Terms of Service

§ 1 Acceptance of these terms

By creating an account, purchasing a subscription, downloading a binary, or otherwise accessing the scj-hunt service or related materials (collectively, the "Service"), you agree to be bound by these Terms of Service (these "Terms") and our Privacy Policy.

These Terms form a binding agreement between you (or the organization you represent) and Davis Geometric, a sole proprietorship operated by Bee Rosa Davis ("we," "us," "our").

You represent that you are at least eighteen (18) years old and, if entering into these Terms on behalf of an organization, that you are authorized to bind that organization to these Terms.

§ 2 Description of the service

scj-hunt is a software-as-a-service vulnerability-research tool consisting of:

• a pre-built command-line / terminal user-interface binary (the "Client");
• a hosted Gigi fiber-bundle database accessible over the public internet (the "Gigi Service");
• a catalog of pattern definitions, sink ontologies, and curated corpora of decompiled Windows kernel-mode driver code; and
• related documentation, demo recordings, and support materials.

The Service is provided for use by security researchers, software engineers, and security teams to identify candidate vulnerabilities for further human review. Candidates produced by the Service are not confirmed vulnerabilities until verified by a qualified human reviewer under standard responsible-disclosure processes.

Free self-hosted use of the Client against your own Gigi instance is permitted under these Terms; paid tiers grant additional access to the hosted Gigi Service and curated corpora.

§ 3 Your account and API key

Paid subscriptions are tied to your billing email address. Following successful payment via Stripe, you will receive a unique API key in the form sk_scj_<32-hex> by email. This key authenticates your requests to the Gigi Service.

You are responsible for keeping your API key confidential. You agree to:

• not share your API key with any third party or expose it in any public repository, paste site, or shared channel;
• re-mint your key immediately via the customer dashboard if you have reason to believe it has been disclosed; and
• notify us promptly of any unauthorized use of your account.

We may, at our discretion, revoke any API key that we determine in good faith has been shared, leaked, or used in violation of these Terms.

§ 4 Subscription, billing, and cancellation

Paid plans are recurring subscriptions billed by Stripe in advance on a monthly or annual cycle. Plans and pricing are described on the pricing page and may be updated from time to time. Any price change will not affect your current billing cycle.

Renewal and cancellation

Subscriptions renew automatically at the end of each billing cycle unless cancelled. You may cancel at any time via the Stripe customer portal linked from your dashboard. Cancellation takes effect at the end of the current paid period; you retain access to paid features until then.

Trial period

Where offered, free-trial periods convert automatically into paid subscriptions at the end of the trial unless cancelled. You will receive a reminder email three days before trial end.

Failed payments

If a payment fails, your account will enter a past_due state and access to the Gigi Service will be suspended until the payment is resolved. Repeated failed payments may result in termination.

§ 5 Refund policy

We offer pro-rated refunds on annual subscriptions within fourteen (14) days of initial purchase. Monthly subscriptions are not refunded; you may cancel to prevent the next billing cycle.

Refund requests must be sent to bee_davis@alumni.brown.edu from the email address associated with the subscription. Refunds are processed within 7 business days.

Refunds are not granted on the basis that the Service did not identify a particular vulnerability, did not identify any vulnerabilities, or produced false positives. The Service is a research tool and is not warranted to be exhaustive (see § 10).

§ 6 Acceptable use

You agree NOT to:

• reverse engineer, decompile, or disassemble the Client beyond what is permitted by applicable law;
• copy, redistribute, sublicense, rent, lease, or resell the Client or access to the Gigi Service;
• use the Service to scan, analyze, or attack systems or software for which you do not have explicit authorization from the owner;
• use the Service to develop, sell, or distribute exploits, malware, or other offensive security tools targeting third parties;
• circumvent rate limits, access controls, or any technical restriction of the Service;
• use the Service in a manner that violates any applicable law, including export-control laws of the United States or any jurisdiction from which you access the Service; or
• use the Service to harass, defame, or harm any individual.

§ 7 Vulnerability research conduct

You agree that, for any candidate vulnerability you identify using the Service:

1. you will treat the finding as not confirmed until reproduced and verified by at least one independent human reviewer (the SCJ "two-person review" rule);
2. you will follow standard coordinated-disclosure practice, including notifying the vendor (e.g., Microsoft Security Response Center for Microsoft Windows components) and honoring a 90-day disclosure window before any public discussion;
3. you will not publicly disclose, post, share, or publish details, proof-of-concept code, or working exploits for an unpatched vulnerability before the disclosure window has elapsed or the vendor has authorized earlier disclosure;
4. you will not use the candidate or any derived material to attack systems or software for which you lack explicit authorization; and
5. you acknowledge that violating these obligations may constitute violation of the U.S. Computer Fraud and Abuse Act or equivalent law in your jurisdiction, and may result in civil or criminal liability for which we are not responsible.

