Last updated: March 18, 2026
These Terms of Service ("Terms") govern your access to and use of the services provided by DepTools SAS ("DepTools", "we", "us", or "our"), a company registered in Paris, France. By creating an account or using deptools.io, you agree to be bound by these Terms.
If you do not agree to these Terms, you must not use our services.
These Terms should be read alongside our Privacy Policy, which explains how we collect and process your personal data.
Company
DepTools SAS — Paris, France
Legal contact
legal@deptools.ioGoverning law
French law
Jurisdiction
Tribunal de Commerce de Paris
DepTools provides dependency analysis, security scoring, and vulnerability detection on a best-effort basis. Our results are generated automatically from publicly available data sources (including the NVD) and heuristic scoring models.
We cannot guarantee the completeness, accuracy, or timeliness of our analysis results. Vulnerabilities may go undetected, scores may not reflect the latest information, and our assessments do not constitute professional security audits.
Any decision made — technical, legal, or otherwise — based on information provided by DepTools must be independently verified before being acted upon. Do not rely solely on our results for critical security or compliance decisions.
DepTools is a software dependency analysis platform that allows developers and organizations to:
The service is provided "as is" and "as available". We do not guarantee uninterrupted availability and reserve the right to modify, suspend, or discontinue any part of the service at any time with reasonable notice.
Project visibility
The visibility of a project on DepTools mirrors its visibility on GitHub: repositories that are public on GitHub generate an analysis dashboard accessible to anyone without authentication at a publicly reachable URL on deptools.io — including the dependency graph, health scores, and vulnerability information. Private repositories are never exposed publicly. You are solely responsible for the visibility of your repositories on GitHub and its consequences on DepTools.
To use DepTools, you must:
You are responsible for all activity that occurs under your account. You must notify us immediately at legal@deptools.io if you suspect unauthorized access to your account.
If you use DepTools on behalf of an organization, you represent that you have the authority to bind that organization to these Terms. The organization is then considered the account holder and is responsible for all activity occurring under its account, including the actions of any individuals accessing the service through the organization's account.
DepTools offers the following subscription plans:
| Plan | Price | Key limits |
|---|---|---|
| Free | $0 | Up to 10 public repositories |
| Open Source Max | $19/mo or $199/yr | Unlimited public repositories |
| Pro | $39/mo or $399/yr | Unlimited public + 3 private repositories included (+$5/mo per additional private repo) |
Prices are listed in USD and are subject to change. Any pricing change will be communicated to active subscribers at least 30 days in advance. Payments are processed by Lemon Squeezy, which acts as the merchant of record. By subscribing, you also agree to Lemon Squeezy's Terms of Service.
Automatic renewal. All paid subscriptions renew automatically at the end of each billing period (monthly or annual) until cancelled. You can cancel at any time via the Lemon Squeezy customer portal; cancellation takes effect at the end of the current billing period, with no further charges.
Failed payments. In the event of a failed payment, your subscription will enter a grace period of approximately 14 days during which access remains active and payment retries are attempted automatically. If payment is not resolved within this period, access to the service will be suspended until the outstanding balance is settled. You will be notified by email throughout this process.
Paid plans include a 14-day free trial. No payment is charged during the trial period. You may cancel at any time before the trial ends without any charge. After 14 days, your subscription will automatically convert to a paid plan.
Given that a free trial is provided prior to any charge, all payments are final and non-refundable once the trial period has ended and billing has commenced.
In accordance with French consumer law (Article L221-28 of the Code de la consommation), by starting your subscription and using the service immediately following the trial, you expressly waive your right of withdrawal for the paid subscription period.
When you downgrade your subscription plan, the following rules apply:
Pro → any lower plan
Access to all private repositories is immediately revoked. Private repository data (metadata, analysis results) is permanently deleted. Only the Pro plan includes access to private repositories.
Open Source Max → Free
The Free plan is limited to 10 public repositories. If you have more than 10, repositories exceeding the limit will be automatically deleted, starting with those that have the oldest last scan date, until the limit is reached.
