology, agreements, business plans, software, price lists and related documentation, technical documentation, and other information which is not publicly available.
Except as stated in these Terms of Service, the Receiving Party agrees to use all such information solely for the performance of its obligations under this Agreement. The parties’ obligations under this provision shall survive termination of this Agreement, but such obligations shall not include information that is or becomes part of the public domain through no act or omission of the Receiving Party or breach by the Receiving Party of this Agreement.
Notwithstanding any provision to the contrary, the Snyk Materials shall constitute our “confidential information” subject to this paragraph and your obligation to keep the Snyk Materials confidential shall survive the termination of this Agreement. “Snyk Materials” means written and electronic materials, intellectual property, proprietary information and trade secrets developed, provided or used by us or our suppliers to provide the Services or in connection with the Services, including without limitation (i) documentation and manuals, (ii) functional and technical specifications and other technical information, (iii) customized applications and computer programs and software, (iv) processes, methods, algorithms, ideas, and other “know how,” (v) data and information, and (vi) equipment.
17. Other important terms
Assignment and other dealings: You may not assign, transfer, sub-licence or deal in any other manner with any or all of your rights under these Terms of Service, without our prior written consent.
Waiver: A waiver of any right or remedy under these Terms of Service or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent breach or default. A failure or delay by a party to exercise any right or remedy provided under these Terms of Service or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy.
Severance: If any provision or part-provision of these Terms of Service is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any such modification to or deletion of a provision or part-provision shall not affect the validity and enforceability of the rest of these Terms of Service.
Relationship: Nothing in these Terms of Service is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties or constitute any party the agent of another party.
Third Party Rights: No one other than a party to these Terms of Service, their successors and permitted assignees, shall have any right to enforce any of its terms.
Entire Agreement: these Terms of Service, and all documents referred to in them, constitute the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
Jurisdiction/Governing Law: These Terms of Service, its subject matter and its formation (and any non-contractual disputes or claims) are governed by English law. We both agree to the exclusive jurisdiction of the courts of England and Wales.
18. Contact us
To contact us, or if you are experiencing problems with the Services, please email firstname.lastname@example.org
** If you are based in the United States, Snyk shall mean: Snyk, Inc., having a place of business at 200 Berkeley Street, Boston, MA 02116.
If you are based outside of the United States, Snyk shall mean: Snyk Ltd, having its registered place of business at Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT United Kingdom. Our VAT number is 227200547.