GraphNode

Terms of Service

Last updated: March 17, 2026

These Terms of Service govern your access to and use of the GraphNode platform. By accessing or using our services, you agree to be bound by these terms.

01

Acceptance of Terms

By accessing, browsing, or using the GraphNode platform (the "Platform"), whether as an individual user or on behalf of an organization, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service ("Terms"), together with our Privacy Policy, which is incorporated herein by reference.

If you are entering into these Terms on behalf of a company, organization, or other legal entity ("Customer"), you represent and warrant that you have the authority to bind such entity to these Terms. If you do not have such authority, or if you do not agree with these Terms, you must not accept these Terms and may not access or use the Platform.

These Terms constitute a legally binding agreement between you (or the entity you represent) and GraphNode ("GraphNode," "we," "us," or "our"). Your continued use of the Platform following any modifications to these Terms constitutes acceptance of those modifications.

02

Definitions

  • "Platform" means the GraphNode web application, APIs, scanning engines, reporting tools, and all associated services provided by GraphNode under a Subscription.
  • "Customer" means the legal entity that has entered into a Subscription agreement with GraphNode and is responsible for payment of Fees.
  • "Users" or "Authorized Users" means individuals who are authorized by the Customer to access the Platform under the Customer's Subscription, including but not limited to employees, contractors, and agents of the Customer.
  • "Administrator" means a User designated by the Customer with elevated privileges to manage the Customer's account, including provisioning Users, configuring settings, managing scans, and viewing analytics.
  • "Content" means all security rules, scanning configurations, vulnerability databases, documentation, reports, and other resources made available through the Platform by GraphNode.
  • "Customer Data" means all data submitted to or generated within the Platform by or on behalf of the Customer and its Users, including source code, scan results, vulnerability reports, and usage analytics.
  • "Subscription" means the right granted to the Customer to access and use the Platform for a defined period, subject to the terms of an applicable order form or subscription agreement and these Terms.
  • "Fees" means all charges payable by the Customer for the Subscription, as set forth in the applicable order form or subscription agreement.

03

Account & Access

Enterprise Accounts

Access to the Platform is provisioned through enterprise Customer accounts. Each Customer account is managed by one or more designated Administrators who are responsible for configuring the account, provisioning and deprovisioning Users, and managing access permissions.

User Provisioning

The Customer may provision Users via manual invitation, single sign-on (SSO) with just-in-time provisioning, or automated provisioning through SCIM (System for Cross-domain Identity Management). The total number of active Users must not exceed the seat limit specified in the Customer's Subscription.

Credential Security

Each User must maintain a unique set of login credentials. Sharing of credentials between individuals is strictly prohibited. The Customer is responsible for ensuring that its Users safeguard their login credentials and promptly notify GraphNode of any unauthorized access or security breach.

Administrator Responsibilities

The Customer's Administrators are responsible for: (a) managing User access and permissions; (b) ensuring compliance with the Customer's seat allocation; (c) configuring SSO and SCIM integrations where applicable; (d) overseeing scan configurations and project management; and (e) acting as the primary point of contact for account-related inquiries.

Access Restrictions

GraphNode reserves the right to suspend or terminate access to any User account that violates these Terms or poses a security risk to the Platform, with reasonable notice to the Customer except in cases of imminent security threats.

04

Subscription & Fees

Subscription Plans

GraphNode offers enterprise subscription plans based on the number of authorized Users, the scope of Content and features included, and the duration of the Subscription term. Specific pricing, features, and terms are detailed in the applicable order form or subscription agreement executed between the Customer and GraphNode.

Invoicing & Payment

Unless otherwise specified in the applicable order form, all Fees are invoiced annually in advance. Payment is due within thirty (30) days of the invoice date ("Net-30"). All Fees are quoted and payable in United States dollars (USD) unless otherwise agreed in writing.

Late Payments

Overdue amounts shall accrue interest at a rate of 1.5% per month (or the maximum rate permitted by applicable law, whichever is lower). GraphNode reserves the right to suspend access to the Platform for any Customer account with Fees outstanding for more than fifteen (15) days past the due date, upon ten (10) days' prior written notice.

Taxes

All Fees are exclusive of applicable taxes, levies, or duties imposed by taxing authorities. The Customer is responsible for all such taxes, excluding taxes based on GraphNode's net income.

Subscription Renewal

Unless either party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current Subscription term, the Subscription shall automatically renew for successive periods equal to the original term at GraphNode's then-current list pricing.

No Refunds

Except as expressly stated in these Terms or required by applicable law, all Fees paid are non-refundable.

05

Intellectual Property

GraphNode Ownership

GraphNode and its licensors retain all right, title, and interest in and to the Platform, including all software, algorithms, user interfaces, designs, security rules, scanning engines, documentation, trademarks, and any derivative works thereof. These Terms do not grant the Customer any rights to GraphNode's intellectual property except for the limited access rights expressly set forth herein.

Customer Data Ownership

The Customer retains all right, title, and interest in and to Customer Data. The Customer grants GraphNode a limited, non-exclusive, worldwide license to use, process, and store Customer Data solely as necessary to provide and improve the Platform and related services during the Subscription term.

Aggregated Data

GraphNode may collect and use aggregated, anonymized, and de-identified data derived from the Customer's use of the Platform for purposes including but not limited to product improvement, benchmarking, and industry research. Aggregated Data shall not identify the Customer or any individual User.

Feedback

If the Customer or any of its Users provides suggestions, enhancement requests, recommendations, or other feedback regarding the Platform, GraphNode shall have an unrestricted, perpetual, irrevocable, royalty-free license to use, incorporate, and commercialize such Feedback without obligation or compensation to the Customer.

06

Acceptable Use

The Customer and its Users agree to use the Platform solely for its intended purpose of application security testing and vulnerability management. The following activities are strictly prohibited:

  • Reverse Engineering. Decompiling, disassembling, reverse engineering, or otherwise attempting to derive the source code, algorithms, or underlying architecture of the Platform or any of its components.
  • Credential Sharing. Sharing, transferring, or allowing use of User credentials by any individual other than the authorized User to whom they were issued.
  • Automated Access. Using bots, scrapers, crawlers, or other automated tools to access, extract, download, or index any Content or data from the Platform without prior written authorization from GraphNode.
  • Content Redistribution. Copying, reproducing, distributing, publishing, or otherwise making available any Content from the Platform to third parties outside of the Customer's organization without prior written consent.
  • Circumvention. Attempting to bypass, disable, or circumvent any security measures, access controls, usage limits, or technical protections implemented on the Platform.
  • Interference. Engaging in any activity that disrupts, degrades, or interferes with the performance, availability, or integrity of the Platform or its underlying infrastructure.
  • Unlawful Use. Using the Platform for any purpose that is unlawful, fraudulent, or in violation of any applicable local, state, national, or international law or regulation.
  • Competitive Purposes. Using the Platform or its Content to develop, train, or improve a competing product or service.

07

Data Privacy

Privacy Policy

The collection, use, storage, and processing of personal data by GraphNode is governed by our Privacy Policy, which is incorporated into these Terms by reference.

Data Processing

Where GraphNode processes personal data on behalf of the Customer, GraphNode acts as a data processor and the Customer acts as the data controller. Upon request, GraphNode will enter into a Data Processing Agreement (DPA) that supplements these Terms.

Regulatory Compliance

GraphNode is committed to compliance with applicable data protection regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

Sub-processors

GraphNode may engage third-party sub-processors to assist in providing the Platform. A current list of sub-processors is available upon request. GraphNode will notify the Customer of any changes to its sub-processors at least thirty (30) days in advance.

08

Confidentiality

Definition

"Confidential Information" means any non-public information disclosed by one party to the other party in connection with these Terms that is designated as confidential or that a reasonable person would understand to be confidential. This includes business plans, technical data, product roadmaps, customer lists, pricing information, and the terms of any order form or subscription agreement.

Obligations

The Receiving Party agrees to: (a) hold all Confidential Information in strict confidence; (b) not disclose Confidential Information to any third party except to its employees, agents, or contractors who have a need to know and who are bound by confidentiality obligations at least as protective as those set forth herein; and (c) use Confidential Information solely for the purpose of fulfilling its obligations or exercising its rights under these Terms.

Duration

The confidentiality obligations shall survive the termination or expiration of these Terms for a period of three (3) years, except with respect to trade secrets, which shall be protected for as long as they retain their trade secret status under applicable law.

09

Service Availability

Uptime Commitment

GraphNode targets a service availability of 99.9% measured on a monthly basis, excluding scheduled maintenance windows and force majeure events.

Scheduled Maintenance

GraphNode may perform scheduled maintenance during off-peak hours (typically Sundays 02:00-06:00 UTC). Customers will receive at least seventy-two (72) hours' advance notice of any scheduled maintenance expected to result in service downtime.

Service Credits

If GraphNode fails to meet the Uptime SLA in any given calendar month, the Customer may be eligible for service credits as set forth in the applicable service level agreement or order form.

10

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, DATA, BUSINESS OPPORTUNITIES, GOODWILL, OR ANTICIPATED SAVINGS, ARISING OUT OF OR RELATED TO THESE TERMS, REGARDLESS OF THE THEORY OF LIABILITY.

EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY THE CUSTOMER TO GRAPHNODE DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

11

Indemnification

Indemnification by GraphNode

GraphNode shall defend, indemnify, and hold harmless the Customer and its officers, directors, employees, and agents from and against any third-party claims alleging that the Customer's authorized use of the Platform infringes or misappropriates such third party's intellectual property rights.

Indemnification by Customer

The Customer shall defend, indemnify, and hold harmless GraphNode from and against any third-party claims arising from: (a) the Customer's violation of these Terms; (b) the Customer's use of the Platform in a manner not authorized by these Terms; or (c) Customer Data that infringes the rights of a third party.

12

Termination

Termination for Convenience

Either party may terminate the Subscription by providing at least thirty (30) days' prior written notice before the end of the then-current Subscription term.

Termination for Cause

Either party may terminate these Terms immediately upon written notice if the other party materially breaches these Terms and fails to cure such breach within thirty (30) days of receiving written notice.

Data Export

Following termination, GraphNode will make Customer Data available for export for a period of thirty (30) days in a standard machine-readable format (e.g., CSV or JSON). After this period, GraphNode shall delete all Customer Data from its active systems.

13

Governing Law

These Terms are governed by the laws of the Republic of Turkey. Any disputes arising from these Terms shall be subject to the jurisdiction of the courts of the Republic of Turkey.

14

Changes to Terms

GraphNode reserves the right to modify these Terms at any time. For material changes, we will provide at least thirty (30) days' advance written notice to the Customer's designated Administrator via email. The Customer's continued use of the Platform after the effective date constitutes acceptance of the updated Terms.

15

Contact

Legal Entity: GraphNode Software

Address: Bahcelievler Mah. 319 Cad. E Blok (Teknokent) No:35E B24, Golbasi / Ankara, Turkey

Email: legal@graphnodesoftware.com

We will make commercially reasonable efforts to respond to all inquiries within five (5) business days.