Learn more about Chainguard policies and our legal documents.
Last updated: May 10, 2023
PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SERVICE OR SOFTWARE OFFERED BY CHAINGUARD, INC. (“CHAINGUARD”). BY ACCESSING OR USING THE SERVICES OR SOFTWARE IN ANY MANNER, YOU (“YOU” OR “CUSTOMER”) AGREE TO BE BOUND BY THESE TERMS (THE “AGREEMENT”) TO THE EXCLUSION OF ALL OTHER TERMS, UNLESS OTHERWISE SPECIFIED HEREIN. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF AN ORGANIZATION OR ENTITY, REFERENCES TO “CUSTOMER” AND “YOU” IN THIS AGREEMENT, EXCEPT THIS SENTENCE, REFER TO THAT ORGANIZATION OR ENTITY. IF YOU DO NOT AGREE TO ALL OF THE FOLLOWING, YOU MAY NOT USE OR ACCESS THE SERVICES IN ANY MANNER. IF THE TERMS OF THIS AGREEMENT ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO SUCH TERMS.
To the extent You access or make use of the Chainguard repository available at the following
URL: [cgr.dev] (the “Registry”), You hereby agree to the terms and conditions set forth herein. You are responsible for the appropriate management of user login information and access credentials with respect to the Registry, You agree to take all measures necessary to prevent unauthorized access to or use of the Registry, and You agree to promptly notify Chainguard of any such unauthorized access or use. You are responsible for the use of the Registry by any person to whom You have given access to the Registry, even if You did not authorize such use or access. In addition, any content or material stored, or uploaded to the Registry by You is considered Customer Data, and You are solely responsible with respect to the same. You acknowledge and agree that unauthorized third parties may gain access to the Registry and tamper with, alter or destroy Customer Data. You agree that Chainguard is not liable with respect to such unauthorized access unless such access is the result of Chainguard’s gross negligence or willful misconduct. You may access and use the Registry solely for the Authorized Use.
You acknowledge and agree that Your use and access of the Registry, Service and Software are subject to your compliance with the Chainguard Acceptable Use Policy available at the following URL: [https://www.chainguard.dev/acceptable-use-policy], as updated from time-to-time (the “AUP”).
Your use of the Registry, Software and Service is subject to the terms and conditions in this Agreement, and is limited to Your internal use for the period authorized by Chainguard (the “Authorized Use”). Notwithstanding the foregoing, if You entered into a separate binding written agreement with Chainguard with respect to the Software or Service (the “Commercial Terms”), the Commercial Terms, and not this Agreement, shall apply to your use of the Software or Service.
Chainguard will use commercially reasonable efforts to make the Chainguard service made available in connection with this Agreement (the “Service”) to Customer as set forth in this Agreement. Subject to Customer’s compliance with the terms and conditions of the Agreement, Customer may access and use the Service for the Authorized Use.
Customer will use the Service only in accordance with all applicable laws, including, but not limited to, laws related to data (whether applicable within the United States, the European Union, or otherwise). Customer agrees not to (and will not allow any third party to): (i) remove or otherwise alter any proprietary notices or labels from the Service or any portion thereof; (ii) reverse engineer, decompile, disassemble, or otherwise attempt to discover the underlying structure, ideas, or algorithms of the Service or any software used to provide or make the Service available; or (iii) rent, resell or otherwise allow any third party access to or use of the Service.
Customer is solely responsible for Customer Data including, but not limited to: (a) compliance with all applicable laws and this Agreement; (b) any claims relating to Customer Data; and (c) any claims that Customer Data infringes, misappropriates, or otherwise violates the rights of any third party. Chainguard is not responsible to Customer for unauthorized access to Customer Data or the unauthorized use of the Service unless such access is due to Chainguard’s gross negligence or willful misconduct. Customer is responsible for the use of the Service by any person to whom Customer has given access to the Service, even if Customer did not authorize such use. Customer agrees and acknowledges that Customer Data may be irretrievably deleted if Customer’s account is terminated.
Customer hereby grants to Chainguard a limited license to use the Customer Data as necessary to provide the Service to Customer. Customer acknowledges and consents to the collection of Customer Data resulting from the activities and obligations set forth in this Agreement, including but not limited to periodic collection of information in connection with improvements to the Service. For purposes of this Agreement, “Customer Data” shall mean any data, information or other material provided, uploaded, or submitted by Customer to the Service in the course of using the Service. Customer shall retain all right, title and interest in and to the Customer Data, including all intellectual property rights therein.
Notwithstanding anything to the contrary, Chainguard may freely use Aggregated De-identified Data for Chainguard’s business purposes (including without limitation, for purposes of improving, testing, operating, promoting and marketing Chainguard’s current and future products and services). “Aggregated De-identified Data” means data submitted to, collected by, or generated by Chainguard in connection with Customer’s use of the Service, but only in aggregate, de-identified form which is not linked specifically to Customer or any individual.
