tty/0·uid=audit gid=audit
legal / terms_of_service

Terms of Service

last updated · july 4, 2026

01the service

Virgil is an automated security audit platform. You submit source code — a public or private repository URL, or a zip archive — and Virgil runs security scanners in an isolated sandbox, then produces findings, ranked priorities, reports, and an evidence-grounded chat about the results. These terms are an agreement between you and Virgil (“we”, “us”). By creating an account or submitting code, you accept them.

02your account

Sign-in is via Google. You are responsible for activity under your account and for keeping access to it secure. You must be legally able to enter this agreement.

03authorization to scan

You may only submit code that you own or that you are explicitly authorized to analyze. Submitting someone else’s code without permission is a violation of these terms and may be unlawful. Each submission is your confirmation that you hold that authorization.

04credits and payment

New accounts receive free audit credits. Additional credits are sold in packs — current prices are listed on the pricing page. Payments are processed by our payment provider acting as merchant of record; we never see your card details. A credit is consumed only when a submission is accepted and an audit is queued — rejected submissions are refunded automatically. Credits never expire. See the refund policy.

05acceptable use

You agree not to:

— submit code you are not authorized to analyze;
— use the service for any unlawful purpose, or to prepare attacks against systems you do not control;
— attempt to make the service generate exploit code, attack instructions, or other content it is designed to refuse;
— probe, disrupt, or overload the service, or attempt to escape the analysis sandbox;
— resell or white-label the service without a written agreement with us.

06your code and data

You keep all rights to the code you submit. We process it solely to produce your audit: scanners run against it in an isolated, network-disabled sandbox, and your code is never executed. Detected secrets are masked before results are stored and before any excerpt reaches an AI model. Details are in the privacy policy.

07reports are informational

Audit results are generated by automated tools and AI-assisted analysis. They may contain false positives and may miss real issues. A clean report is not a guarantee that your code is secure, and nothing in the service is legal, compliance, or professional security advice. The service is audit-only by design: it explains risk and defensive direction, and does not produce exploits, patches, or attack instructions.

08availability and changes

The service is provided “as is” and “as available”. We may change, suspend, or discontinue features, and we may update these terms — material changes will be reflected on this page with a new date. Continued use after a change is acceptance of it.

09limitation of liability

To the maximum extent permitted by law, we are not liable for indirect, incidental, special, or consequential damages, or for loss of data, profits, or business, arising from use of the service. Our total liability for any claim is limited to the amount you paid us in the twelve months before the claim arose.

10termination

You may stop using the service and request account deletion at any time. We may suspend or terminate accounts that violate these terms. On termination, unused paid credits are handled per the refund policy.

11governing law and contact

These terms are governed by the laws of Pakistan. Questions: ayaanmalik6099@gmail.com.