We recommend reviewing your repository list and exporting any data you wish to keep before initiating a downgrade. Deleted data cannot be recovered.
You agree not to use DepTools to:
We reserve the right to suspend or terminate accounts that violate these rules without prior notice.
You agree to defend, indemnify, and hold harmless DepTools SAS and its officers, employees, and agents from and against any claims, damages, losses, and expenses (including reasonable legal fees) arising out of or relating to your use of the service in violation of these Terms, applicable law, or the rights of any third party — including claims arising from the analysis of repositories you are not authorized to access.
The DepTools platform, including its software, interface, algorithms, and branding, is the exclusive property of DepTools SAS. Nothing in these Terms grants you any ownership rights in the platform.
You retain all ownership rights to your repositories and source code. By connecting a repository to DepTools, you grant us a limited, non-exclusive license to access and process the necessary dependency manifest files solely for the purpose of providing the analysis service. We do not claim ownership of your data.
To connect your repositories, DepTools requests the following GitHub permissions: read:user, user:email, read:org (OAuth), and via our GitHub App: repository contents and metadata (read-only), and organization members (read-only). We request only the minimum permissions required to provide the service.
GitHub access tokens are stored securely for the duration of your account and are permanently deleted upon account deletion. Revoking GitHub access via GitHub's own settings does not automatically delete your data from DepTools. To remove your data, you must delete your account from your DepTools account settings.
The dependency graphs, scores, and analysis reports generated from your repositories are made available to you for your own use. We may use anonymized and aggregated data for internal product improvement purposes only.
DepTools integrates with third-party services including GitHub and Lemon Squeezy. Your use of those services is governed by their own terms:
We are not responsible for the availability, content, or practices of any third-party service.
The service is provided "as is" and "as available", without warranty of any kind, express or implied. To the fullest extent permitted by law, DepTools SAS disclaims all warranties, including but not limited to:
DepTools is a decision-support tool. It does not replace a professional security audit. All outputs must be independently reviewed before being used as the basis for any technical, legal, or compliance decision.
To the maximum extent permitted by applicable law, DepTools SAS shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of data, loss of profits, or damages resulting from:
In any case, DepTools SAS's total liability to you for any claim arising from the use of the service shall not exceed the amount you paid to DepTools in the twelve (12) months preceding the event giving rise to the claim.
DepTools SAS shall not be liable for any failure or delay in the performance of its obligations resulting from causes beyond its reasonable control, including but not limited to GitHub service outages, third-party infrastructure failures, internet disruptions, natural disasters, acts of government, or any other event outside our reasonable control. In such cases, our obligations are suspended for the duration of the event.
You may delete your account at any time from your account settings. Upon deletion, all your personal data and repository data will be immediately and permanently removed, except where retention is required by law. Active paid subscriptions must be cancelled beforehand through the Lemon Squeezy customer portal.
We reserve the right to suspend or terminate your account without prior notice in the event of a material breach of these Terms, fraudulent activity, or conduct that poses a risk to other users or to the integrity of the service. Where possible, we will notify you by email before taking action.
We retain your data only for as long as necessary to provide the service. The following retention periods apply:
For more details on how we process your personal data, please refer to our Privacy Policy.
We may update these Terms from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, registered users will be notified by email at least 14 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the revised Terms.
These Terms are governed by French law. Any dispute arising from or relating to these Terms or the use of the service that cannot be resolved amicably shall be submitted to the exclusive jurisdiction of the Tribunal de Commerce de Paris.
These Terms, together with the Privacy Policy and Cookie Policy, constitute the entire agreement between you and DepTools SAS regarding the service and supersede any prior agreements, representations, or understandings.
If any provision of these Terms is found to be invalid or unenforceable by a court of competent jurisdiction, that provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall continue in full force and effect.
DepTools SAS may assign its rights and obligations under these Terms in connection with a merger, acquisition, or sale of assets, without your prior consent. You may not assign your rights or obligations under these Terms without our prior written consent.
Our failure to enforce any right or provision of these Terms shall not be considered a waiver of those rights.
For any questions or concerns regarding these Terms, please contact us at legal@deptools.io.