Terms of Service

1. Acceptance of Terms

By accessing, downloading, installing, or using 1SEC software, cloud services, documentation, APIs, CLI tools, or any associated materials (collectively, the “Service”), you agree to be bound by these Terms of Service (“Terms”). If you are accepting on behalf of an organization, you represent that you have authority to bind that organization. If you do not agree, do not use the Service.

These Terms apply to all users, including Community (free), Pro, and Enterprise tier subscribers.

2. Definitions

• “Software” means the 1SEC open-source codebase, binaries, Rust sidecar engine, and all associated modules distributed under AGPLv3.
• “Cloud Services” means the hosted dashboard, AI analytics, team management, and any SaaS features provided at 1-sec.dev.
• “You” / “User” means the individual or entity accessing the Service.
• “We” / “Us” / “1SEC” means the 1SEC project and its maintainers.
• “Content” means any data, configurations, alerts, events, or outputs generated through your use of the Service.

3. License (AGPLv3)

The 1SEC software is released under the GNU Affero General Public License v3 (AGPLv3). Under this license you may use, copy, modify, and distribute the software subject to the following key conditions:

• Any modified version you deploy as a network service must make the complete corresponding source code available to users of that service.
• All derivative works must also be licensed under AGPLv3.
• You must retain all copyright notices, license headers, and attribution in the source code.
• You may not impose additional restrictions beyond those in the AGPLv3.

The full license text is included in the LICENSE file in the source repository. In the event of any conflict between these Terms and the AGPLv3, the AGPLv3 governs with respect to the open-source software.

4. Permitted Use

You may use 1SEC for:

• Protecting systems and networks you own or are authorized to defend
• Security research and testing on systems you have explicit permission to test
• Educational and academic purposes
• Internal corporate security operations
• Integration into your own security infrastructure, subject to AGPLv3 obligations

5. Prohibited Conduct

You shall not:

• Use the Service to conduct offensive cyber operations against systems you do not own or have written authorization to test
• Reverse engineer the AI analysis layer to extract model weights, training data, or proprietary algorithms
• Redistribute modified versions under the “1SEC” name, branding, or logo without prior written permission
• Use the Service to develop competing products that replicate the core functionality while circumventing AGPLv3 obligations
• Remove, alter, or obscure any copyright notices, license headers, or attribution from the source code or documentation
• Use the Service to process, store, or transmit malware for purposes other than detection and analysis
• Attempt to gain unauthorized access to our Cloud Services, infrastructure, or other users’ accounts
• Use the Service in violation of any applicable law, regulation, or export control
• Resell, sublicense, or commercially redistribute the Cloud Services (Pro/Enterprise features) without a separate reseller agreement
• Use automated means to scrape, crawl, or extract data from the Cloud Services beyond normal API usage

6. Paid Tiers & Billing

Pro ($49/month) and Enterprise ($499/month) subscriptions are billed monthly via Stripe. By subscribing you agree to:

• Provide accurate and complete billing information
• Authorize recurring charges at the applicable rate until you cancel
• Usage limits (AI triage events, deep analysis events, team seats, retention periods) are as described on the pricing page at the time of subscription
• Overages beyond plan limits may result in throttling or temporary suspension of AI features until the next billing cycle

Cancellation takes effect at the end of the current billing period. No prorated refunds are issued for partial months. We reserve the right to change pricing with 30 days’ written notice; continued use after the change constitutes acceptance.

7. API Keys & Credentials

You are solely responsible for safeguarding any API keys, credentials, tokens, or secrets used with 1SEC. This includes Gemini API keys, webhook URLs, and authentication tokens. We are not liable for unauthorized access, data loss, or security incidents resulting from your failure to secure credentials. Do not commit API keys to version control, share them in public channels, or embed them in client-side code.

8. AI Analysis Layer

The AI-powered threat analysis features use third-party LLM providers (currently Google Gemini). By enabling AI features, you acknowledge and agree that:

• Security event data (metadata, sanitized payloads, correlation data) may be transmitted to these providers for analysis
• You are responsible for ensuring this complies with your organization’s data handling, privacy, and regulatory requirements
• AI analysis results are advisory and should not be the sole basis for critical security decisions
• We do not guarantee the accuracy, completeness, or timeliness of AI-generated threat assessments
• Third-party LLM providers have their own terms of service and privacy policies that apply to data processed through their APIs

9. Data Collection

The self-hosted version of 1SEC does not transmit telemetry or usage data to us by default. If you opt into anonymous usage analytics, only aggregated, non-identifiable metrics are collected. Cloud Services (Pro/Enterprise) collect usage data necessary to provide the service. See our Privacy Policy for full details.

10. Intellectual Property

The 1SEC source code is licensed under AGPLv3. However, the following remain the exclusive property of the 1SEC project and its maintainers:

• The “1SEC” and “1-SEC” names, logos, and branding
• Cloud Services infrastructure, proprietary backend systems, and SaaS-specific code not included in the open-source repository
• Documentation, website content, and marketing materials (copyright reserved)
• AI model configurations, prompt engineering, and analysis pipelines specific to the Cloud Services

You retain ownership of your own data, configurations, and any original code you write that integrates with 1SEC.

