Effective Date: March 24, 2026
By accessing or using Intercept, the supply chain security platform operated by Hijack Security, Inc. ("Hijack Security," "we," "us," or "our"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the platform.
Intercept is a supply chain security platform that scans repositories for vulnerabilities, secrets, code security issues, CI/CD misconfigurations, and provides threat intelligence. The platform connects to GitHub and Azure DevOps via OAuth or personal access tokens (PATs) to analyze your repositories and deliver security findings.
To use Intercept, you must create an account. You agree to provide accurate, current, and complete information during registration and to keep your account information up to date. You are responsible for safeguarding your account credentials and for all activity that occurs under your account. You must be at least 18 years of age to use this service.
You agree not to use Intercept to:
We do not store your source code permanently. Repositories are cloned temporarily during scanning and deleted immediately after analysis. Only structured findings -- such as vulnerabilities, misconfigurations, and dependency metadata -- are retained. Secret findings are always redacted; raw secret values are never stored.
You retain all ownership rights to your code and data. We claim no intellectual property rights over the content you provide to the platform.
When enabled (opt-in only), selected code excerpts (maximum 250KB per request) may be sent to third-party AI providers (Anthropic or OpenAI) for security analysis. Their respective data handling policies apply to data transmitted to their services. Results are returned as structured summaries and are not stored as source code.
Intercept connects to GitHub and Azure DevOps using your credentials. Personal access tokens (PATs) are encrypted at rest using Fernet (AES) encryption. OAuth tokens are not stored by the platform; they are managed by the identity provider. You are responsible for the permissions granted to Intercept through these integrations.
The Posture Agent is an optional endpoint agent that collects machine metadata, including installed development tools and security configuration. The agent never reads file contents, credentials, source code, or personal documents. Machine identification uses a one-way hash fingerprint that cannot be reversed to identify the machine.
Intercept, including its software, design, documentation, and branding, is owned by Hijack Security, Inc. and is protected by intellectual property laws. Your code, data, and scan results remain your property. These Terms do not transfer any intellectual property rights between the parties.
Intercept is provided on an "as is" and "as available" basis. We do not guarantee uninterrupted or error-free operation. We may modify, suspend, or discontinue the service (or any part of it) at any time with reasonable notice when practicable.
To the maximum extent permitted by applicable law, Hijack Security, Inc. shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, data, or business opportunities arising out of or related to your use of the platform. Our total aggregate liability for any claims arising under these Terms shall not exceed the amounts paid by you to Hijack Security in the twelve (12) months preceding the claim.
You agree to indemnify, defend, and hold harmless Hijack Security, Inc. and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to your use of the platform or your violation of these Terms.
Either party may terminate this agreement at any time. You may terminate by deleting your account. We may terminate or suspend your access for violation of these Terms or for any other reason with reasonable notice. Upon termination, your data will be deleted in accordance with our deletion policy.
Account deletion removes all associated data across all services, including scan findings, repository metadata, credentials, alert configurations, and organization data. This is a permanent, cascading hard delete -- not a soft archive. Deletion cannot be reversed.
We may update these Terms from time to time. We will notify you of material changes via email or through an in-app notification. Your continued use of Intercept after such changes constitutes acceptance of the updated Terms.
These Terms are governed by and construed in accordance with the laws of the State of New York, United States, without regard to conflict of law provisions. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the courts located in the State of New York.
For questions about these Terms, contact us at legal@hijacksecurity.com.