Vibe Code Audits

Terms of Service

Last updated: 1 February 2025

These terms of service ("Terms") govern your use of the Vibe Code Audit website and services operated by Further Forward Innovation Ltd ("we", "us", "our"), a company registered in England and Wales. By placing an order or using our services, you agree to be bound by these Terms.

1. Service Description

Vibe Code Audit provides manual security review services for web application codebases, with a focus on applications built using AI-assisted coding tools. Our services include, depending on the package purchased:

  • Code review and security analysis of your application source code.
  • A written report detailing identified vulnerabilities, risk levels, and recommended fixes.
  • Video walkthrough of findings (Full Audit and Production Ready packages).
  • Implementation of security fixes (Production Ready package only).
  • Follow-up email support as specified in your package.

Our audits are advisory in nature. While we strive to identify all significant security issues, no security review can guarantee the discovery of every vulnerability. Our reports represent our professional assessment at the time of the audit based on the code provided.

2. Ordering and Payment

  • All prices are displayed in British Pounds Sterling (GBP) and are exclusive of VAT where applicable.
  • Payment is taken at the time of order via Stripe. We accept major credit and debit cards.
  • An order confirmation will be sent to your email address upon successful payment.
  • Your audit will commence once we have received both payment and access to your codebase.
  • We reserve the right to change our prices at any time. Price changes will not affect orders already placed.

3. Scope of Work

The scope of each audit is determined by the package purchased as described on our pricing page at the time of order. Specifically:

  • Security Scan: Focused review of a single codebase up to 50 files, covering authentication, API routes, secrets management, and database security fundamentals.
  • Full Audit: Comprehensive review of a single application or monorepo with no file limit, including infrastructure configuration, third-party integrations, and OWASP Top 10 assessment.
  • Production Ready: Full audit plus hands-on implementation of critical and high-severity security fixes, with 30 days of follow-up support.

Work outside the defined scope requires a separate agreement. We will notify you if during the audit we identify areas that fall outside your package scope but warrant attention.

4. Turnaround Times

  • Security Scan: 3 business days from receipt of code access.
  • Full Audit: 7 business days from receipt of code access.
  • Production Ready: 10-12 business days from receipt of code access.

Turnaround times are estimates and begin when we have confirmed receipt of your codebase. We will notify you if we expect any delays. Turnaround times may be affected by the complexity of your codebase or delays in receiving code access. Business days exclude weekends and UK public holidays.

5. Your Obligations

To allow us to perform the audit effectively, you agree to:

  • Provide timely access to your codebase (via GitHub, GitLab, or ZIP upload) after purchase.
  • Ensure you have the legal right to grant us access to the code being audited.
  • Provide any necessary context about your application (tech stack, deployment environment) when requested.
  • Respond to clarifying questions within a reasonable timeframe to avoid delays.

6. Confidentiality

We treat all code, documentation, and information you provide as confidential. Specifically:

  • Your code will be accessed only by the security engineer assigned to your audit.
  • We will not share, publish, or disclose your code or audit findings to any third party.
  • All copies of your code and working materials are permanently deleted within 30 days of report delivery.
  • We will not use your code for training, benchmarking, or demonstration purposes.
  • If you require a custom non-disclosure agreement, we are happy to sign one before you share your code.

7. Intellectual Property

  • You retain all intellectual property rights in your source code. Granting us access for audit purposes does not transfer any rights.
  • The audit report, including its structure, analysis, and recommendations, is our intellectual property. Upon full payment, we grant you a non-exclusive, perpetual licence to use the report for your internal business purposes.
  • You may not publish, resell, or redistribute our audit reports without our prior written consent.
  • For Production Ready packages, any code we write as part of implementing fixes becomes your property upon delivery.

8. Limitations of Liability

  • Our audit service is advisory. We do not guarantee that your application will be free from all vulnerabilities after our review.
  • We are not liable for any security incidents, data breaches, or losses that occur before, during, or after our audit.
  • Our total liability under these Terms is limited to the amount you paid for the specific audit service in question.
  • We are not liable for any indirect, incidental, special, or consequential damages, including lost profits, lost data, or business interruption.
  • Nothing in these Terms excludes or limits our liability for death or personal injury caused by our negligence, fraud, or any other liability that cannot be excluded by law.

9. Refund Policy

  • Before audit begins: If you request a refund before we have accessed your codebase and started work, we will issue a full refund.
  • After audit begins: Once we have accessed your code and commenced the audit, refunds are not available as the work has been substantially performed.
  • Dissatisfaction: If you are unsatisfied with the quality of the audit, contact us within 14 days of report delivery. We will review your concerns and, at our discretion, provide additional analysis or a partial refund.

10. Cancellation

You may cancel your order at any time before we access your codebase for a full refund. Under the Consumer Contracts Regulations 2013, you have a 14-day right to cancel from the date of purchase. However, by providing your code and requesting that we begin work within the cancellation period, you acknowledge that you may lose this right of cancellation once the service has been fully performed.

11. Governing Law

These Terms are governed by and construed in accordance with the laws of England and Wales. Any disputes arising from or in connection with these Terms or our services shall be subject to the exclusive jurisdiction of the courts of England and Wales.

12. Changes to These Terms

We may update these Terms from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes are posted constitutes acceptance of the revised Terms. Material changes will be communicated to existing customers by email.

13. Contact

If you have any questions about these Terms, please contact us: