Terms of Service

AEDSC (“the Service”, “we”) is a Solidity static-analysis service. It wraps open-source detectors (Slither, Aderyn — and Mythril where infrastructure permits) and surfaces their findings via:

• The web demo at aedsc.xyz/scan/ and the live widget on the homepage.
• The MIT-licensed npm CLI aedsc which can run scans locally on your own machine.
• The hosted backend at scan.aedsc.xyz and the aedsc-action GitHub Action that posts findings on pull requests.

AEDSC is not a substitute for a manual security audit by qualified engineers (such as Trail of Bits, OpenZeppelin, Halborn, or Cyfrin). Static analysis catches common, mechanical vulnerability classes — it cannot prove a contract is safe. It cannot reason about your business logic, your tokenomics, economic incentives, MEV exposure, oracle assumptions, or governance attack surface.

You acknowledge that AEDSC is a tool, not an opinion, not an attestation, and not insurance. You alone are responsible for the security of any code you deploy to mainnet or any production network.

The Service is provided “AS IS” and “AS AVAILABLE” without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, accuracy, completeness, or non-infringement.

We do not warrant that the Service will be uninterrupted, that findings will be exhaustive, that the absence of a finding means a contract is safe, that detectors will run on every supported Solidity version, or that any specific vulnerability class will be caught.

To the maximum extent permitted by law, the operator's total aggregate liability to you for any and all claims arising out of or relating to the Service is capped at the amount you have paid us in the twelve (12) months preceding the claim, with a hard ceiling of €1,000 regardless of payment history.

We are not liable for any loss of funds, indirect, consequential, incidental, special, or punitive damages — including but not limited to losses arising from smart contract exploits, hacks, rug-pulls, frontrunning, MEV, oracle manipulation, governance attacks, downtime, missed findings, false negatives, or your reliance on a scan report.

Your sole and exclusive remedy in any dispute is cancellation of your subscription and, where applicable, a pro-rated refund of unused time as set out in the Refund Policy.

The free tier provides the public hosted scanner at scan.aedsc.xyz (rate-limited to 8 demo scans per hour per IP and 3 hosted async scans per hour per email), the MIT-licensed CLI, and the GitHub Action.

Paid plans (currently Founder Pro at €29 / month) are billed via Stripe. You may cancel at any time from the Stripe customer portal; cancellation prevents the next renewal but does not refund the current period except under the Refund Policy. Failure to pay terminates the subscription at the end of the paid period.

The lifetime tier was retired on 2026-05-27. No lifetime seats were sold; nothing is owed.

You retain full ownership of any Solidity source you submit. By using the Service you grant us a limited, non-exclusive, non-transferable license to process that source solely for the purpose of running the scan and emailing you the report.

We store submitted source under /var/lib/aedsc/scans/<id>/ on our hosted backend for 30 days (so we can re-send a report if needed) and then delete it. SHA-256 hashes of source bytes are used as a cache key — identical contracts return a cached result without rerunning the engines. We do not sell, share, or republish your source. Anonymous aggregate statistics about finding types may be kept. Write to contact@aedsc.xyz for immediate deletion.

You may not use the Service to (a) scan code you do not own or have explicit authorization to analyze; (b) probe, reverse- engineer, or DoS the infrastructure; (c) submit content designed to crash or compromise the underlying detectors; (d) extract, republish, or resell the scan output of the Service as your own product or under a competing brand. We reserve the right to throttle or refuse service to anyone at our sole discretion.

The aedsc-action GitHub Action runs the open-source aedscCLI inside your repository's GitHub Actions runner, then optionally POSTs the resulting findings to scan.aedsc.xyz for triage. The same data and retention policy in Section 6 applies. If you do not want any source to leave your runner, set the input upload: false in your workflow — the Action will comment findings on the PR using only the local CLI output, no backend hit.

We may update these Terms. Material changes will be announced by email to active paid subscribers at least 14 days before they take effect. The non-material changelog of this document is kept in the public site repository's git history.

You agree to indemnify and hold harmless the operator of AEDSC (Alessandro, Lyon, France) from any claim, liability, loss, or expense arising out of (a) your use of the Service, (b) your violation of these Terms, (c) your violation of any third-party right, or (d) any contract you deploy to a production network after using the Service.

These Terms are governed by French law. Any dispute that cannot be resolved by direct communication will be brought before the competent courts of Lyon, France.

A real human (Alessandro) reads every message sent to contact@aedsc.xyz — usually within a few hours.