March 24, 2021
Terms of Service
These Terms of Service (this “Agreement”) govern your access to and use of the Snyk* Service (defined below as “the Services”). If you register for a free trial, evaluation or free Services, the applicable provisions of this Agreement also govern your access to such Services.
You agree to the terms of this Agreement by accepting them or by using the Services.
We periodically update the terms of this Agreement. If you have an active Snyk account, we will notify you of updates via an email or a notification on the Snyk platform. Unless the notice states otherwise, the updated terms of this Agreement will become effective and binding on the next business day after it is posted. You can find archived recent versions of the terms here. The last update was in March 2021.
“You” means you are accepting these Terms or Service on behalf of an entity you represent, or you are accepting the terms on behalf of yourself, individually. If you are accepting on behalf of your employer or another entity, you represent and warrant that you have full legal authority to bind your employer or such entity to these Terms of Service, and you agree to these Terms of Service on behalf of that entity. If you do not have such authority, are under 18 years of age, or do not agree to the terms set forth in this Agreement, you must not use the Services. “Snyk", "we", "us" or “our” means the applicable Snyk contracting entity as specified in the ‘Snyk Entity and Law and Jurisdiction’ section below.
Direct competitors of Snyk are prohibited from accessing or using the Services and the Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.
This Agreement is effective as of the date on which you accept it either by means of the Order Form or by utilizing the Services. The following also apply to your use of the Services:
Our Acceptable Use Policy, which sets out the permitted uses and prohibited uses of our Services, including any material and data transmitted using the Services. The Acceptable Use Policy forms part of this Agreement.
Our Data Processing Addendum, which describes how we will process any personal data of those you authorised to use the Services. To the extent that we act as the data processor of any personal data of which you are the data controller, the Data Processing Addendum forms part of this Agreement.
Additionally, the following policies apply to your use of our website:
In addition to the terms defined herein, the following terms shall be defined as follows:
means any optional product, service, feature or functionality which Snyk makes available to you subject to the agreement of additional terms;
all non-public information (however recorded or preserved) disclosed by a party to the other party after the date of this agreement, including but not limited to any information that would be regarded as confidential by a reasonable business person;
means an employee, agent or independent contractor who contributes, or has contributed, to the Protected Asset, including modification, programming and testing, recalculated on a rolling ninety (90) day basis;
the documents made available by Snyk online via https://snyk.io/docs or such other web address notified by Snyk from time to time which sets out a description of the Services and the user instructions for the Services;
patents, rights to inventions, copyright and related rights, trade marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets), and all other intellectual property rights;
a vulnerability, security misconfiguration or other issue identified by the Services as potentially negatively affecting the security, integrity or functioning of any Protected Asset;
The online order process specifying the Services to be provided under this Agreement that is entered into between you and Snyk and your Subscription Allocation;
any information relating to an identified or identifiable natural person;
any code, configuration file, container image or other item relating to your software projects, in all cases in respect of which you use the Services during the term of this Agreement;
information and data made available by Snyk to you in connection with the Services;
the services and access to Software provided by Snyk to you under this agreement as more particularly may be described in the Order Form and the Documentation;
the software applications provided by Snyk as part of the Services;
the limits on the use of the Services comprised in your subscription (or, as the case may be, your free plan), as may be set out in an Order Form, including any limit on the number of Developers contributing to the Protected Asset;
any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, Trojan horses, viruses and other similar things or devices;
the data inputted by you, or Snyk on your behalf for the purpose of using the Services or facilitating your use of the Services.
2. Provision of Services
Subject to your compliance with the terms of this Agreement, we will provide you with access to use the Services, Service Data and the Documentation during the Term solely for your internal business operations in accordance with your Subscription Allocation.
If you have a paid subscription, this Agreement shall remain in effect for the initial period stated on the Order Form and thereafter, will renew automatically for additional twelve (12) month periods until terminated by either you or us providing the other with notice of termination prior to the end of the Term (all such periods together referred to as the “Term”). If you are on a free plan, “the Term” is the period commencing on your acceptance of these Terms of Service and ending when either we or you terminate this Agreement as set out in the Termination section below.
This Agreement will apply to any new services, feature, or functionality which we may introduce from time to time, except to the extent that they are Added Options which may be subject to the additional terms to which you will be required to agree and additional fees which you will be required to pay before being permitted to use the Added Options.
The Service-Specific Terms set out in the Schedule below highlight some of the important things about using particular features and functions of certain individual Services. To the extent that your Order Form specifies any of those Services as being included in your subscription, the relevant additional Service-Specific Terms form part of these Terms of Service and apply additionally to your use and our provision of those Services.
