Last updated: January 1, 2025
These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer," "you," or "your") and PatchGuard Inc. ("PatchGuard," "we," "our," or "us"), a Delaware corporation with its principal place of business at 1100 Connecticut Ave NW, Washington, DC 20036.
By accessing patchguardx.com, creating an account, or using any PatchGuard service, product, or platform (collectively, the "Services"), you agree to be bound by these Terms. If you are accessing the Services on behalf of a company or other legal entity, you represent and warrant that you have authority to bind that entity to these Terms. In that case, "you" refers to that entity.
If you do not agree to these Terms, do not access or use the Services. If you have questions about these Terms, contact us at team@patchguardx.com before using the Services.
PatchGuard provides a software-as-a-service (SaaS) platform for vulnerability prioritization, automated patch deployment, compliance reporting, and security operations management across hybrid cloud and on-premises infrastructure. The specific features and capabilities available to you depend on your subscription plan as described at patchguardx.com/pricing.
PatchGuard reserves the right to modify, update, or discontinue any feature of the Services with reasonable advance notice. Material changes that substantially reduce Service functionality will be communicated with at least 30 days' notice. Continued use of the Services after such notice constitutes acceptance of the changes.
To access most features of the Services, you must create an account. You must provide accurate, current, and complete information during registration and maintain that information's accuracy throughout your subscription. Accounts registered with false information are subject to immediate termination.
You must be at least 18 years of age to create an account. By creating an account, you represent that you meet this age requirement and that you have the legal authority to enter contracts in your jurisdiction.
You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must immediately notify PatchGuard at team@patchguardx.com of any unauthorized access to or use of your account. PatchGuard is not liable for any loss or damage arising from your failure to comply with this security obligation.
PatchGuard requires multi-factor authentication (MFA) for all accounts with access to production deployment capabilities. Disabling MFA on such accounts is a violation of these Terms and may result in suspension of deployment functionality.
PatchGuard issues API keys and supports storage of cloud provider credentials to enable platform integrations. You are responsible for the security of any API keys issued to your account. PatchGuard will not ask for your API keys via email or phone. API keys are stored encrypted and should be treated as confidential credentials. Revoke and reissue any API key you believe may have been compromised.
PatchGuard offers subscription plans described on the pricing page at patchguardx.com/pricing. Subscription plans are priced based on the number of managed assets (hosts, containers, and other scannable endpoints) and the features included in each tier. Plan limits and features are described at time of subscription and may be updated with notice as described in Section 2.
Paid subscriptions are billed monthly or annually, depending on the plan you select. Billing occurs on the first day of each billing cycle for the upcoming period. Annual subscriptions are billed in advance for the full year. All fees are stated in US dollars.
Payment is processed through Stripe Inc. You authorize PatchGuard to charge your payment method on file for all subscription fees as they come due. If a payment fails, PatchGuard will retry the charge up to three times over a 10-day period. If payment remains unsuccessful after three attempts, your account may be suspended until payment is received. Reactivation requires payment of all overdue amounts.
Subscription fees are non-refundable except as described in Section 4.3 (Refund Policy) or as required by applicable law.
Monthly subscriptions: No refunds for partial months. You may cancel at any time and will retain access through the end of the paid billing period. No refund is issued for unused time in the current billing period.
Annual subscriptions: If you cancel within 14 days of your initial annual subscription purchase (the "evaluation period"), you may request a full refund by contacting team@patchguardx.com. After the 14-day evaluation period, annual subscription fees are non-refundable.
If PatchGuard materially fails to provide the contracted Services for a continuous period of more than 5 days due to causes within PatchGuard's control, you may request a pro-rated credit for the affected period. Credits are applied to future billing cycles and are not convertible to cash.
Subscription fees are exclusive of all applicable taxes, levies, or duties imposed by taxing authorities. You are responsible for payment of all such taxes associated with your subscription, excluding taxes based on PatchGuard's net income. If PatchGuard is required to collect taxes in your jurisdiction, those taxes will be added to your invoice.
PatchGuard may adjust subscription pricing with at least 60 days' advance notice delivered to your account email address. Price changes take effect at the start of your next billing cycle following the notice period. If you do not accept the new pricing, you may cancel your subscription before the effective date without penalty.
You may use the Services to scan, inventory, prioritize, and remediate vulnerabilities on infrastructure that you own, operate, or have explicit written authorization to manage. You may use the Services for all features described in your subscription plan, in accordance with these Terms and any applicable documentation.
