Terms of Service

Last updated: February 8, 2026

Introduction

These Terms of Service ("Terms") govern your use of the Verimu website at verimu.com and the Verimu service, including the Verimu npm package, GitHub App, and API (collectively, the "Service").

By using the Service, you agree to be bound by these Terms. If you do not agree with any of these Terms, you must not use the Service.

Use of the Service

The Service is intended for use by software development teams and organizations to generate Software Bills of Materials (SBOMs), monitor for vulnerabilities, and support compliance with the EU Cyber Resilience Act. You may use the Service only for lawful purposes and in accordance with these Terms.

Accounts

To use certain features of the Service, you may need to create an account. You are responsible for maintaining the confidentiality of your account credentials, including any API keys, and for all activity that occurs under your account.

You must notify us immediately at hi@fullstackcraft.com of any unauthorized use of your account.

Intellectual Property

Other than the content you own (including your source code and dependency data), Verimu and/or its licensors own all intellectual property rights and materials contained in the Service. You are granted a limited, non-exclusive license to use the Service for its intended purpose.

The Verimu npm package is released under the MIT License. The terms of that license apply to your use of the package.

Restrictions

You are specifically restricted from:

  • Selling, sublicensing, or otherwise commercializing any Service material (excluding generated SBOMs and reports, which are yours)
  • Using the Service in any way that is or may be damaging to the Service
  • Using the Service in any way that impacts other users' access
  • Using the Service contrary to applicable laws and regulations
  • Engaging in unauthorized data mining, scraping, or extraction of the Service
  • Using the Service to engage in any advertising or marketing without our consent

Your Content

"Your Content" refers to the dependency manifests, SBOMs, and other project data you submit to or generate through the Service. You retain all rights to Your Content. By using the Service, you grant Verimu a limited license to process Your Content solely for the purpose of providing the Service to you.

Verimu does not access, read, or store your source code. We only process dependency manifests (e.g., lockfiles) necessary to generate SBOMs and perform vulnerability scans.

No Warranties

The Service is provided "as is," with all faults, and Verimu makes no representations or warranties of any kind related to the Service or the materials contained therein. Nothing in the Service shall be interpreted as legal, compliance, or security advice.

While Verimu is designed to support CRA compliance, the use of Verimu does not guarantee compliance with the EU Cyber Resilience Act or any other regulation. You are responsible for ensuring your own regulatory compliance.

Limitation of Liability

In no event shall Verimu, nor any of its officers, directors, and employees, be held liable for anything arising out of or in any way connected with your use of the Service, whether such liability is under contract, tort, or otherwise. Verimu, including its officers, directors, and employees, shall not be held liable for any indirect, consequential, or special liability arising out of or in any way related to your use of the Service.

Indemnification

You hereby indemnify to the fullest extent Verimu from and against any and all liabilities, costs, demands, causes of action, damages, and expenses arising in any way related to your breach of any of the provisions of these Terms.

Severability

If any provision of these Terms is found to be invalid under any applicable law, such provision shall be deleted without affecting the remaining provisions herein.

Variation of Terms

Verimu is permitted to revise these Terms at any time as it sees fit. By using the Service, you are expected to review these Terms on a regular basis. We will notify users of material changes via email or through the Service.

Assignment

Verimu is allowed to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification. You are not allowed to assign, transfer, or subcontract any of your rights and/or obligations under these Terms without Verimu's written consent.

Entire Agreement

These Terms constitute the entire agreement between Verimu and you in relation to your use of the Service, and supersede all prior agreements and understandings.

Governing Law & Jurisdiction

These Terms will be governed by and interpreted in accordance with the laws of the Republic of Austria and the applicable laws of the European Union. You submit to the non-exclusive jurisdiction of the courts located in Vienna, Austria for the resolution of any disputes.

Contact

If you have questions about these Terms, contact us at hi@fullstackcraft.com.