Customer acknowledges and agrees that it may use the Service or Software in connection with personal data subject to the EU General Data Protection Regulation (the “GDPR”) only if Customer first enters into the Chainguard Data Processing Agreement (the “Chainguard DPA”); in which case, the processing of personal data pursuant to this Agreement shall be subject to the Chainguard DPA.
Chainguard may suspend Customer’s access to or use of the Service as follows: (a) immediately if Chainguard reasonably believes Customer’s use of the Service may pose a security risk to or may adversely impact the Service; (b) immediately if Customer become insolvent, has ceased to operate in the ordinary course, made an assignment for the benefit of creditors, or becomes the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding; (c) following ten (10) days written notice if Customer is in breach of this Agreement.
Subject to the terms and conditions of this Agreement, Chainguard makes Chainguard proprietary software available to Customer, Chainguard hereby grants to Customer, and Customer hereby accepts from Chainguard, a term-limited, non-exclusive, non-transferable, non-assignable and non-sublicensable license to make use of the Chainguard software made available to Customer in connection with this Agreement (the “Software”) solely for the Authorized Use.
Customer agrees that, it shall not: (a) exceed the scope of the licenses granted in Section 4.1; (b) make copies of the Software; (c) distribute, sublicense, assign, delegate, rent, lease, sell, time- share or otherwise transfer the benefits of, use under, or rights to, the license granted in Section 4.1; (d) reverse engineer, decompile, disassemble or otherwise attempt to learn the source code, structure or algorithms underlying the Software, except to the extent required to be permitted under applicable law; (e) modify, translate or create derivative works of the Software; (f) remove any copyright, trademark, patent or other proprietary notice that appears on the Software or copies thereof; or (g) combine or distribute any of the software with any third party software that is licensed under terms that seek to require that any of the Software (or any associated intellectual property rights) be provided in source code form (e.g., as “open source”), licensed to others to allow the creation or distribution of derivative works, or distributed without charge.
The term of this Agreement shall commence on the date You first download the Software or access the Service (the “Effective Date”), and unless terminated earlier according to this Section 5, will terminate at the end of the Authorized Use (the “Term”).
This Agreement may be terminated: (a) by either party if the other has materially breached this Agreement, within ten (10) calendar days after written notice of such breach to the other party if the breach is remediable or immediately upon notice if the breach is not remediable; or (b) by Chainguard at any time and for any reason upon notice to Customer, or by terminating access or use.
Upon any expiration or termination of this Agreement, Customer shall (i) immediately cease use of the Registry, Service, and Software, and (ii) return all Chainguard Confidential Information and other materials and information provided by Chainguard.
The following provisions will survive termination of this Agreement: Sections 3.4 (Use of Customer Data), 3.5 (Aggregated De-Identified Data), 5.3 (Effect of Termination), Section 5.4 (Survival), Section 6 (Confidentiality), Section 9 (Limitation of Liability), Section 10 (Miscellaneous).
During the term of this Agreement, either party may provide the other party with confidential and/or proprietary materials and information (“Confidential Information”). All materials and information provided by the disclosing party and identified at the time of disclosure as “Confidential” or bearing a similar legend, and all other information that the receiving party reasonably should have known was the Confidential Information of the disclosing party, shall be considered Confidential Information. This Agreement is Confidential Information, and all pricing terms are Chainguard Confidential Information. The receiving party shall maintain the confidentiality of the Confidential Information and will not disclose such information to any third party without the prior written consent of the disclosing party. The receiving party will only use the Confidential Information internally for the purposes contemplated hereunder. The obligations in this Section shall not apply to any information that: (a) is made generally available to the public without breach of this Agreement, (b) is developed by the receiving party independently from and without reference to the Confidential Information, (c) is disclosed to the receiving party by a third party without restriction, or (d) was in the receiving party’s lawful possession prior to the disclosure and was not obtained by the receiving party either directly or indirectly from the disclosing party. The receiving party may disclose Confidential Information as required by law or court order; provided that, the receiving party provides the disclosing with prompt written notice thereof and uses the receiving party’s best efforts to limit disclosure. At any time, upon the disclosing party’s written request, the receiving party shall return to the disclosing party all disclosing party’s Confidential Information in its possession, including, without limitation, all copies and extracts thereof.
