Terms of Service

Effective Date: March 3, 2026

By accessing or using the Kovera platform ("Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use our Service.

1. Service Description

Kovera is a Local-First Compliance Agent that performs security and compliance scanning. Code analysis is performed on your local machine, while compliance verification and reporting occur in the cloud. This architecture ensures your source code never leaves your control while providing cloud-based compliance proof for audits.

2. Subscription and Services

Kovera provides automated security scanning and compliance reporting. Subscriptions (Pro, Business, and Enterprise) are billed in advance on a recurring monthly basis. You may cancel your subscription at any time through your account settings or by contacting support.

3. Multi-Factor Authentication (MFA) Requirement

All Pro, Business, and Enterprise tier accounts must enable Multi-Factor Authentication (MFA) to maintain account security and compliance with SOC2 2026 standards. MFA is mandatory and cannot be disabled for these tiers. Free tier accounts may optionally enable MFA for additional security. By subscribing to Pro or higher tiers, you acknowledge and accept this MFA requirement as a condition of service.

4. Authorized Use

You agree to use Kovera only for lawful purposes. You represent that you have the legal authority to scan the domains or systems you submit to our Service. Unauthorized scanning of third-party infrastructure is strictly prohibited.

5. Limitation of Liability

To the maximum extent permitted by law, Kovera shall not be liable for any indirect, incidental, or consequential damages, including loss of data, revenue, or profits, resulting from the use or inability to use our Service.

AI-Generated Code Patches: Code patches and remediation suggestions generated by our AI system are provided "as-is" without warranty of fitness for a particular purpose, merchantability, or non-infringement. Users are solely responsible for reviewing, testing, and validating all AI-generated code patches before applying them to production systems. Kovera shall not be liable for any damages, data loss, or security issues resulting from the application of unreviewed or inadequately tested AI-generated patches.

6. Safety & Circuit Breaker System

Agent Governance and Risk Control: Kovera implements an advanced Agent Governance V2 system that monitors autonomous agents and critical operations. This system includes:

• Automatic Risk Scoring: All agent actions are evaluated on a 0-100 CVSS-based risk scale. Actions scoring below 70 are automatically approved; actions scoring 70+ require manual Multi-Factor Authentication (MFA) verification.
• Circuit Breaker Pattern: Potentially dangerous operations (such as deletion of files, system modifications, or security enforcement changes) trigger an automatic pause, pending the user's MFA-verified approval. This prevents autonomous execution of high-risk actions without human verification.
• Tamper-Proof Audit Logging: All agent actions, decisions, and approvals are permanently logged with cryptographic signatures. These logs are immutable and available for compliance audits.
• Session Isolation: Agent sessions are strictly isolated to the initiating user's account. No cross-user data access is permitted, and all action histories are user-restricted.

These governance features are security benefits, not service limitations. The Circuit Breaker system ensures critical operations receive explicit human authorization, enhancing your control over AI-driven automation. You acknowledge that these safety mechanisms are an integral part of the Service and agree to comply with MFA verification when prompted.

7. Intellectual Property

The Kovera name, logo, and scanning algorithms are the exclusive property of Kovera. Your use of the Service does not grant you ownership of any intellectual property rights in our Service or the content you access.

8. Termination

We reserve the right to suspend or terminate your access to the Service if you violate these terms or engage in activity that harms our infrastructure or other users.

9. Governing Law

These terms shall be governed by and construed in accordance with the laws of the jurisdiction in which Kovera operates, without regard to its conflict of law provisions.