BETA · GateTest is in active polish ahead of public launch. Some flows are rough. Found a bug? hello@gatetest.ai — we're reading every message.

Acceptable Use Policy

Effective date: April 9, 2026

1. Purpose

This Acceptable Use Policy ("AUP") governs your use of the GateTest platform, CLI tool, API, GitHub App, and all associated services (collectively, the "Service") operated by GateTest ("we," "us," "our"). This AUP is incorporated by reference into the GateTest Terms of Service. Capitalised terms not defined here have the meaning given in the Terms of Service.

We built GateTest to help developers write safer, higher-quality code. This policy exists to protect our infrastructure, other customers, and third parties from misuse. It is written to be clear, not to be long.

2. Authorised Use

You may use the Service to:

  • Scan repositories that you own or that you have explicit written permission from the repository owner to scan.
  • Run the CLI tool against codebases on machines you own or control.
  • Integrate the GitHub App with repositories in GitHub organisations where you are an administrator or have been granted permission to install third-party apps.
  • Use the API with valid credentials to automate scans within your authorised quota.
  • Review scan findings, auto-fix pull requests, and reports for the legitimate purposes of code quality improvement, security hardening, and compliance.
  • Demonstrate the Service to prospective customers using repositories you own or control.

3. Prohibited Uses

You may not use the Service to:

3.1 Unauthorised Access and Scanning

  • Scan any repository, codebase, or system that you do not own or do not have explicit written permission to scan.
  • Use the Service as a reconnaissance or intelligence-gathering tool against organisations, systems, or individuals you are not authorised to assess.
  • Attempt to access or exfiltrate code, secrets, tokens, or other data from repositories you are not authorised to access.
  • Use scan results, findings, or vulnerability reports to attack, exploit, or harm the owners of the scanned repository or any third party.

3.2 Abuse of Infrastructure

  • Submit scans, API calls, or other requests at rates or volumes that constitute a denial-of-service attack or that materially degrade the Service for other customers.
  • Attempt to circumvent rate limits, scan quotas, payment controls, or other technical restrictions.
  • Use the Service to generate AI outputs at scale for the purpose of reselling, redistributing, or republishing those outputs without our prior written consent.
  • Reverse-engineer, decompile, or attempt to extract the source code, models, prompts, detection logic, or other proprietary components of the Service.
  • Use automated means to probe, fuzz, or test the security of our infrastructure without prior written authorisation from us.

3.3 Unlawful and Harmful Activity

  • Use the Service in violation of any applicable law or regulation, including export control laws, privacy laws, computer-fraud laws, and intellectual property laws.
  • Submit repositories containing CSAM (child sexual abuse material) or other illegal content.
  • Use the Service to facilitate the development, deployment, or improvement of malware, ransomware, spyware, exploit kits, or other tools designed to harm computer systems or their users.
  • Attempt to launder money, evade sanctions, or otherwise use the Service in connection with financial crimes.
  • Use the Service to harass, threaten, or harm any individual or organisation.

3.4 Account and Credential Misuse

  • Share your API keys, account credentials, or payment methods with any third party without our prior written consent.
  • Create multiple accounts to circumvent usage limits, payment requirements, or account suspensions.
  • Impersonate any person or entity or misrepresent your affiliation with any person or entity.
  • Use stolen credit cards, fraudulent payment instruments, or engage in friendly fraud (filing chargebacks for services rendered).

3.5 Competitive Intelligence and Benchmarking

  • Use the Service to benchmark, evaluate, or reverse-engineer our detection capabilities for the primary purpose of building a competing product, without our prior written consent.
  • Systematically harvest scan results, module outputs, or AI-generated content to train or fine-tune any machine learning model without our prior written consent.

4. Responsible Disclosure

If you discover a vulnerability in the GateTest platform, CLI, or API, please disclose it to us responsibly before public disclosure:

  • Email: hello@gatetest.ai with subject line "Security Disclosure"
  • Include a description of the vulnerability, steps to reproduce, and potential impact
  • Give us a reasonable time to investigate and remediate before public disclosure (typically 90 days)
  • Do not exploit the vulnerability beyond what is necessary to demonstrate the issue

We will acknowledge your report within 5 business days, keep you informed of our progress, and publicly credit you (unless you prefer anonymity) once the issue is resolved. We do not currently operate a paid bug-bounty programme, but we may offer recognition or other courtesy acknowledgement at our discretion.

5. Content You Submit

By submitting a repository URL or source files to GateTest, you represent and warrant that:

  • You have the right to submit the code for scanning (you own it or have permission from the owner).
  • The submission does not violate the intellectual property rights, privacy rights, or other rights of any third party.
  • The submission does not contain content that is unlawful or that we are prohibited from processing under applicable law.

We do not store your source code beyond what is necessary to complete the scan. See our Privacy Policy for details on data retention.

6. AI-Generated Output

GateTest uses large language models (including Claude by Anthropic) to generate code analysis, fix suggestions, and reports. You acknowledge that:

  • AI-generated content may be inaccurate, incomplete, or inappropriate for your specific context.
  • You are solely responsible for reviewing, testing, and validating any AI-generated fix before applying it to your codebase.
  • You may not use AI-generated outputs as the sole basis for security certifications, compliance sign-offs, or representations to third parties without independent expert verification.
  • We do not warrant that AI-generated outputs are free of hallucinations, biases, or errors.

7. API Usage

If you access the Service via API:

  • You must keep your API keys confidential and not share them with unauthorised parties.
  • You are responsible for all API activity under your credentials, whether or not you authorised it.
  • You must implement reasonable rate limiting on your client to avoid exceeding our published quotas.
  • You must not use the API to build a product or service that directly competes with GateTest without our prior written consent, and you must not white-label the API output as your own proprietary scanning engine.

8. GitHub App

If you install the GateTest GitHub App:

  • You authorise GateTest to access the repositories you select in accordance with the permissions disclosed at install time and our Privacy Policy.
  • You are responsible for ensuring the App is installed only on repositories where you have the right to grant such access.
  • You must notify us immediately if the App is installed on a repository without your authorisation.
  • You may revoke App access at any time through your GitHub settings.

9. Consequences of Violation

If we determine, in our sole reasonable discretion, that you have violated this AUP, we may take any of the following actions:

  • Warning. Issue a warning and require immediate remediation.
  • Suspension. Suspend your access to the Service, with or without prior notice, pending investigation or remediation.
  • Termination. Terminate your account and revoke all access to the Service. In cases of serious or repeated violations, termination is permanent.
  • Legal action. Pursue civil or criminal legal remedies where the violation constitutes unlawful conduct, including referral to law enforcement authorities.
  • Disclosure. Disclose relevant information to law enforcement, regulatory authorities, or affected third parties as required by law or as necessary to prevent harm.

Accounts terminated for AUP violations are not entitled to a refund of any amounts paid. Where a violation causes us loss, we reserve the right to recover damages, costs, and fees to the extent permitted by the Terms of Service and applicable law.

10. Reporting Violations

If you become aware of any use of the Service that violates this AUP, please report it to: hello@gatetest.ai with subject line "AUP Violation Report". We investigate all reports and will follow up where appropriate, subject to confidentiality constraints.

11. Changes to This Policy

We may update this AUP from time to time. We will notify you of material changes by posting a notice on gatetest.ai or by emailing you. Your continued use of the Service after the effective date of a revised AUP constitutes acceptance of the revised policy. If you disagree with a change, you may terminate your account in accordance with the Terms of Service.

12. Contact

For questions about this policy: hello@gatetest.ai

Other legal documents:

Terms of ServicePrivacy PolicyRefund Policy
← Back to gatetest.ai