Terms of Service

These Terms of Service (the "Terms") govern your access to and use of the software-as-a-service platform, websites, APIs, and related services (collectively, the "Services") provided by Cremit Inc. ("Cremit", "we", "us", or "our"). By accessing or using the Services, clicking "I agree", or signing an order form that references these Terms, you agree to be bound by these Terms.

If you are using the Services on behalf of an organization, you represent that you have the authority to bind that organization, and the terms "you" and "Customer" refer to that organization. If you do not have such authority, or do not agree with these Terms, you must not use the Services.

These Terms form a binding agreement between Cremit and Customer. A signed order form or enterprise agreement referencing these Terms will control to the extent of any conflict.

• "Authorized User" means an individual employee, contractor, or agent of Customer that Customer permits to access the Services.
• "Customer Data" means data, content, and materials submitted to or generated by Customer or its Authorized Users through the Services, including secrets, identity metadata, logs, and scan results.
• "Documentation" means the user guides, technical documentation, and policies made available by Cremit.
• "Order Form" means a document executed by Customer and Cremit specifying the Services, term, and fees.
• "Subprocessor" means a third-party service provider engaged by Cremit to process Customer Data in connection with the Services.

3.1 Description

Cremit provides a Non-Human Identity (NHI) security platform that discovers machine identities and secrets, scans repositories and infrastructure for exposed credentials, supports secret lifecycle management, and provides detection and response capabilities. Specific features and usage limits are described in the Documentation and any applicable Order Form.

3.2 License

Subject to these Terms and payment of applicable fees, Cremit grants Customer a worldwide, non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to access and use the Services solely for Customer's internal business operations and in accordance with the Documentation.

3.3 Restrictions

Customer shall not, and shall not permit any third party to:

• reverse engineer, decompile, or attempt to derive the source code of the Services;
• resell, sublicense, rent, or lease the Services;
• use the Services to build a competing product, or to benchmark the Services without Cremit's written consent;
• circumvent usage limits, rate limits, or access controls, or interfere with the integrity or performance of the Services;
• use the Services to scan systems, repositories, or identities that Customer is not authorized to scan.

Customer is responsible for maintaining the security of its account credentials, for all activity that occurs under its account, and for ensuring that Authorized Users comply with these Terms. Customer must promptly notify Cremit of any unauthorized access, credential compromise, or suspected security incident affecting the Services.

Customer is responsible for providing accurate registration information, maintaining contact information for billing and administrative notices, and obtaining all rights, consents, and authorizations necessary for Cremit to provide the Services and process Customer Data as contemplated by these Terms.

Customer will not, and will not allow any Authorized User or third party to:

• violate applicable law or infringe the rights of any third party;
• upload or transmit malicious code, viruses, or any content intended to damage or disrupt the Services or any system;
• attempt to gain unauthorized access to the Services, other customers' accounts, or Cremit's underlying infrastructure;
• use the Services to harass, defame, or infringe on the privacy of any person, or to collect personal information without a lawful basis;
• probe, scan, or test the vulnerability of the Services, except pursuant to a written coordinated-disclosure program published by Cremit.

Cremit may investigate any suspected violation of this section and may suspend accounts as provided in Section 14.

6.1 Ownership

As between the parties, Customer retains all right, title, and interest in and to Customer Data. Customer grants Cremit a limited, non-exclusive license to process Customer Data solely to provide, secure, maintain, and improve the Services, and as otherwise permitted under these Terms and the Privacy Policy.

6.2 Data Processing

Where Cremit processes personal data on Customer's behalf, the parties agree that Cremit's Privacy Policy and, where applicable, a separate Data Processing Addendum (DPA) govern such processing. A DPA is available on request for customers subject to the GDPR, UK GDPR, Korea's PIPA, or comparable regulations.

6.3 Security

Cremit will maintain administrative, technical, and physical safeguards designed to protect Customer Data against unauthorized access, loss, or disclosure, consistent with industry standards applicable to SaaS providers.

6.4 Subprocessors

Cremit may engage Subprocessors to provide the Services. A current list of Subprocessors is available on request. Cremit will impose on each Subprocessor data-protection obligations materially no less protective than those in these Terms.

7.1 Fees

Customer will pay the fees specified in the applicable Order Form or online subscription. Except as expressly provided, all fees are non-refundable and all payments are non-cancellable.

7.2 Billing

Unless otherwise stated in an Order Form, subscription fees are invoiced in advance on a monthly or annual basis. Payment is due within thirty (30) days of the invoice date (or on the date specified in the Order Form). Past-due amounts may accrue interest at 1.5% per month, or the maximum rate permitted by law, whichever is lower.

7.3 Taxes

Fees are exclusive of taxes. Customer is responsible for all value-added, sales, use, withholding, and similar taxes, other than taxes on Cremit's net income.

7.4 Renewal

Subscriptions will auto-renew for successive terms equal to the original term unless either party gives written notice of non-renewal at least thirty (30) days before the end of the then-current term.

Cremit may offer the Services (or particular features) on a free trial or beta basis ("Trial/Beta Services"). Trial/Beta Services are provided "as is" and without warranty of any kind. Cremit may modify, suspend, or discontinue Trial/Beta Services at any time, and data associated with Trial/Beta Services may be deleted at the end of the trial or beta period.

Unless Customer purchases a paid subscription before the trial ends, Customer's access to the Services will terminate. Sections 6 (Customer Data), 9 (Confidentiality), 10 (Intellectual Property), 12 (Limitation of Liability), 13 (Indemnification), and 15 (General) survive termination of any Trial/Beta Services.

