Skip to contentAgent? Read agent.txt
DocumentationChangelog

Terms of Service

Effective March 17, 2026

These terms govern your use of the Decoy website and security service ("Service"). By using the Service, you agree to these terms. If you do not agree, do not use the Service.

1. Description of service

Decoy provides MCP threat intelligence and security testing for AI agent pipelines. The Service includes tripwire detection, vulnerability scanning, threat feeds, and automated testing. The Decoy Scan, Tripwire, and Red Team CLIs are released under the MIT License.

2. Accounts

You must register with a valid email address. You are responsible for keeping your API tokens and credentials secure. Notify us immediately if you believe your account has been compromised.

3. Acceptable use

You agree not to:

  • Use the Service for illegal activity
  • Attempt to access accounts that are not yours
  • Abuse the API beyond published rate limits
  • Reverse engineer the platform
  • Resell or redistribute the Service without authorization

4. Plans and billing

We offer three tiers:

  • Free — no charge, single user
  • Team — $29 per user per month ($23/user/mo billed annually)
  • Business — $99 per user per month ($79/user/mo billed annually)

Paid plans are billed through Stripe at the per-user rate × number of seats. You can add or remove teammates at any time; seat changes prorate immediately. You can cancel any time; features remain active through the end of your current billing period. We do not issue refunds for partial billing periods.

5. Data and privacy

Your use of the Service is also governed by our Privacy Policy. Trigger data is retained for 90 days and then automatically deleted.

6. Open source components

Decoy Scan, Tripwire, and Red Team CLIs are licensed under the MIT License. The Decoy backend, dashboard, and hosted services remain proprietary.

7. Disclaimer of warranties

The Service is provided "as is" without warranty of any kind, express or implied. Detection is not guaranteed. Decoy is a detection layer, not a guarantee of security.

8. Limitation of liability

Decoy is not liable for any indirect, incidental, special, consequential, or punitive damages, including loss of data or business interruption.

9. Changes to these terms

For material changes we will notify you by email or a notice on the website. Continued use of the Service after changes take effect signals acceptance.

10. Termination

We may suspend or terminate accounts that violate these terms. You may delete your account at any time; associated data is removed within 30 days.

11. Governing law

These terms are governed by the laws of the State of California. Disputes will be resolved in California courts.

12. Contact

Questions about these terms? Email [email protected].