Chainguard retains all right, title, and interest in and to the Registry, Service, Software, and any software, products, works or other intellectual property created, used, provided or made available by Chainguard under or in connection with the Registry, Service or Software. Customer may from time to time provide suggestions, comments or other feedback to Chainguard with respect to the Registry, Service or Software (“Feedback”). Feedback, even if designated as confidential by Customer, shall not create any confidentiality obligation for Chainguard notwithstanding anything else. Customer shall, and hereby does, grant to Chainguard a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid up license to use and exploit the Feedback for any purpose. Nothing in this Agreement will impair Chainguard’s right to develop, acquire, license, market, promote or distribute products, services, software or technologies that perform the same or similar functions as, or otherwise compete with any products, software or technologies that Customer may develop, produce, market, or distribute.
Customer will defend, indemnify, and hold Chainguard, its affiliates, suppliers and licensors harmless and each of their respective officers, directors, employees and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to any third party claim with respect to: (a) Customer Data; (b) breach of this Agreement or violation of applicable law by Customer; (c) alleged infringement or misappropriation of third- party’s intellectual property rights resulting from Customer Data; or (d) breach or, or non-compliance with the AUP.
Chainguard does not represent or warrant that the operation of the Registry, Service or Software (or any portion thereof) will be uninterrupted or error free, or that the Registry, Service or Software (or any portion thereof) will operate in combination with other hardware, software, systems or data not provided by Chainguard. CUSTOMER ACKNOWLEDGES THAT, CHAINGUARD MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE REGISTRY, SERVICE OR SOFTWARE, OR THEIR CONDITION. CHAINGUARD HEREBY EXPRESSLY EXCLUDES, ANY AND ALL OTHER EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES, WHETHER UNDER COMMON LAW, STATUTE OR OTHERWISE, INCLUDING WITHOUT LIMITATION ANY AND ALL WARRANTIES AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS.
IN NO EVENT SHALL CHAINGUARD BE LIABLE FOR ANY LOST DATA, LOST PROFITS, BUSINESS INTERRUPTION, REPLACEMENT SERVICE OR OTHER SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR INDIRECT DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THEORY OF LIABILITY. CHAINGUARD’S LIABILITY FOR ALL CLAIMS ARISING UNDER THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED ONE THOUSAND US DOLLARS ($1,000).
Customer hereby certifies that Customer will comply with all current US Export Control law with respect to the Registry, Software and Service. Customer agrees to defend, indemnify and hold Chainguard harmless from any liability for Customer’s violation of U.S. Export Control laws.
Customer shall comply with all applicable laws and regulations in its use of any Service, including without limitation the unlawful gathering or collecting, or assisting in the gathering or collecting of information in violation of any privacy laws or regulations. Customer shall, at its own expense, defend, indemnify and hold harmless Chainguard from and against any and all claims, losses, liabilities, damages, judgments, government or federal sanctions, costs and expenses (including attorneys’ fees) incurred by Chainguard arising from any claim or assertion by any third party of violation of privacy laws or regulations by Customer or any of its agents, officers, directors or employees.
Neither party may transfer and assign its rights and obligations under this Agreement without the prior written consent of the other party. Notwithstanding the foregoing, Chainguard may transfer and assign its rights under this Agreement without consent from the other party in connection with a change in control, acquisition or sale of all or substantially all of its assets.
Neither party shall be responsible for failure or delay in performance by events out of their reasonable control, including but not limited to, acts of God, Internet outage, terrorism, war, fires, earthquakes and other disasters (each a “Force Majeure”).
All notices between the parties shall be in writing and shall be deemed to have been given if personally delivered or sent by registered or certified mail (return receipt), or by recognized courier service.
Both parties agree that no agency, partnership, joint venture, or employment is created as a result of this Agreement. Customer does not have any authority of any kind to bind Chainguard.
This Agreement shall be governed exclusively by, and construed exclusively in accordance with, the laws of the United States and the State of California, without regard to its conflict of laws provisions. The federal courts of the United States in the Northern District of California and the state courts of the State of California shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each party hereby consents to the jurisdiction of such courts and waives any right it may otherwise have to challenge the appropriateness of such forums, whether on the basis of the doctrine of forum nonconveniens or otherwise. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement or any Purchase Order issued under this Agreement.
Customer hereby grants Chainguard the right to identify Customer as a Chainguard customer, and use Customer’s name, mark and logo on Chainguard’s website and in Chainguard’s marketing materials with respect to the same.
Chainguard reserves the right to update this Agreement at any time. The terms and conditions of the updated version of the Agreement shall apply to the Services and Software following the date of publication of the updated version on Chainguard’s website at the following URL: [https://www.chainguard.dev/legal] If Customer does not agree with any terms of the updated Agreement, Customer may not use or access the Service or Software in any manner.
This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications, and other understandings relating to the subject matter of this Agreement, and all waivers and modifications must be in a writing signed by both parties, except as otherwise provided in this Agreement. Any term or provision of this Agreement held to be illegal or unenforceable shall be, to the fullest extent possible, interpreted so as to be construed as valid, but in any event the validity or enforceability of the remainder hereof shall not be affected.