"Confidential Information" means non-public information disclosed by one party ("Discloser") to the other ("Recipient") that is identified as confidential or that reasonably should be understood to be confidential. Cremit's Confidential Information includes the Services, pricing, and non-public technical information. Customer's Confidential Information includes Customer Data.

Recipient will use the same degree of care to protect Discloser's Confidential Information as it uses for its own confidential information of like kind (and no less than reasonable care), will not use such Confidential Information except to exercise rights or perform obligations under these Terms, and will not disclose it to third parties except to employees, advisors, and Subprocessors bound by equivalent confidentiality obligations. Recipient may disclose Confidential Information as required by law, provided it gives the Discloser reasonable prior notice where legally permitted.

Cremit and its licensors retain all right, title, and interest in and to the Services, the Documentation, and all related intellectual property. No rights are granted to Customer other than those expressly set forth in these Terms.

If Customer provides suggestions, feedback, or recommendations regarding the Services ("Feedback"), Customer grants Cremit a perpetual, irrevocable, royalty-free, worldwide license to use and incorporate such Feedback into the Services without obligation.

Cremit may use Customer's name and logo on its website and in marketing materials to identify Customer as a Cremit user, in accordance with any brand guidelines Customer provides. Customer may revoke this permission at any time by written notice.

11.1 Limited Warranty

Cremit warrants that during the Subscription Term the Services will perform materially in accordance with the Documentation. Customer's exclusive remedy, and Cremit's entire liability, for breach of this warranty is, at Cremit's option, to correct the non-conformity or, if Cremit cannot reasonably do so, to terminate the affected Services and refund any pre-paid fees for the period following the date of termination.

11.2 Disclaimer

EXCEPT AS EXPRESSLY SET OUT IN THESE TERMS, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE", AND CREMIT DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. CREMIT DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS, OR THAT THE SERVICES WILL DETECT EVERY SECURITY ISSUE IN CUSTOMER'S ENVIRONMENT.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

EACH PARTY'S TOTAL AGGREGATE LIABILITY UNDER THESE TERMS WILL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO CREMIT FOR THE SERVICES IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY.

The foregoing limitations will not apply to: (a) a party's indemnification obligations; (b) Customer's payment obligations; (c) either party's breach of confidentiality obligations; or (d) gross negligence, willful misconduct, or fraud.

13.1 By Cremit

Cremit will defend Customer against any third-party claim alleging that the Services, as provided by Cremit and used in accordance with these Terms, infringe a valid patent, copyright, or trade secret, and will indemnify Customer for amounts finally awarded or settled against Customer arising from such claim.

13.2 By Customer

Customer will defend Cremit against any third-party claim arising out of (a) Customer Data, (b) Customer's breach of Section 5 (Acceptable Use), or (c) Customer's use of the Services in violation of law, and will indemnify Cremit for amounts finally awarded or settled against Cremit arising from such claim.

13.3 Process

The indemnified party will: (i) promptly notify the indemnifying party of the claim; (ii) grant sole control of the defense and settlement to the indemnifying party (provided that any settlement imposing non-monetary obligations requires the indemnified party's consent); and (iii) provide reasonable cooperation at the indemnifying party's expense.

14.1 Term

These Terms remain in effect for the duration of Customer's Subscription Term and any renewal periods.

14.2 Termination for Cause

Either party may terminate these Terms upon thirty (30) days' written notice of a material breach that remains uncured at the end of that period. Cremit may terminate immediately upon notice if Customer breaches Section 5 (Acceptable Use) or fails to pay undisputed invoices within fifteen (15) days after written notice.

14.3 Suspension

Cremit may suspend access to the Services if Customer's use (a) poses a security risk to the Services or third parties; (b) adversely impacts the Services or other customers; or (c) violates Section 5. Cremit will use commercially reasonable efforts to provide advance notice where practicable.

14.4 Effect of Termination

Upon termination or expiration: (a) Customer's right to access the Services ends; (b) Cremit will make Customer Data available for export for thirty (30) days, after which Cremit may delete Customer Data from its production systems, subject to any legal retention obligations; and (c) any accrued payment obligations survive.

15.1 Governing Law

These Terms are governed by the laws of the Republic of Korea, without regard to its conflict-of-laws principles. The parties submit to the exclusive jurisdiction of the Seoul Central District Court (서울중앙지방법원) as the court of first instance, except that either party may seek injunctive relief in any court of competent jurisdiction.

15.2 Changes to the Terms

Cremit may update these Terms from time to time. For material changes, Cremit will provide at least thirty (30) days' advance notice by email or in-product notice. Changes take effect on the date stated in the notice; continued use of the Services after that date constitutes acceptance.

15.3 Changes to the Services

Cremit continuously improves the Services and may add, change, or remove features. Cremit will not materially diminish the core functionality of the Services during a paid Subscription Term without providing reasonable advance notice.

15.4 Assignment

Neither party may assign these Terms without the other party's prior written consent, except that either party may assign these Terms to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets, without consent.

15.5 Notices

Notices to Cremit must be sent to legal@cremit.io. Notices to Customer may be sent to the email address on Customer's account or through in-product notice.

15.6 Force Majeure

Neither party will be liable for any delay or failure to perform caused by events beyond its reasonable control, including acts of God, war, terrorism, labor disputes, utility failures, or governmental actions.

15.7 Entire Agreement; Severability; Waiver

These Terms, together with any Order Form, DPA, and Privacy Policy, constitute the entire agreement between the parties regarding the Services and supersede any prior agreements. If any provision is found unenforceable, it will be enforced to the maximum extent permissible and the remaining provisions remain in full force. A party's failure to enforce any provision is not a waiver.

15.8 Relationship

The parties are independent contractors. These Terms do not create any agency, partnership, or joint venture relationship.

For questions about these Terms, please contact us: