Terms of Service

Last updated: March 14, 2026

1. Acceptance of terms

By accessing or using the Gerion platform at gerion.dev, the Gerion API, the Gerion CLI, or any related services (collectively, the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you are acting on behalf of an organization, you represent that you have authority to bind that organization.

If you do not accept these Terms, you must not use the Service.

2. Definitions

3. Description of the Service

Gerion is an Application Security Posture Management (ASPM) platform that integrates four open-source security scanners (Opengrep for SAST, OSV-Scanner for SCA, Gitleaks for secrets detection, and KICS for IaC) and normalizes their output into a unified findings model with financial impact metrics.

The Gerion CLI runs inside the Customer's CI/CD infrastructure. Scanners analyze source code locally; only Scan Data (as defined in Section 2) is transmitted to the platform. The Customer's complete source files never leave their network.

The Service is currently in Early Access. During this phase, features, pricing, and interfaces may change. We will provide reasonable advance notice of material changes.

4. Accounts and security

Accessing the Service requires creating an account. The Customer is responsible for:

Gerion may suspend accounts with reasonable indication of unauthorized use or breach of these Terms.

5. Subscription plans and billing

The Service is offered through subscription plans based on the number of active repositories scanned per month. All plans include access to the same platform features; tiers differ in repository limit and support level.

6. Refund policy

Payments are generally non-refundable. As an exception, a proportional refund will be issued if Gerion permanently discontinues the Service with less than 30 days' notice, or if there is a prolonged Service outage attributable to Gerion that exceeds the agreed SLA for the Customer's plan.

Monthly plan customers may cancel at any time, effective at the end of the current billing period. Annual plan cancellations take effect at the end of the current annual term.

7. License to use the Service

Subject to compliance with these Terms and payment of the applicable subscription, Gerion grants the Customer a limited, non-exclusive, non-transferable license to access and use the Service during the subscription term, solely for their internal software security purposes.

8. Open-source CLI

The Gerion CLI is free software distributed under the open-source license published at github.com/gerion-appsec/gerion-cli. Rights to use the CLI are governed by that license, regardless of whether the Customer holds an active platform subscription.

The Gerion SaaS platform (dashboard, API, Financial Impact Engine) is not open-source software and is protected by applicable intellectual property laws.

The open-source tools orchestrated by the CLI (Opengrep, OSV-Scanner, Gitleaks, KICS) are independent projects with their own licenses and, potentially, their own telemetry. Gerion does not control such telemetry. The Customer is responsible for reviewing each tool's terms of use and privacy policies within the context of their own infrastructure.

9. Acceptable use

The Customer agrees to use the Service only for legitimate software security purposes and not to:

10. Intellectual property

Gerion retains all intellectual property rights in the SaaS platform, API, documentation, and any proprietary software associated with the Service, including rights in the Gerion name, logos, and brand.

The Customer retains all rights in the Customer Content. By using the Service, the Customer grants Gerion a limited license to process the Customer Content solely for the purpose of providing the Service.

Gerion acquires no rights over the Customer's source code. By design of the architecture, source code is never transmitted to Gerion.

11. Confidentiality

Each party agrees to maintain the confidentiality of the other party's non-public information and not to disclose it to third parties without prior consent, except as required by law. Customer Scan Data is treated as confidential Customer information.

Gerion will process Scan Data only as described in its Privacy Policy and, for enterprise customers, in the applicable Data Processing Agreement (DPA).

12. Personal data processing

To the extent that processing of Scan Data involves personal data under the GDPR (for example, commit authors), Gerion acts as a data processor and the Customer as the data controller. The terms of such processing are governed by our Privacy Policy. Enterprise customers may request a specific Data Processing Agreement (DPA) by writing to privacy@gerion.dev.

13. Service availability

Gerion commits to providing reasonable Service availability. During the Early Access phase, no specific SLA is guaranteed. For paid plans in general availability, the monthly uptime target is 99.5%, excluding scheduled maintenance communicated with at least 24 hours' notice.

In the event of critical incidents, Gerion will communicate Service status through its standard channels.

14. Disclaimer of warranties

The Service is provided "as is" and "as available." To the maximum extent permitted by applicable law, Gerion disclaims all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement.

Gerion does not warrant that the Service will detect all vulnerabilities in the Customer's code, or that findings will be free from false positives or false negatives. Service results are informational and do not replace a professional security audit.

15. Limitation of liability

To the maximum extent permitted by law, Gerion's total liability to the Customer for any claim arising from use of the Service shall not exceed the amount paid by the Customer in the 12 months prior to the event giving rise to the claim.

Gerion shall not be liable for indirect, incidental, special, consequential, or punitive damages, including lost profits or data loss, even if advised of the possibility of such damages.

The above exclusions do not apply in cases of Gerion's fraud or gross negligence, or where limitation of liability is prohibited by law.

16. Indemnification

The Customer agrees to indemnify and hold harmless Gerion against any claims, damages, losses, or expenses (including reasonable legal fees) arising from: (i) Customer's breach of these Terms; (ii) Customer's use of the Service in violation of applicable law; or (iii) third-party claims related to Customer Content.

17. Termination and suspension

The Customer may cancel their subscription at any time from their account administration panel or by contacting hello@gerion.dev.

Gerion may suspend or terminate Service access if the Customer materially breaches these Terms and fails to remedy the breach within 15 days of notification. In cases of fraudulent use or activities that threaten platform security, Gerion may suspend access immediately.

Following termination, the Customer will have 90 days to export their Scan Data. After that period, data will be deleted in accordance with the retention policy.

18. Changes to these Terms

Gerion may modify these Terms periodically. Material changes will be communicated by email at least 30 days before taking effect. Continued use of the Service after the effective date of new Terms constitutes acceptance. If the Customer does not accept the changes, they may cancel their subscription before the effective date without penalty.

19. Governing law and jurisdiction

These Terms are governed by the laws of Spain. For any dispute that cannot be resolved amicably, the parties submit to the exclusive jurisdiction of the courts of Madrid, Spain, waiving any other jurisdiction that may apply.

20. General provisions

21. Contact

For any questions about these Terms: