terms of service.

This is a public summary of the canonical ToS. The full bilingual (EN master / ES equivalent) version with liability caps, Annexes and operational clauses lives in /legal/tos-v1-2026-04-19.md and governs all contracts signed while this version is active. Privacy · DPA · Sub-processors · Cookies

1. parties

The Vendor is Javier (individual, Spain, trading as Vibe Coding Eye / vibecodingeye.com). A corporate entity (SL) will be constituted once 3+ clients have paid; the contract includes a carve-out allowing novation to the SL with 30-day notice to the Customer.

2. service

VCEye provides async-first production-readiness reviews of repositories generated with Claude Code, Codex, Cursor, Lovable, v0, Bolt and similar AI-assisted tooling. A single subscription plan is offered:

• VCEye Plan — EUR 59/month, or EUR 566/year (-20%). Includes up to 3 connected repositories, unlimited audits with full detail per finding, auto-generated fix diffs, one-click apply-as-PR, PR auto-comments on every push, continuous re-scan on every commit, git history secret scan, CVE database matching, and AI Concierge access. Cancel anytime from billing settings — service remains active until the end of the paid period.

3. async-first delivery (no live calls)

All deliverables are asynchronous. There are no scheduled live calls. AI Concierge typical response: instant in automated mode, 4-24h when escalated to a human. This is a product feature, not a limitation.

4. not professional pentesting

VCEye is not professional penetration testing, does not issue SOC 2 / ISO 27001 / HIPAA certifications and does not replace a formal security audit by a CISSP-qualified consultancy. Detection is best-effort static and AI-assisted analysis over a finite catalogue of patterns. False negatives are possible.

5. AI disclaimer

Portions of the analysis and the Concierge responses are generated by large language models (Anthropic Claude, optionally via OpenRouter, both US-based under SCCs). Outputs may contain errors. The Customer is responsible for validating every finding and every Concierge answer before acting on it.

6. data & repository access

The Customer grants VCEye read-only access to their GitHub repositories via a GitHub App with minimal scopes: contents, metadata, pull_requests, security_events. Scanner execution happens in an ephemeral sandbox in Vercel Functions; no persistent storage of the Customer's source code beyond what is necessary for the scan snapshot and comparison.

7. liability limit (general)

To the maximum extent permitted by law, the Vendor's aggregate liability to the Customer for any claim related to the service is capped at the greater of (a) amounts actually paid by the Customer in the 12 months prior to the triggering event, or (b) 12× the equivalent monthly subscription fee (12 × EUR 59 = EUR 708). Consequential and indirect damages, lost profits, data loss and reputational damage are excluded. Mandatory EU exceptions (gross negligence, wilful misconduct, death, personal injury) cannot be capped and are not limited by this section.

8. apply-as-PR — specific cap

Because the apply-as-PR feature opens code-change Pull Requests in the Customer's Repository, the cap for claims directly arising from those Pull Requests is 24× the equivalent monthly fee = EUR 1416. The Customer — not the Vendor — reviews, approves and merges every Pull Request. This uplift applies only to apply-as-PR-specific claims and does not raise the general cap.

9. eu consumer right of withdrawal

Customers who qualify as consumers under EU law have a 14-day right of withdrawal (Directive 2011/83/EU). For monthly billing the right is moot in practice (cancellation stops next-month billing). For annual billing, B2C Customers may request a pro-rata refund within 14 days of payment. B2B Customers (any Customer providing a company name at checkout) are not entitled to this right.

10. cancellation

Subscriptions can be cancelled at any time from the Customer's billing settings. The service remains active until the end of the current paid period; no further charges are made. Annual subscriptions are refundable pro-rata in the first 14 days of payment (B2C only); thereafter, the unused portion of the annual fee is non-refundable.

11. governing law

Spanish law. Courts of Madrid. EU consumers retain the mandatory benefit of the forum of their residence. For disputes > EUR 25,000/year in B2B, parties may elect ICC arbitration in Paris.

12. version and review status

Version v1-2026-04-19. AI-drafted, pending review by EU-qualified counsel before the 4th client-paid transaction. Canonical master in /legal/tos-v1-2026-04-19.md. Changes take effect 30 days after posting; active Customers will be emailed.