End User License Agreement

EULA.

The terms governing your use of Smpl Security software, integrations, and services. By installing or using Smpl, you agree to these terms.

Last updated: 27 May 2026
1

Acceptance of this Agreement

This End User License Agreement (“Agreement”, “EULA”) is a binding contract between you (the individual or legal entity using the Service, “you”, “Customer”) and Smpl Security (“Smpl”, “we”, “us”). By creating an account, installing Smpl on a third-party platform (including the Vercel Marketplace or the Supabase Marketplace), or otherwise accessing the Service, you accept this Agreement. If you do not agree, do not use the Service.

If you are accepting on behalf of an organization, you represent that you have authority to bind that organization. “Customer” in that case refers to the organization.

2

Definitions

  • Service. The Smpl Security web application, APIs, integrations, MCP connector, and related software and documentation.
  • Connected Service. A third-party platform (e.g., Vercel, Supabase, GitHub, Stripe, Cloudflare, Resend) that Customer authorizes Smpl to access through an integration.
  • Customer Data. Configuration metadata and other data Smpl accesses from a Connected Service on Customer’s behalf, plus account information Customer provides.
  • Findings. Security or compliance issues generated by Smpl scans, including severity, evidence, and remediation guidance.
  • Marketplace. A third-party platform marketplace through which Smpl is installed, including the Vercel Integrations Marketplace and the Supabase Marketplace.
3

License grant

Subject to this Agreement, Smpl grants Customer a non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service for Customer’s internal business security and compliance purposes for the duration of the applicable subscription or installation. The Service is licensed, not sold.

4

Usage restrictions

Customer will not, and will not permit any third party to:

  • copy, modify, translate, or create derivative works of the Service;
  • reverse engineer, decompile, disassemble, or attempt to derive source code from the Service, except to the extent expressly permitted by applicable law;
  • resell, sublicense, rent, lease, time-share, or otherwise commercially exploit the Service;
  • use the Service to develop a competing product;
  • circumvent any access controls, rate limits, or usage limits;
  • interfere with the operation, integrity, or performance of the Service or attempt to gain unauthorized access to any part of it;
  • use the Service in violation of applicable law, including export-control, sanctions, privacy, and intellectual-property laws; or
  • use the Service to scan systems Customer does not own or is not authorized to scan.
5

Customer data and connected services

Customer retains all rights, title, and interest in Customer Data. Customer grants Smpl a worldwide, non-exclusive license to access, process, and display Customer Data solely to provide and improve the Service, generate Findings, and comply with legal obligations.

Customer is responsible for ensuring it has the right to connect each Connected Service to Smpl and for the lawfulness of any data made available to the Service. Customer is responsible for maintaining the security of its own accounts on Connected Services.

6

Platform access disclosure

Smpl requests the minimum permissions required for each integration. All access is read-only. Smpl does not modify Connected Service configuration.

  • Vercel. Smpl requests read:project, read:deployment, read:environment-variables, and read:team. Smpl reads project, deployment, environment-variable, and team metadata. Environment-variable values, source code, and build artifacts are not accessed.
  • Supabase. Smpl requests read scopes for organizations, projects, auth, database (schema and policy definitions only), storage, and network configuration. Row data, user records, and storage object contents are not accessed.
  • Other Connected Services. Each integration discloses the requested scopes on the consent screen before authorization. Refer to the integration documentation at smplsecurity.ai/docs.

Customer may revoke access at any time from the Connected Service or from the Smpl dashboard. On revocation, Smpl deletes stored credentials promptly.

7

Privacy

Smpl’s collection, use, storage, and sharing of personal information are governed by the Smpl Privacy Policy, which is incorporated into this Agreement by reference. Customer’s use of the Service constitutes acceptance of the Privacy Policy.

8

Intellectual property

Smpl and its licensors retain all right, title, and interest in and to the Service, including all software, content, trademarks, logos, and documentation. Except for the limited license expressly granted in Section 3, no rights are transferred to Customer.

Customer may provide feedback, suggestions, or recommendations regarding the Service (“Feedback”). Customer grants Smpl a perpetual, irrevocable, royalty-free license to use Feedback without restriction.

9

Fees and billing

Fees, billing terms, and renewal terms for paid plans are described at smplsecurity.ai/pricing or in a separate order form. Where the Service is installed through a Marketplace, billing may be processed by the Marketplace operator on Smpl’s behalf, subject to the Marketplace’s billing terms. Fees are non-refundable except as required by law or expressly stated.

10

Term and termination

This Agreement begins when Customer first accepts it and continues until terminated. Either party may terminate at any time:

  • Customer may terminate by uninstalling the Service, disconnecting all integrations, and closing the Smpl account;
  • Smpl may terminate for material breach of this Agreement, suspected fraudulent or abusive use, or as required by law;
  • Smpl may suspend or terminate access on reasonable notice if continuing the Service would violate applicable law, expose Smpl to material risk, or following discontinuation of the Service.

On termination, Customer’s license under Section 3 ends, stored credentials are deleted, and Findings may be exported by Customer or deleted, subject to retention obligations described in the Privacy Policy.

11

Warranties and disclaimers

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT THE SERVICE WILL IDENTIFY ALL SECURITY ISSUES. SMPL DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS.

Customer is solely responsible for evaluating Findings, prioritizing remediation, and operating its own security program. Smpl is a tool that assists Customer’s security program; it does not replace independent security review.

12

Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, LOST REVENUES, OR LOSS OF DATA, ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

EACH PARTY’S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT WILL NOT EXCEED THE GREATER OF (A) THE AMOUNTS PAID BY CUSTOMER TO SMPL IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100).

13

Indemnification

Customer will defend, indemnify, and hold harmless Smpl from and against any third-party claims arising out of (a) Customer’s use of the Service in violation of this Agreement or applicable law, (b) Customer’s use of the Service to scan systems Customer is not authorized to scan, or (c) Customer Data infringing the rights of, or causing harm to, a third party.

14

Third-party marketplaces

Where Customer installs the Service through a Marketplace, the Marketplace operator (e.g., Vercel, Supabase) is not a party to this Agreement and has no liability under it. This Agreement is solely between Customer and Smpl.

Customer’s use of the Marketplace itself is governed by the Marketplace operator’s own terms. Marketplace-specific obligations Smpl owes to the Marketplace operator (for example, the Vercel Integrations Marketplace Agreement) do not create third-party-beneficiary rights for Customer beyond those expressly stated in this Agreement.

15

Modifications

Smpl may update this Agreement from time to time. Material changes will be communicated through the Service or by email at least thirty (30) days before they take effect. Continued use after the effective date constitutes acceptance of the updated Agreement. If Customer does not accept a change, Customer’s sole remedy is to terminate under Section 10.

16

Governing law

This Agreement is governed by the laws of the State of Delaware, USA, without regard to its conflict-of-laws principles. The parties agree to the exclusive jurisdiction of the state and federal courts located in Delaware for any dispute arising out of this Agreement, except that either party may seek injunctive relief in any court of competent jurisdiction to protect its intellectual-property rights.

17

Contact

Questions about this Agreement should be sent to legal@smplsecurity.ai.

Not legal advice

This document is a working draft published for Marketplace listing purposes. It has not yet been reviewed by counsel. Smpl Security will replace it with a counsel-reviewed version prior to general availability. If you are evaluating this Agreement for procurement, contact legal@smplsecurity.ai for the current signed version.