We reserve the right to terminate your subscription, without refund, on a good-faith determination that you have violated this section.

§ 8 Intellectual property

Our IP

The Client, the Gigi Service, the pattern catalog, the documentation, and the underlying source code, design, and organization are owned by Davis Geometric and are protected by United States and international copyright, trademark, and patent law. Davis Geometric has filed multiple U.S. patent applications covering the Gigi fiber-bundle database engine and related vulnerability-discovery and exploitability-assessment methods (see the Gigi section for current application numbers).

Your subscription grants you a limited, non-exclusive, non-transferable license to use the Client and access the Gigi Service for the duration of your subscription. No rights are granted under any Davis Geometric patent by virtue of your subscription.

Your IP — your findings

You retain all rights in any vulnerability findings, advisory reports, proof-of-concept code, or research output that you produce using the Service ("Customer Output"). We claim no ownership of Customer Output and will not use it for any purpose without your written permission, with the limited exceptions described in § 9.

§ 9 Customer data and confidentiality

What we collect

Detail is in the Privacy Policy. In short: your billing email, a SHA-256 hash of your API key (never the plaintext), usage counters, and the timestamps of your requests. We do not store the bodies of your GQL queries or any derived candidate output beyond what is needed for transient rate-limiting and abuse detection.

Private corpora (Team tier)

If you ingest your own driver corpora via the Team tier, your corpora are stored in a tenant-scoped database namespace accessible only to your API key. We will not access, share, or use your private corpora for any purpose except:

• operating and maintaining the Service for you;
• investigating a documented security incident affecting your data; or
• complying with a lawful legal process.

We will provide reasonable advance notice of any legal process affecting your data, except where prohibited by law.

§ 10 Disclaimer of warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

Without limiting the foregoing, we make NO warranty that:

• the Service will identify every vulnerability in any code base or corpus;
• the candidates the Service produces are exploitable, severe, or accurately characterized;
• the Service will be uninterrupted, error-free, or available at any particular time; or
• any corpus or pattern in the catalog is current relative to the latest public security advisory or patch.

§ 11 Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL DAVIS GEOMETRIC BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, DATA, OR USE, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SERVICE, WHETHER BASED ON CONTRACT, TORT, OR ANY OTHER LEGAL THEORY, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL CUMULATIVE LIABILITY ARISING FROM OR RELATING TO THE SERVICE WILL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID TO US FOR THE SERVICE IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY, OR (B) ONE HUNDRED U.S. DOLLARS ($100.00).

§ 12 Indemnification

You agree to defend, indemnify, and hold harmless Davis Geometric and its proprietor, agents, and affiliates from any claim, demand, or expense, including reasonable attorneys' fees, arising out of or related to:

• your use of the Service in violation of these Terms, including without limitation § 6 (Acceptable Use) and § 7 (Vulnerability Research Conduct);
• your violation of any applicable law in connection with your use of the Service; or
• your infringement of any third-party right, including any intellectual property right or right of privacy, through your use of the Service.

§ 13 Termination

You may terminate your subscription at any time as described in § 4. We may terminate or suspend your access to the Service immediately, without notice, if you breach these Terms, in particular § 6 or § 7. We may also terminate the Service in its entirety, or any individual feature, on at least thirty (30) days written notice to active customers.

Upon termination: your API key is revoked; access to the Gigi Service ceases; and you will receive a final invoice (if any amount is outstanding). The provisions of §§ 8, 10, 11, 12, and 15 survive any termination.

§ 14 Changes to these terms

We may update these Terms from time to time. If a change is material, we will provide notice via email to your billing address and post a notice on the Service at least fourteen (14) days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Terms.

§ 15 Governing law and dispute resolution

These Terms are governed by the laws of the State of [YOUR STATE], United States, without regard to its conflict-of-laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Any dispute arising out of or relating to these Terms or the Service that cannot be resolved through good-faith discussion within sixty (60) days will be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules, in [YOUR COUNTY], [YOUR STATE]. Either party may seek injunctive relief in a court of competent jurisdiction to protect its intellectual property.

You waive any right to participate in a class action or representative proceeding.

§ 16 Contact

Notices and questions regarding these Terms can be sent to:

Davis Geometric
Attn: Bee Rosa Davis
bee_davis@alumni.brown.edu