AISLE Pro Terms of Use

Last Updated: February 27, 2026

These AISLE Pro Terms of Use (the "Terms") govern your access to and use of the AISLE Pro and related services, features, websites, apps, integrations, and software that AISLE makes available for security analysis of code changes in GitHub pull requests (collectively, the "Service").

IMPORTANT — PLEASE READ CAREFULLY. By clicking "I agree" (or checking a box indicating acceptance), installing the GitHub App, enabling the Service on any repository, or otherwise accessing or using the Service, you ("Customer," "you") agree to be bound by these Terms. If you are entering into these Terms on behalf of an organization, you represent that you have authority to bind that organization, and "Customer" includes that organization.

If you do not agree to these Terms, do not access or use the Service.

1. Definitions

"AISLE" means Aisle, Inc. (and its affiliates).

"Authorized Repository" means a GitHub repository that (a) Customer owns, or (b) Customer has express written authorization to scan/test for vulnerabilities.

"Open Source Repository" means a publicly accessible repository distributed under an open-source license or public license terms.

"Customer Content" means code, pull requests, issues, metadata, configuration, and other materials Customer (or its users) provides or makes accessible to the Service.

"Output" means findings, reports, comments, suggested fixes, explanations, and other results produced by the Service.

"Usage Data" means data about the operation and use of the Service (such as feature usage, configuration events, repository enablement events, triggers, timestamps, performance metrics, and error logs), excluding Customer Content.

"Sensitive Data" means (a) passwords, private keys, secrets, access tokens, or credentials; (b) payment card data; (c) government-issued identifiers; (d) protected health information; or (e) any other information subject to heightened legal or regulatory protection.

"Sub-processor" means a third-party service provider that processes Customer Content on AISLE's behalf in connection with the Service, including AI model providers. A current list of Sub-processors is maintained at trust.aisle.com.

"Personal Data" has the meaning given in applicable data protection laws (including GDPR Article 4(1) and analogous definitions under other privacy laws).

2. License and Permitted Use

2.1 Subscription License

Subject to these Terms and payment of applicable fees, AISLE grants Customer a limited, non-exclusive, non-transferable, revocable right to access and use the Service during the subscription term for Customer's security analysis and software development purposes, including use in connection with Open Source Repositories in accordance with Section 4, and only on Authorized Repositories.

2.2 Account and Admin Controls

Customer is responsible for (a) selecting which repositories are enabled, (b) managing GitHub permissions, and (c) ensuring only authorized users can trigger the Service.

2.3 No Resale

Customer may not resell, sublicense, or provide the Service as a managed service to third parties unless AISLE agrees in writing.

3. Authorized Repositories Only

3.1 Authorized Repositories

Customer may use the Service only on Authorized Repositories. Customer represents and warrants that it has all rights and permissions necessary to (a) grant the Service access to Authorized Repositories and (b) process Customer Content.

3.2 Prohibited Unauthorized Testing

Customer will not (and will not permit any third party to) use the Service to:

  • scan, analyze, test, or attempt to discover vulnerabilities in any repository, system, application, or environment without authorization;
  • violate or circumvent GitHub or any third-party access controls;
  • engage in exploitation, attack activity, or attempts to compromise systems or data;
  • use the Service for illegal, harmful, or malicious purposes.

3.3 Suspension

AISLE may immediately suspend or terminate access if AISLE reasonably believes Customer has violated this Section 3.

AISLE may suspend or restrict Customer's access to the Service (in whole or in part) if AISLE reasonably determines that such action is necessary to prevent or mitigate harm, including to protect the Service, AISLE, Customer, other customers, third parties, or the public, or to address suspected abuse, misuse, security incidents, or illegal activity. Where practicable, AISLE will provide notice and an opportunity to remediate.

4. Open Source Repositories, Attribution, and Responsible Disclosure

4.1 Open Source Use Conditions

For avoidance of doubt, Open Source Repositories are not exempt from Section 3. Customer may use the Service on an Open Source Repository only if:

  • the repository is an Authorized Repository (meaning Customer owns it or has express written authorization to perform security testing), or the repository's published policies expressly permit good-faith security testing (for example, a SECURITY.md policy, security.txt, vulnerability disclosure policy, or bug bounty rules); and
  • the repository's license and rules permit such use; and
  • Customer complies with this Section 4.