3. Your Order and Subscription Allocation
If you have a paid subscription, your Order Form sets out the number of Developer subscriptions that you have agreed to purchase. You shall ensure that the maximum number of Developers shall not exceed your Subscription Allocation. You may purchase additional Developer subscriptions in increments of 10 by notifying us or through the self-service function on your account and paying additional fees. We may track the number of Developers to verify that you are paying for the correct number of subscriptions and invoice you for any additional fees due.
If you choose a paid-subscription plan, you agree to pay us fees in accordance with the relevant pricing plan. Details of those fees are set out on our Pricing Page at https://snyk.io/plans (which do not include VAT).
Depending on the pricing plan chosen by you, our third party payment processor will (and you hereby authorise it to) bill your payment card for the applicable fee in advance on or shortly after the date you subscribe for a paid plan and each month or anniversary thereafter, until terminated by you or us. The fees are non-cancellable and non-refundable, except as expressly stated otherwise in these Terms of Service.
If you move to a higher tier of a paid plan, the change will take effect immediately and we will charge you for the additional fees associated with the new paid plan on a pro-rata basis. If you move to a lower tier of a paid plan, the fee change will take effect in the next billing cycle. You acknowledge that you will not receive a refund for the then-current billing cycle if you move to a lower tier of a paid plan, or to a non-payment subscription plan.
We reserve the right not to provide you with the Services until the relevant fee has been received in full and cleared funds.
We also reserve the right to change our fees or payment plans at any time. If you do not agree to such change, you must ask us to delete your account via email to firstname.lastname@example.org and stop using the Services within 30 days of the date the new fee or payment plan becomes effective, at which point this Agreement will be deemed to have been terminated by you. We will only charge you in respect of the period before termination and based on the old fee or payment plan. If you do agree to such change (which will be deemed from your continued use of the Services after the date the new fee or payment plan becomes effective), your next bill will include the new fees on a pro rata basis.
You will pay fees without any set-off, counterclaim, deduction or withholding of any kind, except as may be required by law. If any withholding or deduction is required by law, you will, when making the payment to which the withholding or deduction relates, pay to us such additional amount as will ensure that we receive the same total amount that it would have received if no such withholding or deduction had been required.
5. Your Use of the Services
You shall prevent unauthorized access or use of the Services, Service Data, Documentation, and in the event of a breach, you will notify us immediately. You are responsible for all use of our Services with your account details, which includes all user passwords issued to your organization for each Authorized User, and for protecting your account details from unauthorized use. You are also responsible for the security of any computer from which you sign into your account. You shall ensure that all your Snyk account credentials are kept confidential. You will maintain a written, up to date list of current Developers and users at all times, and upon our request, you shall either produce such list or the results of source control logs to us within 5 business days. You agree to ensure that all use of the Services, Service Data, Platform and Documentation by you or under your Snyk account are in compliance with the terms and conditions of this Agreement (including the Acceptable Use Policy) and in compliance with all applicable laws, rules and regulations governing this Agreement. You are responsible for any breach of this Agreement by any person using your Snyk account credentials.
You promise not to access, store, distribute or transmit any Viruses, or any material during the course of your use of the Services, the Platform, Service Data or Documentation that infringes any Intellectual Property Right of any other person and/or advocates, promotes or assists any unlawful act or illegal activity, and Snyk reserves the right, without liability or prejudice to its other rights to you, to disable your access to any material that breaches the provisions of this clause.
You may not, except to the extent expressly permitted under this Agreement, (i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software, Service Data, Platform or the Documentation in any form or media or by any means; or (ii) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or (iii) use the Services, Service Data, Platform or the Documentation to provide services to third parties; or (iv) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services, Service Data, Platform or the Documentation available to any third party; or (v) access all or any part of the Services in order to build a product or service which competes with the Services; or (vi) access without authority, interfere with, manipulate, damage or disrupt all or any part of the Services or any equipment or network owned or used by any third party, or assist any third party in doing such acts.
6. Your Data and Privacy
For the purposes of providing the Services, Snyk may collect, process and store certain data concerning your users and Developers. Personal Data such as their email addresses. To the extent that Snyk processes Personal Data on your behalf as data processor when performing its obligations under this Agreement, the Data Processing Addendum shall apply.
7. Our Responsibilities to You
Snyk will make commercially reasonable efforts to ensure that the Services will be performed substantially in accordance with the Documentation. However, we will have no obligations to the extent of any non-conformance which is caused by use of the Services contrary to our instructions, or modification or alteration of the Services by any party other than Snyk or Snyk’s duly authorised contractors or agents. Your sole remedy and our only obligations to you if the Services do not conform with the foregoing undertaking is for us to (at our expense), use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide you with an alternative means of accomplishing the desired performance.