You must not use the Services to:
(a) Scan, access, or attempt to remediate systems that you do not own or do not have explicit written authorization to manage. Unauthorized scanning of third-party systems through the PatchGuard platform is a violation of these Terms and may violate applicable computer fraud and abuse laws, including the Computer Fraud and Abuse Act (18 U.S.C. § 1030) and equivalent statutes in other jurisdictions.
(b) Interfere with, disrupt, or overload PatchGuard's infrastructure, servers, or networks, including by submitting excessive API requests beyond your plan's rate limits.
(c) Attempt to gain unauthorized access to PatchGuard's backend systems, other customers' data, or any accounts you do not own.
(d) Use the Services to facilitate attacks on third parties, including using vulnerability data collected through the Services to exploit weaknesses in systems you do not own or manage.
(e) Reverse engineer, decompile, disassemble, or attempt to derive the source code of the PatchGuard platform or any component thereof, except to the extent permitted by applicable law notwithstanding this restriction.
(f) Resell, sublicense, or otherwise make the Services available to third parties outside of your organization without PatchGuard's prior written consent.
(g) Use the Services in violation of any applicable law, regulation, or these Terms.
You retain all ownership and intellectual property rights in your infrastructure data, vulnerability findings, and any other data you provide to or generate through the Services ("Customer Data"). PatchGuard does not claim ownership of Customer Data.
You grant PatchGuard a limited, non-exclusive license to access, process, store, and use Customer Data solely as necessary to provide the Services, fulfill our obligations under these Terms, and as described in our Privacy Policy. This license does not authorize PatchGuard to use Customer Data for any purpose unrelated to providing the Services to you.
All intellectual property in the PatchGuard platform, including the software, vulnerability scoring algorithms, user interface, documentation, and all improvements and derivatives thereof, belongs exclusively to PatchGuard. Nothing in these Terms transfers any PatchGuard intellectual property rights to you. Your subscription grants you a limited, non-exclusive, non-transferable right to access and use the Services during your subscription term.
PatchGuard may collect and use anonymized, aggregated data derived from Customer Data — for example, aggregate statistics about CVE remediation timelines across the platform or statistical patterns in vulnerability distribution — provided that such aggregate data cannot reasonably be used to identify you, your organization, or your specific systems. This aggregate data may be used to improve the Services, publish industry research, and develop benchmarking features.
Each party may disclose to the other party certain confidential information ("Confidential Information") in connection with the Services. Confidential Information includes: for you, your Customer Data, infrastructure details, security posture information, and business information; for PatchGuard, our platform technology, pricing (other than publicly listed prices), and non-public product roadmap.
Each party agrees to: protect the other party's Confidential Information using at least the same degree of care it uses for its own confidential information (no less than reasonable care); use Confidential Information only for the purposes contemplated by these Terms; and not disclose Confidential Information to any third party without prior written consent, except to employees or contractors who need it to fulfill obligations under these Terms and who are bound by confidentiality obligations at least as protective as these Terms.
These confidentiality obligations do not apply to information that: is or becomes publicly known through no breach by the receiving party; was rightfully known to the receiving party before disclosure; is received from a third party without restriction; or is required to be disclosed by law or court order, provided the receiving party provides timely notice to the disclosing party to permit seeking a protective order.
PatchGuard targets 99.5% monthly uptime for the core platform (dashboard, API, scan scheduling, and deployment execution). Scheduled maintenance windows communicated at least 48 hours in advance are excluded from uptime calculations. Actual uptime metrics are available on our status page.
Technical support is available via email at team@patchguardx.com. Response time targets vary by subscription plan: Standard plan — first response within 2 business days; Professional plan — first response within 1 business day; Enterprise plan — first response within 4 business hours for Priority 1 incidents. Support terms are described in the applicable plan documentation and may be subject to a separate support addendum for Enterprise customers.
THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE.
PATCHGUARD DOES NOT WARRANT THAT: (a) THE SERVICES WILL MEET ALL OF YOUR REQUIREMENTS; (b) THE SERVICES WILL OPERATE ERROR-FREE OR WITHOUT INTERRUPTION; (c) VULNERABILITY SCANNING RESULTS WILL BE COMPLETE OR FREE FROM FALSE POSITIVES OR FALSE NEGATIVES; (d) AUTOMATED PATCH DEPLOYMENTS WILL SUCCEED ON ALL TARGET SYSTEMS OR WILL NOT CAUSE SERVICE DISRUPTION ON ANY TARGET SYSTEM; OR (e) THE SERVICES WILL PREVENT ALL SECURITY INCIDENTS ON YOUR INFRASTRUCTURE.