4.2 Responsible Disclosure and Attribution

If Customer becomes aware of a previously undisclosed security vulnerability affecting an Open Source Repository that Customer identifies, validates, or discovers or confirms with material assistance from using the Service ("OSS Vulnerability"), Customer agrees to:

  • Notify AISLE at [email protected] before public disclosure, to enable coordination and avoid duplicate reports. AISLE will respond within five (5) business days to confirm whether the vulnerability has already been reported or whether AISLE has an active remediation relationship with the maintainer. If AISLE does not respond within five (5) business days, Customer may proceed with responsible disclosure without further delay;
  • Follow responsible disclosure practices, including giving maintainers a reasonable opportunity to remediate prior to public disclosure where feasible;
  • In any public advisory, blog post, conference talk, or similar publication about the OSS Vulnerability, credit "AISLE Research" (or another attribution string AISLE designates) as a discovery tool or co-discoverer. Customer is also encouraged to include AISLE Research in CVE credit fields where the CVE Numbering Authority's policies permit tool-assisted or co-discovery credits.

4.3 No Exploitation / No Brokering

Customer will not use the Service to facilitate exploitation of OSS Vulnerabilities or to trade, sell, broker, or weaponize exploit details.

4.4 Good-Faith Security Research Baseline

When using the Service in connection with Open Source Repositories (or any permitted third-party repository), Customer agrees to conduct research responsibly and in good faith, including:

  • not accessing, modifying, or copying data that does not belong to Customer (or that Customer is not authorized to access);
  • not disrupting or degrading services (including avoiding denial-of-service attempts);
  • not using social engineering or physical security attacks;
  • not sharing vulnerability details publicly until it is reasonably safe to do so under responsible disclosure practices.

5. Customer Responsibilities

Customer is responsible for:

  • ensuring it has authority to enable the Service on each enabled repository;
  • ensuring repository selection, triggers, and GitHub permissions are configured safely;
  • reviewing Output before acting on it;
  • complying with all applicable laws and third-party terms (including GitHub's terms).

5.1 Responsibility for Access Granted

Customer is responsible for the acts and omissions of its users and any person to whom Customer provides access to the Service (including by installing the GitHub App within an organization), even if such use was not authorized by Customer.

5.2 Incidental Sensitive Data

Customer should avoid intentionally submitting Sensitive Data to the Service. Customer acknowledges that source code repositories may incidentally contain Sensitive Data (such as accidentally committed credentials, API keys, or tokens). AISLE does not intentionally extract, index, or persistently store Sensitive Data encountered during analysis. If AISLE's automated systems detect potential secrets, AISLE may flag them in Output but will not retain them beyond the analysis session. Customer is responsible for removing Sensitive Data from repositories before enabling the Service where practicable, and for rotating any credentials that may have been exposed.

6. Usage Limits, Security, and Monitoring

6.1 Usage Limits

AISLE may impose usage limits (e.g., number of repositories, number of analyses, rate limits) based on the plan purchased. AISLE may enforce limits via technical controls.

6.2 Security Measures

AISLE may use reasonable technical and organizational measures designed to protect the Service. Customer is responsible for its own security configuration and GitHub access permissions.

6.3 Telemetry; Usage Data

The Service may generate or collect Usage Data to operate, secure, support, maintain, and improve the Service, including to investigate, prevent, or respond to suspected abuse, misuse, security incidents, or harm. AISLE may use and retain Usage Data in aggregated and de-identified form for analytics and product improvement.

6.4 Security Incident Notification

If AISLE becomes aware of an unauthorized access to or disclosure of Customer Content ("Security Incident"), AISLE will (a) notify affected Customer(s) without undue delay (and in any event within seventy-two (72) hours of confirmation), (b) take reasonable steps to contain and remediate the incident, and (c) provide Customer with information reasonably necessary to understand and respond to the incident, including the nature of the data affected and the measures AISLE has taken or plans to take. This notification obligation does not apply to unsuccessful or immaterial incidents (such as failed login attempts, port scans, or denial-of-service attacks that do not result in unauthorized access to Customer Content).

7. Intellectual Property

7.1 AISLE IP

The Service (including software, models, workflows, UI, and underlying technology) is owned by AISLE or its licensors. No rights are granted except as expressly stated.

7.2 Customer Content

As between the parties, Customer retains rights in Customer Content. Customer grants AISLE a limited license to host, process, transmit, and analyze Customer Content solely to provide, secure, and improve the Service.

7.3 Feedback

If Customer provides suggestions, ideas, or feedback, Customer grants AISLE a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate that feedback without restriction.

7.4 AI Training

AISLE will not use Customer Content to train or fine-tune AI or machine learning models without Customer's explicit opt-in consent. AISLE may use Usage Data (as defined in Section 1) in aggregated and de-identified form to improve the Service regardless of opt-in status, provided such data cannot reasonably be used to reconstruct Customer Content.