You acknowledge and agree that:
the Services will evolve over time and that functionality may be added and removed from time to time;
Snyk does not warrant that use of the Services will be uninterrupted or error-free, or that the Services and/or the information obtained through the Services will meet your requirements; and
Snyk is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the Internet, and you acknowledge that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
We have no obligation to modify Software to support your use of the Services and you acknowledge that the accuracy and completeness of the Services is dependent on a number of factors outside our control, including design, implementation, and use of the Protected Asset, erroneous dependency or Issue data, and changes to the environment in which the Protected Asset is used.
While we use commercially reasonable efforts to properly identify dependencies and Issues for review, you acknowledge that we do not warrant that:
the Services will be able to find and monitor all Issues included in, applicable to or used by the Protected Asset or your applications containing it.
Whilst Snyk endeavours to keep up to date and build on its vulnerability and license database, the Services do not constitute professional advice (including legal advice) in relation to the Protected Asset and we do not guarantee it is a complete source of all Issues, nor that it is relevant or suited to the Protected Asset or your software projects generally;
we will be able to provide a remediation for all Issues discovered using the Services;
You also agree that:
You assume sole responsibility for results obtained from the use of the Services, and for conclusions drawn from such use.
a recommended remediation will not break the functionality of your code or will not result in the introduction of new Issues. You acknowledge that it is your responsibility to assess the impact of the remediation before applying it.
that remediations are provided for general information only, and have not been made with your particular requirements in mind. It is therefore not intended to amount to advice on which you should solely rely.
From time to time, Snyk may make Beta Services available at no charge. Beta Services are made available “AS IS” and Snyk shall have no liability for any harm or damage arising out of or arising out of or in connection with the Beta Services. You may choose to try such Beta Services at your sole discretion. Snyk may discontinue Beta Services at any time in its sole discretion and may never make them generally available.
8. Intellectual Property Rights
Snyk and/or its licensors owns all Intellectual Property Rights in the Services, Service Data, Software, Platform and the Documentation and except as expressly stated herein, Snyk does not grant to you any rights to, or in, such Intellectual Property. If you create any derivative works or developments based on Snyk Intellectual Property Rights, you agree to assign to Snyk all ownership rights and title to such developments.
Snyk claims no Intellectual Property Rights in and to your applications and software, Protected Asset or any material you provide or otherwise transmit to Snyk via the Platform. However, you acknowledge and agree that in order for us to provide Services, we will be inspecting, using, sending to Snyk servers, displaying and storing: (i) the Protected Asset; (ii) information relating to the Protected Asset (such as the project name, security settings and metadata), information relating to the dependencies (including open source and proprietary as available to the Platform) being used and how they are referenced by the Protected Asset, Snyk-related files and environmental information and the license information applicable to the Protected Asset (together, “Project Information”); (iii) Project Information for each of the Protected Asset’s dependencies (“Dependency Information”); and (iv) any of Your Data, in all cases for the purposes of providing the Services.
Additionally, you acknowledge and agree that Snyk may use the Project Information, the Dependency Information and any of Your Data for analytical purposes (for example, so Snyk can see what stage the project was in when it was deleted) and to improve the Services. Snyk shall continue such use indefinitely and it will not end upon termination of this Agreement or upon your deletion of the relevant project on the project page of the Platform until and unless you send us written notice to cease such use via email at email@example.com.
We each may be given access to Confidential Information from the other party in order to perform our respective obligations under this Agreement. Confidential Information does not include information that: (i) is or becomes publicly known other than through any act or omission of the receiving party; (ii) was in the other party's lawful possession before the disclosure; (iii) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; (iv) is independently developed by the receiving party, which independent development can be shown by written evidence; (v) or is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body. Details of the Services, the Service Data, the Documentation, and the results of any performance tests of the Services, constitutes Snyk’s Confidential Information.
Each party shall hold the other's Confidential Information in confidence and, unless required by law, not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than the implementation of this Agreement.
Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.
The obligations of confidentiality and non-use in this Section shall survive termination of this Agreement.
You will defend, indemnify and hold harmless Snyk against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with your use of the Services, the Platform, Service Data and/or Documentation other than in accordance with this Agreement.
11. Limitation of Liability
Nothing in this agreement excludes the liability of either party:
for death or personal injury caused by the negligence of the other party; or
for fraud or fraudulent misrepresentation; or
any liability that cannot be excluded or limited by law.