You acknowledge that vulnerability management is one component of a security program and that use of the Services does not guarantee that your infrastructure will be free from security incidents, breaches, or unauthorized access.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PATCHGUARD'S TOTAL LIABILITY FOR ANY CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES — WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE — WILL NOT EXCEED THE TOTAL AMOUNTS PAID BY YOU TO PATCHGUARD DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE CLAIM.
IN NO EVENT WILL PATCHGUARD BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, OR THE COST OF SUBSTITUTE GOODS OR SERVICES, EVEN IF PATCHGUARD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY OF LIABILITY.
SOME JURISDICTIONS DO NOT ALLOW CERTAIN EXCLUSIONS OR LIMITATIONS OF LIABILITY. IN SUCH JURISDICTIONS, THE ABOVE LIMITATIONS APPLY TO THE FULLEST EXTENT PERMITTED BY LAW.
You agree to indemnify, defend, and hold harmless PatchGuard, its officers, directors, employees, agents, and successors from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) your use of the Services in violation of these Terms; (b) your breach of any representation, warranty, or obligation in these Terms; (c) your use of the Services to scan or remediate systems you were not authorized to access; or (d) any third-party claims arising from your Customer Data.
You may cancel your subscription at any time through your account settings or by contacting team@patchguardx.com. Cancellation takes effect at the end of the current billing period. After cancellation, your access to the platform is terminated and your Customer Data will be retained for 30 days to allow data export, after which it will be deleted in accordance with our data retention policy.
PatchGuard may suspend or terminate your account immediately if you: breach any provision of these Terms; fail to pay subscription fees after a grace period; use the Services to conduct unauthorized scanning or attack third-party systems; or pose a security risk to PatchGuard or other customers. PatchGuard will provide notice of termination via email except where immediate action is required to prevent ongoing harm.
Upon termination, your right to access and use the Services immediately ceases. Sections of these Terms that by their nature should survive termination — including intellectual property provisions, limitation of liability, indemnification, and governing law — will survive.
PatchGuard provides a REST API for programmatic access to platform features. API access is governed by these Terms plus any rate limits and authentication requirements specified in the API documentation. You may not use the API to: build competing products or services; scrape or bulk-export platform data beyond what your subscription authorizes; circumvent the platform's security controls; or exceed API rate limits. PatchGuard may deprecate API endpoints with 90 days' notice. Breaking changes to API endpoints will be communicated via versioned API releases.
These Terms are governed by the laws of the State of Delaware, without regard to its conflict of law provisions. Any dispute arising from or related to these Terms or the Services that cannot be resolved informally will be submitted to binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, with arbitration conducted in Washington, DC. The arbitrator's decision will be final and binding, and may be entered as a judgment in any court of competent jurisdiction.
You waive any right to bring claims in a class action or representative capacity. You and PatchGuard agree that any arbitration will be conducted individually, not as part of a class proceeding.
Nothing in this section prevents either party from seeking injunctive or other equitable relief from a court of competent jurisdiction to prevent irreparable harm pending the outcome of arbitration.
Entire Agreement: These Terms, together with the Privacy Policy, Cookie Policy, and any order forms or addenda executed by the parties, constitute the entire agreement between you and PatchGuard regarding the Services and supersede all prior agreements, representations, and understandings.
Severability: If any provision of these Terms is found to be unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force and effect.
Waiver: No failure or delay by PatchGuard in exercising any right under these Terms operates as a waiver of that right.
Assignment: You may not assign these Terms or any rights under them without PatchGuard's prior written consent. PatchGuard may assign these Terms in connection with a merger, acquisition, or sale of substantially all of its assets.
Notices: Notices to you will be sent to the email address associated with your account. Notices to PatchGuard should be sent to team@patchguardx.com or by mail to PatchGuard Inc., 1100 Connecticut Ave NW, Washington, DC 20036.
Force Majeure: Neither party will be liable for delays or failures in performance resulting from causes beyond its reasonable control, including natural disasters, acts of government, power or internet failures, or civil unrest, provided the affected party uses reasonable efforts to resume performance as quickly as practicable.
For questions about these Terms, contact:
PatchGuard Inc.
1100 Connecticut Ave NW
Washington, DC 20036
Email: team@patchguardx.com
Phone: +1 (202) 637-4182