8. Acceptable Use Restrictions

Customer will not:

  • reverse engineer, decompile, disassemble, or attempt to derive source code or underlying models of the Service;
  • interfere with or disrupt the Service, bypass rate limits, or attempt to access systems or data not intended for Customer;
  • bypass, disable, or circumvent any measures, repository-selection controls, guardrails, access controls, or technical limitations intended to restrict use of the Service;
  • use the Service to generate or facilitate malware, exploitation instructions, or other harmful content;
  • remove or alter proprietary notices.

9. Output and AI Disclaimer

  • The Service may use AI techniques and may produce incomplete, incorrect, or outdated Output.
  • Output is not a substitute for professional security review.
  • Customer is solely responsible for verifying Output and for any actions taken based on Output.
  • AISLE does not guarantee that the Service will identify all vulnerabilities or that suggested fixes will be correct.

10. Fees

If Customer's use of the Service is subject to fees, Customer will pay all fees according to the plan selected at purchase. Fees are non-refundable except as required by law or as expressly stated by AISLE in writing. If the Service is provided at no charge (whether as a free tier, partner arrangement, or otherwise), AISLE may modify or discontinue the free Service at any time without liability.

Customer is responsible for all taxes, duties, and similar governmental assessments, except taxes based on AISLE's net income.

11. Termination

11.1 Term

These Terms remain in effect until terminated.

11.2 Termination

Either party may terminate these Terms for material breach if the breach is not cured within 14 days after written notice.

AISLE may immediately terminate (or suspend, in accordance with Section 3) upon notice if Customer:

  • breaches Section 3 (Authorized Repositories Only) or Section 8 (Acceptable Use Restrictions);
  • uses the Service for illegal, harmful, or malicious purposes; or
  • fails to pay undisputed fees when due (after any required notice, if applicable).

11.3 Effect of Termination

Upon termination, Customer must stop using the Service and disable/uninstall the GitHub App where applicable. Sections that by their nature should survive will survive (including IP, disclaimers, limitation of liability, and indemnity).

12. Warranty Disclaimer

To the maximum extent permitted by law, the Service and Output are provided "as is" and "as available." AISLE disclaims all warranties, express or implied, including implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement. AISLE does not warrant that the Service will be uninterrupted, error-free, or that it will identify all vulnerabilities.

13. Limitation of Liability

To the maximum extent permitted by law:

  • AISLE will not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, data, or goodwill.
  • AISLE's total liability arising out of or related to the Service will not exceed the fees paid by Customer for the Service in the 12 months before the event giving rise to liability.

Some jurisdictions do not allow certain limitations; in those jurisdictions, liability will be limited to the maximum extent permitted by law.

14. Indemnity

Customer will defend, indemnify, and hold harmless AISLE and its affiliates, officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to Customer's willful or negligent acts or omissions in connection with:

  • Customer's breach of these Terms;
  • Customer's unauthorized security testing or other violation of Section 3;
  • Customer Content or Customer's use of the Service in violation of law or third-party terms;
  • any allegation that Customer's use of the Service (including enabling it on any repository) infringes, misappropriates, or otherwise violates a third party's rights.

15. Changes to These Terms

AISLE may update these Terms from time to time. If changes are material, AISLE will provide reasonable notice (e.g., by posting an updated version and updating the "Last Updated" date). Continued use of the Service after the effective date constitutes acceptance.

16. Governing Law; Dispute Resolution

These Terms are governed by the laws of the State of Delaware, excluding its conflict of laws rules. Any disputes will be brought in the state or federal courts located in Delaware, and each party consents to personal jurisdiction and venue there.

17. Contact

Questions about these Terms or the Service:

18. Export Controls and Sanctions

The Service may be subject to U.S. export control and sanctions laws, including the Export Administration Regulations (EAR) and programs administered by the Office of Foreign Assets Control (OFAC). Customer represents and warrants that:

  • (a) Customer is not located in, organized under the laws of, or a resident of any country or territory subject to comprehensive U.S. sanctions (currently Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine);
  • (b) Customer is not identified on any U.S. government restricted party list (including the Specially Designated Nationals list, Entity List, or Denied Persons List);
  • (c) Customer will not use, export, re-export, or transfer the Service in violation of applicable export control or sanctions laws.

AISLE may suspend or terminate access without notice if AISLE reasonably determines that continued provision of the Service would violate export control or sanctions requirements.

19. Eligibility

The Service is intended for use by individuals who are at least 16 years of age (or the minimum age required in Customer's jurisdiction to enter into a binding agreement). By using the Service, Customer represents that Customer meets this age requirement.

If you have questions about these Terms, please contact us at [email protected]. See also our Privacy Policy.