Dependency Guardianby WestBayBerry

Legal

Terms of Service

Effective May 14, 2026

Agreement

By accessing or using the Dependency Guardian service operated by WestBayBerry LLC ("WestBayBerry", "we", "us"), you agree to these terms. If you do not agree, do not use the service.

Description of Service

Dependency Guardian is a software supply chain security scanning service. We analyze package metadata and source artifacts from public package registries (currently npm and PyPI; we may add other ecosystems and will publish the current list at westbayberry.com/product) to detect behavioral anomalies, malicious patterns, and supply chain risks.

We do not access, download, or analyze your application source code. We process the package names and versions you submit, and we fetch package tarballs directly from the relevant public registry for analysis.

For customers using the GitHub App integration, we additionally read manifest files (e.g., package.json, package-lock.json, yarn.lock, requirements.txt, pyproject.toml, poetry.lock) from the repositories you have authorized, solely to discover the dependency identifiers we then analyze.

Accounts

  • You must provide accurate information when creating an account.
  • You are responsible for maintaining the security of your account credentials.
  • One person per account, unless you are on a Team or Enterprise tier.
  • You must be at least 16 years old to create an account.
  • You may delete your account at any time from your Account Settings.

API Keys

You are responsible for keeping your API keys confidential. Treat them like passwords. If you believe a key has been compromised, revoke it immediately from your dashboard and generate a new one.

We are not responsible for unauthorized use of your API keys.

Acceptable Use

You agree not to:

  • Reverse engineer, decompile, or attempt to extract the source code of the service
  • Use automated tools to scrape, crawl, or overload the service beyond normal API usage
  • Circumvent or abuse rate limits
  • Use the service to attack, harm, or disrupt other systems or services
  • Resell, sublicense, or redistribute access to the service without authorization
  • Share API keys or account credentials with unauthorized parties

Billing & Subscriptions

Paid tiers are billed through Stripe. By subscribing to a paid tier, you authorize us to charge your payment method on a recurring basis (monthly or annual, depending on your selection).

  • Subscriptions automatically renew at the end of each billing period.
  • You can cancel at any time through the Stripe billing portal accessible from your dashboard. Cancellation takes effect at the end of the current billing period.
  • No prorated refunds are provided for partial billing periods.
  • We reserve the right to change pricing with 30 days notice. Price changes do not apply to the current billing period.

Free Tier

The free tier is provided at no cost with usage limits. We reserve the right to modify free tier limits at any time. The free tier does not include an SLA or priority support.

Intellectual Property

The Dependency Guardian service, its detection engine, scoring algorithms, reports, and all related materials are the property of WestBayBerry LLC.

Your code, repositories, and development artifacts remain entirely yours. We never access or claim rights to your source code. The only data we process is npm package metadata and published package tarballs from the public npm registry.

Limitation of Liability

The service is provided "as is" without warranties of any kind, express or implied.

Dependency Guardian is a security tool, not a guarantee. We do not warrant that the service will detect all threats, vulnerabilities, or malicious packages. You should use Dependency Guardian as one layer in a defense in depth security strategy.

To the maximum extent permitted by law:

  • Our total liability is limited to the amount you paid us in the 12 months preceding the claim.
  • We are not liable for any indirect, incidental, special, consequential, or punitive damages.
  • We are not liable for damages arising from undetected security threats.

Termination

You may delete your account at any time from your Account Settings.

We may suspend or terminate your account if you violate these terms, abuse the service, or engage in activity that harms other users or the integrity of the service. We will attempt to provide notice before termination unless immediate action is required for security reasons.

Changes

We may update these terms from time to time. We will post the updated version on this page with a new effective date. Continued use of the service after changes constitutes acceptance of the updated terms.

Governing Law

These terms are governed by the laws of the State of California, United States, without regard to conflict of law provisions. Any disputes will be resolved in the courts of California.

Contact

Questions about these terms? Reach out via our contact page.

WestBayBerry LLC