Terms of Service
written for developers.

Acceptance

By using kief.dev, you agree to these terms. "You" means you individually, and if you're using kief.dev on behalf of an organization, your organization as well. If you don't agree, don't use the service. These terms apply to all parts of kief.dev including the free developer tools, the Vekt API, the browser extension, and anything else hosted on this domain.

Services

kief.dev provides two categories of service:

• Free developer tools -- DNS lookup, SSL analysis, security header checks, encoding utilities, diff tools, and others. No account required. No rate limits on normal use.
• Vekt -- Supply chain security scanning for 22 lockfile formats across 12 package ecosystems. A free tier (50 scans/day) is available without an account via the web UI. Higher limits require an API key and a paid plan.

We reserve the right to change, suspend, or discontinue any feature at any time. For paid plans, we will give reasonable notice before removing features you are paying for.

Accounts and API keys

If you create a Vekt account, you are responsible for keeping your API key secure. Don't share it publicly (in source code, CI logs, or public repositories). Don't share it between unrelated people or organizations -- each person or organization should have their own key. If your key is compromised, rotate it immediately from your account dashboard and let us know.

We can revoke API keys at any time for abuse, violation of these terms, or non-payment. If we revoke for abuse, we'll tell you why. If the revocation was an error on our part, contact us and we'll fix it.

Acceptable use

The short version: use the tools for what they're built for. Specifically, do not:

• Scrape the free developer tools in an automated loop to build a competing service. These tools make real network requests on your behalf -- bulk automation puts load on third-party infrastructure we pay for.
• Use the Vekt API to build a proxy or resale service that passes our enrichment data to your own customers as if it were your own product.
• Attempt to reverse engineer the Vekt enrichment scoring, threat signal weighting, or internal analysis algorithms through systematic probing or side-channel analysis.
• Use the service in any way that violates applicable law, including attempting to scan infrastructure you do not own or have permission to test.
• Interfere with service availability for other users through excessive automated requests, denial-of-service attempts, or similar actions.

Normal use of the Vekt API in your own build pipelines, scripts, and developer workflows is exactly what it's built for -- no restrictions there.

Intellectual property

Output generated by the tools on kief.dev is yours. Scan results, decoded values, DNS records, SSL certificate data -- whatever the tool produces for your query, you own it. We claim no rights to tool output.

The kief.dev site, the Vekt product, and the Kief Studio name and logo are trademarks of Kief Studio LLC. Don't use our names, logos, or branding in a way that implies endorsement or affiliation without our written permission. Linking to us is fine. Saying "built with Vekt" in your docs is fine. Implying we partner with or endorse your product is not.

Payment and billing

All payments are processed by Stripe. Current Vekt pricing:

• Pro: $9/month -- includes 5,000 scans/day
• Team: $29/month -- includes 50,000 scans/day and team API key management
• Overage: $0.005 per scan beyond your plan's daily limit
• Enterprise: Custom pricing, volume discounts, SLA -- contact [email protected]

Billing is monthly. You can cancel anytime from your account dashboard -- cancellation takes effect at the end of your current billing period. We do not issue refunds for partial months. If there is a billing error on our part, we will make it right.

Disclaimers

kief.dev tools and Vekt scans are provided as-is. Security scanning is advisory -- it tells you about known vulnerabilities in the packages you are using based on public vulnerability databases. It does not guarantee that your software is secure, and it does not detect unknown vulnerabilities, zero-days, or vulnerabilities not yet disclosed to OSV.dev or NVD.

We are not liable for: missed vulnerabilities in your dependencies, false positives that cause you to remove a package unnecessarily, security incidents that occur despite clean scan results, or decisions you make based on scan results. Security scanning is one input into a broader security practice, not a substitute for one.

DNS, SSL, and network tools reflect the state of the internet at the moment of the request. Cached DNS, CDN behavior, and propagation delays mean results may not reflect your origin configuration. We make no guarantees about the accuracy of results from third-party infrastructure.

Limitation of liability

To the maximum extent permitted by law, our total liability to you for any claim arising out of or related to these terms or the use of kief.dev is limited to the amount you have paid us in the 12 months preceding the claim. If you have not paid us anything (you're on the free tier), our liability is zero.

We are not liable for indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, lost data, business interruption, or reputational harm, even if we were advised of the possibility of such damages.

Termination

You can stop using kief.dev at any time. If you have a paid plan, cancel from your dashboard and your access continues until the end of the billing period. If you want your account and data deleted, email [email protected].

We can suspend or terminate your access if you violate these terms. For serious violations (API abuse, scraping, resale), we may terminate without notice. For other issues, we'll try to give you a heads-up and a chance to fix it first. API keys can be revoked by either party at any time.

Governing law

These terms are governed by the laws of the Commonwealth of Massachusetts, USA, without regard to conflict of law principles. Any disputes arising from these terms or your use of kief.dev will be resolved in the state or federal courts located in Massachusetts. You consent to personal jurisdiction in those courts.

Changes to these terms

We may update these terms as the service evolves. We'll update the "last updated" date at the top when we do. For material changes that affect paid plans, we'll notify you by email at least 14 days before the change takes effect. Continued use of the service after that point constitutes acceptance of the updated terms.