Terms of Service

Last Updated: January 14, 2026

1. Acceptance of Terms

By accessing or using Cremit's services, you agree to be bound by these Terms of Service ("Terms"). If you disagree with any part, you may not access the service.

Service Provider:

Cremit Security Inc.

Seoul, South Korea

Email: hi@cremit.io

2. Service Description

Cremit provides non-human identity (NHI) security management platform including:

Identity inventory and discovery

Secret scanning and detection

Lifecycle automation

Threat detection and response

3. Account Registration

3.1 Eligibility

You must be 16 years or older

You must provide accurate information

One account per user or organization

3.2 Account Security

You are responsible for maintaining account security

Notify us immediately of unauthorized access

You are liable for all activities under your account

4. Service Plans

4.1 Free Tier

Available with no time limit

Limited features and usage

Subject to fair use policy

4.2 Paid Plans

Multiple subscription tiers available

Pricing available at cremit.io/pricing

Billed monthly or annually

Usage limits based on plan and credits

4.3 Payment

Processed through Polar.sh or Stripe

Wire transfer available for enterprise

Prices exclude applicable taxes

No refunds except as specified in Section 6

5. API Usage and Rate Limits

5.1 Usage Limits

API usage subject to plan limits

Credit-based system for resource allocation

Fair use policy applies

5.2 API Terms

Do not abuse or overload our APIs

Respect rate limits

No unauthorized access attempts

6. Service Level Agreement (SLA) and Refunds

6.1 Uptime Commitment

99.5% uptime for paid plans

Scheduled maintenance excluded

Status available at status.cremit.io

6.3 Refund Policy

Service credits provided for SLA breaches (see section 6.2)

30-day money-back guarantee for new subscriptions (unused services only)

Prorated refunds for annual plans (within first 30 days, unused only)

No refunds for free tier or after 30 days

7. Data and Intellectual Property

7.1 Your Data

You Own Your Data:

You retain all rights to your data

License to Us:

You grant us limited license to process your data to provide services

Source Code:

We never store your source code

Secrets:

Detected secrets are masked and encrypted

7.2 Our Intellectual Property

Cremit platform, software, and content are our property

You may not copy, modify, or reverse engineer our services

Our trademarks and branding remain our property

8. Data Security and Privacy

8.1 Security Commitments

ISO 27001 certified

SOC 2 Ready

Encryption at rest and in transit

Private subnet architecture

Regular security audits

8.2 Zero Data Retention on Source Code

Source code is never stored

Analysis performed in-memory only

Code immediately discarded after scanning

Only metadata and detection results retained

8.3 Secret Handling

Secrets encrypted using AWS KMS

Only masked data visible

BYOK (Bring Your Own Key) available

Customer-controlled encryption keys

9. Account Termination

9.1 Termination by You

Cancel anytime from account settings

All data immediately deleted

Deletion is permanent and irreversible

No recovery possible after deletion

9.2 Termination by Us

We may suspend or terminate your account if:

You violate these Terms

Your account is inactive for 12+ months

You engage in fraudulent activity

Required by law

10. Service Modifications

We reserve the right to:

Modify or discontinue services (with notice)

Change pricing for paid plans (with 30 days notice)

Update features and functionality

Perform maintenance and upgrades

11. Warranties and Disclaimers

11.1 Service Provided "As Is"

No warranty of uninterrupted service

No guarantee of specific results

No warranty of error-free operation

11.2 Security Tools Limitation

Our service is a security tool, not insurance

Does not guarantee prevention of all security breaches

You remain responsible for your infrastructure security

12. Limitation of Liability

To the maximum extent permitted by law:

Our liability limited to fees paid in preceding 12 months

Not liable for indirect, incidental, or consequential damages

Not liable for data breaches from your security practices

Not liable for third-party service failures

13. Indemnification

You agree to indemnify and hold Cremit harmless from claims arising from:

Your use of the service

Your violation of these Terms

Your violation of any third-party rights

14. Compliance and Export

14.1 Regulatory Compliance

GDPR compliant (EU)

CCPA compliant (California)

Korean Personal Information Protection Act compliant

ISO 27001 certified

14.2 Export Restrictions

You may not use our service in violation of export laws

Service not available in sanctioned countries

15. Dispute Resolution

15.1 Governing Law

These Terms governed by the laws of South Korea.

15.2 Arbitration

Disputes resolved through binding arbitration, except:

Small claims court matters

Intellectual property disputes

16. Miscellaneous

16.1 Entire Agreement

These Terms constitute the entire agreement between you and Cremit.

16.2 Severability

If any provision is unenforceable, remaining provisions remain in effect.

16.3 No Waiver

Failure to enforce any right does not waive that right.

16.4 Assignment

You may not assign these Terms. We may assign to affiliates or successors.

17. Changes to Terms

We may modify these Terms. Changes effective upon posting. Continued use constitutes acceptance.

18. Contact Information

Questions about these Terms:

Email: hi@cremit.io

Subject: "Terms of Service Inquiry"