11. Trademarks

The names “1SEC,” “1-SEC,” the 1SEC logo, and associated visual identity are trademarks of the 1SEC project. You may not use these marks in a way that suggests endorsement, affiliation, or sponsorship without prior written consent. Fair use for attribution (e.g., “powered by 1SEC” or “compatible with 1SEC”) is permitted provided it does not imply official endorsement.

12. Contributions

By submitting code, documentation, or other contributions to the 1SEC project (via pull requests, patches, or other means), you agree that:

• Your contributions are licensed under AGPLv3, consistent with the project license
• You have the right to submit the contribution and it does not infringe any third-party intellectual property rights
• You grant the 1SEC project maintainers a perpetual, worldwide, non-exclusive, royalty-free license to use, modify, and distribute your contributions as part of the project
• Contributions may be used in both the open-source and commercial (Cloud Services) versions of 1SEC

13. Third-Party Services

1SEC integrates with third-party services only when explicitly configured by you. These may include Google Gemini API, Slack, PagerDuty, Opsgenie, Splunk, Datadog, Elastic, and custom webhook endpoints. Each integration is governed by the respective provider’s terms of service and privacy policy. We are not responsible for the availability, accuracy, or security practices of third-party services.

14. Availability & Uptime

For self-hosted deployments, availability is entirely your responsibility. For Cloud Services:

• We aim for high availability but do not guarantee uninterrupted service
• Scheduled maintenance windows will be communicated in advance when possible
• Enterprise tier customers may negotiate specific SLA terms under a separate agreement
• We are not liable for downtime caused by third-party providers, force majeure events, or your own infrastructure

15. Disclaimer of Warranties

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. WE SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT 1SEC WILL DETECT ALL SECURITY THREATS, PREVENT ALL BREACHES, OPERATE WITHOUT INTERRUPTION OR ERROR, OR MEET YOUR SPECIFIC SECURITY REQUIREMENTS. NO SECURITY SOFTWARE CAN GUARANTEE COMPLETE PROTECTION. USE OF 1SEC DOES NOT ELIMINATE THE NEED FOR SOUND SECURITY PRACTICES, POLICIES, AND HUMAN OVERSIGHT.

16. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE 1SEC PROJECT, ITS MAINTAINERS, CONTRIBUTORS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITIES, GOODWILL, OR REVENUE, ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100).

17. Indemnification

You agree to indemnify, defend, and hold harmless the 1SEC project, its maintainers, contributors, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising from or related to:

• Your use or misuse of the Service
• Your violation of these Terms
• Your violation of any applicable law or regulation
• Your violation of any third-party rights
• Any content or data you process through the Service
• Any security incident resulting from your deployment or configuration of 1SEC

18. Termination

For the open-source software, your rights under AGPLv3 persist as long as you comply with the license terms. For Cloud Services:

• You may cancel your subscription at any time; access continues until the end of the billing period
• We may suspend or terminate your access for violation of these Terms, non-payment, or abusive behavior, with notice when practicable
• Upon termination, your right to access Cloud Services ceases immediately; you are responsible for exporting your data before termination
• Sections that by their nature should survive termination (IP, liability, indemnification, governing law) will survive

19. Export Controls

The Service may be subject to export control laws and regulations. You agree to comply with all applicable export and re-export control laws, including the U.S. Export Administration Regulations (EAR), and you will not use, export, or re-export the Service in violation of such laws. You represent that you are not located in, or a national or resident of, any country subject to comprehensive U.S. sanctions.

20. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any legal action or proceeding arising under these Terms shall be brought exclusively in the federal or state courts located in Delaware, and you consent to personal jurisdiction in such courts.

21. Dispute Resolution

Before initiating any formal legal proceeding, you agree to first attempt to resolve any dispute informally by contacting us at support@driftrail.com. If the dispute is not resolved within 30 days, either party may proceed with formal resolution. For claims under $10,000, disputes shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. For claims over $10,000, either party may elect litigation in the courts specified in Section 20. Class action waiver: you agree to resolve disputes individually and waive any right to participate in a class action lawsuit or class-wide arbitration.

22. Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.

23. Modifications

We reserve the right to modify these Terms at any time. Material changes will be communicated via email (for registered users) or a prominent notice on the website at least 15 days before taking effect. Changes will be posted to this page with an updated effective date. Continued use of the Service after the effective date constitutes acceptance of the revised Terms. If you do not agree to the changes, you must stop using the Service.

24. Entire Agreement

These Terms, together with the Privacy Policy and the AGPLv3 license, constitute the entire agreement between you and 1SEC regarding the Service. They supersede all prior agreements, understandings, and communications, whether written or oral. No waiver of any provision shall be deemed a further or continuing waiver of that or any other provision.

25. Contact

For questions about these Terms, email us at support@driftrail.com or open an issue on our GitHub repository.