Terms of service

Last updated: 2026-04-22.

The deal

CrossGraph is a GitHub App that analyzes your source code for cross-service security vulnerabilities. You install it on your GitHub org, we analyze, we post findings as PR comments. You can uninstall anytime.

What you agree to

1. You own or have rights to the code you install CrossGraph on.
2. You won't use CrossGraph to analyze code you're legally forbidden from analyzing.
3. You won't attempt to reverse-engineer or extract our proprietary analyzer.
4. You'll pay your invoices on time.

What we agree to

1. We'll never sell or share your data with third parties outside the sub-processors on our security page.
2. We'll keep source code ephemeral — never persisted beyond graph metadata.
3. We'll notify you within 72 hours if we detect a security incident affecting your data.
4. We'll maintain at least 99.5 % availability for Business and Enterprise tiers; we'll credit your account if we miss.

Termination

Either party can terminate month-to-month. Uninstall the GitHub App → your data is purged within 30 days. Annual contracts have the usual pro-rated refund language; see the order form.

Liability

CrossGraph is not a substitute for human security review. If we miss a finding, we're not liable for downstream damages. Our total liability is capped at 12 months of fees paid.

Patent

CrossGraph practices inventions covered by USPTO application 19/649,210 (Track One, non-provisional). Using CrossGraph as a licensed customer does not grant you a patent license to practice the inventions independently.

Governing law

Delaware, United States. Disputes go to binding arbitration in Delaware unless one of us is legally required to litigate in another jurisdiction.

Changes

We'll email all customers 30 days before any material change to these Terms.

Contact

Legal: legal@crossgraph.dev