Neither party shall be liable whether in tort, contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and
Except for your liability under the Indemnification section above (which will not be subject to any limit), the total aggregate liability of either party arising in connection with the performance or contemplated performance of this Agreement shall be limited to the greater of USD $100, or the total fees paid by you for the Service during the 12 months immediately preceding the date on which the claim arose.
Snyk will not be liable for our failure to find, fix and monitor Issues, any ‘false positives’ incorrectly identified by the Services as requiring consideration of a remediation; or for any damage or loss suffered as a result of a recommended remediation deployed. Nor shall Snyk have any responsibility for any damage caused by errors or omissions in any content or omissions in any information, instructions, or scripts provided by you in connection with the Services or any action taken by us at your direction.
All other warranties, conditions, representations or other terms implied by statute or common law in relation to the Services, Documentation, Service Data, and Platform are excluded to the fullest extent permitted by law.
If you do not have a paid subscription to the Services, we may suspend, limit, or terminate the Services and terminate this Agreement for any reason at any time without notice, and you may terminate this Agreement at any time by deleting your account by means of the Service, or asking us to do so via email to firstname.lastname@example.org. If you have a paid subscription to the Services, you or we may terminate by giving thirty (30) days’ notice before the end of the then current Term via email to email@example.com.
Without affecting any other right or remedy available to us, we may terminate this agreement with immediate effect by giving written notice to you if (i) you commit a material or persistent breach of these terms
On termination of this Agreement: (i) the rights granted to you under this Agreement Shall immediately terminate; and (ii) you shall pay any and all fees outstanding, delete all copies of the Service Data and cease all use of the same; and immediately uninstall, delete or remove from all computer equipment in your possession or control, and destroy or return to Snyk all copies of, any software used in the provision of the Services including Snyk’s CLI tool;
Any provision of this agreement that expressly or by implication is intended to come into or continue in force on or after termination of this agreement shall remain in full force and effect.
No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.
If any provision of this Agreement or any Order Form, shall be held to be invalid or unenforceable for any reason, the remaining provisions shall continue to be valid and enforceable. If a court of competent jurisdiction finds that any provision of this Agreement or any Order Form is invalid or unenforceable, but that by limiting such provision it would become valid or enforceable, then such provision shall be deemed to be written, construed, and enforced as so limited.
15. Entire Agreement
This Agreement, the Documentation, and each respective Order Form contain the entire agreement of the parties with respect to the Services specified in each Order Form, and there are no other promises or conditions in any other agreements, whether oral or written. This Agreement supersedes any prior written or oral agreements between the parties with respect to those Services provided under this Agreement, or specified in each Order Form (if applicable). The parties agree that any term or condition stated in a purchase order provided by You or in any other order documentation provided by You is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (a) the applicable Order Form, (b) this Agreement, and (c) the Documentation. Titles and headings of sections of this Agreement are for convenience only and shall not affect the construction of any provision of this Agreement.
You may not assign or transfer this Agreement or any rights or obligations hereunder without our prior written consent. Notwithstanding the foregoing, no consent is required for you to assign your rights and obligations under this Agreement to an Affiliate or to a successor in interest through merger, reorganization, consolidation, or acquisition, provided that you provide us with notice of the assignment. Any attempted assignment, transfer, or other conveyance in violation of the foregoing shall be null and void. No assignment shall relieve the assigning party of any of its obligations hereunder. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective successors and permitted assigns.
17. No Partnership or Agency
The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. Each party will be solely responsible for payment of all compensation owed to its employees, as well as all employment-related taxes.
18. Third Party Beneficiaries
There are no third party beneficiaries under this Agreement.
19. Legal Notices
To contact us for technical issues, please email firstname.lastname@example.org. For legal notices, please contact email@example.com. A notice sent by email shall be deemed to have been received at the time of transmission.
20. Snyk Entity and Law and Jurisdiction
If your physical address is in the United States, then:
(i) you are contracting with Snyk, Inc. (whose principal place of business is at 100 Summer St, Boston, MA 02110);
(ii) any dispute or claim arising out of or in connection with this Agreement shall be governed by and construed in accordance with the law of the state of Massachusetts; and,
(iii) the state and federal courts located in Boston, Massachusetts shall have exclusive jurisdiction to adjudicate any dispute arising out of or related to this AgreementIf your physical address is outside the United States, then:
(i) you are contracting with Snyk Limited (a company registered in England and Wales under company number 09677925 whose registered office is at Highlands House Basingstoke Road, Spencers Wood, Reading, Berkshire, England, RG7 1NT);
(ii) any dispute or claim arising out of or in connection with this Agreement shall be governed by and construed with the laws of England and Wales; and
(iii) the courts of England shall have exclusive jurisdiction to adjudicate any dispute arising out of or related to this Agreement.
Schedule - Additional Terms for certain Services
The following additional terms apply in respect of Snyk License Compliance Management: Snyk License Compliance Management is the function of the Services which enables you to create sets of rules that can be applied in respect of License Information applicable to the Protected Asset. “License Information” means the license information identified by the Services as being associated by the Snyk License Compliance Management with any dependency in or content of the Protected Asset.
You acknowledge and agree that:
License Information is obtained by Snyk from the licensor of the relevant software reviewed using Snyk License Compliance Management, or the code repository by means of which that software is made available;
No warranty or representation of any kind is made by Snyk as to the accuracy or completeness of License Information, or the availability of License Information for any Protected Asset, and that License Information is made available ‘as is’ at your own risk;
You are responsible for determining the extent to which certain license types present a legal or commercial risk to you, including any risk posed by a ‘copyleft’ or reciprocity requirement in any license, and configuring the Snyk License Compliance Management accordingly; and
You are responsible for setting your own severities or permissions by means of Snyk License Compliance Management, and any sample or default license policy made available for use by Snyk is solely for information purposes and not intended as legal advice or advice applicable to your own circumstances and risk assessments.
The following additional terms apply in respect of Snyk Infrastructure as Code. Snyk Infrastructure as Code is a function which enables you to scan configuration files and settings associated with Protected Asset and set and manage preferences. “IaC Information” is information regarding configuration associated with the Protected Asset, produced by means of Snyk Infrastructure as Code.
You acknowledges that:
No warranty or representation of any kind is made by Snyk as to the accuracy or completeness of, or the availability of IaC Information for any Protected Asset, and that IaC Information is made available ‘as is’ at your own risk;
You are responsible for determining the extent to which any apparent security configuration issues identified by Infrastructure as Code present a security or other risk to you; and
You are responsible for determining your own response to any apparent security configuration issues identified by Infrastructure as Code, and any sample or default security configuration policy made available for use by Snyk is solely for information purposes and not intended as legal advice or advice applicable to your own circumstances and risk assessments.
The following additional terms apply in respect of the API. The “API” is the application program interface made available by Snyk to you as an optional part of the Services for the purposes of connecting your Snyk account with other facilities operated and controlled by you. You may use the API during the Term, solely for the purposes of your use of the Services for your internal business operations. No warranty or representation is made as to the API’s continued availability, or its compatibility with any software or technical protocols or standards.
The API is intended to be used as an interface between the Platform and an external application or repository operated and controlled by you. Snyk may rate-limit, throttle or otherwise restrict API use to prevent what it considers (in its absolute discretion) to be abuse, security issues or excessive use. Snyk shall use reasonable endeavours when applying such restriction to return a descriptive error message, but the nature of the restriction may make this impractical.
The following additional terms apply in respect of CLI tool: the “CLI tool” is the Snyk client-facing code, more particularly described in the Documentation, which authenticates a machine with a particular Snyk account. Snyk’s CLI tool reports to Snyk an event for each command you issue, including, but not limited to, the version of the CLI tool, the versions of surrounding tools such as Node, Maven, Bundler and npm, the organization ID, the arguments and inputs provided to the CLI, and details about duration, success and failure of CLI actions. This information is used by Snyk for analytical purposes and to improve the Services. It allows Snyk to better understand how the CLI tool is used, and informs Snyk’s product development decisions.
You hereby agrees to Snyk’s collection and use of data as described in this section. You may opt out of this by setting the disable-analytics configuration item, as explained in the FAQ page at https://snyk.io/policies/tracking-and-analytics/ (or such other web address notified by Snyk to the Licensee from time to time).
The CLI tool is distributed under Apache version 2.0 open source software license (https://www.apache.org/licenses/LICENSE-2.0.txt). Use of the CLI tool is subject to the terms of that license and is not subject to the restrictions in sections 2 and 4 of the main body of this Agreement.
The following additional terms apply in respect of Snyk Code: Snyk Code is a Static Application Security Testing (or ‘SAST’) feature and as such does not review code at runtime. Nor does it review code in the environment in which it is to be executed. As such, You acknowledge and agree that:
i. Snyk Code makes a number of unverified inferences and assumptions about the runtime environment of the code in the Protected Asset;
ii. You shall not use Snyk Code to identify security issues in a live environment.
* If you are based in the United States, Snyk shall mean Snyk, Inc., having a place of business at 100 Summer Street, Boston, MA 02110. If you are based outside of the United States, Snyk shall mean Snyk Limited, having its registered place of business at Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire RG7 1NT United Kingdom