apppulse

AppPulse — Terms of Service

Effective date: [TO BE SET ON LAUNCH DAY] Last updated: May 7, 2026 Version: 1.0

DISCLAIMER: These Terms are a starting template based on common SaaS practices. Before going live, have them reviewed by a US attorney (LegalZoom $50–$200, or a Fiverr contract attorney) and a Nigerian attorney for cross-border enforceability. Do NOT publish without legal review.

1. The Parties

These Terms of Service ("Terms") govern your use of AppPulse, a service provided by Malon Global Tech LLC, a Delaware limited liability company with operations in Lagos, Nigeria ("AppPulse," "we," "us," or "our"). By using AppPulse, you ("Customer," "you," or "your") agree to these Terms.

If you are using AppPulse on behalf of a company or other entity, you represent that you have the authority to bind that entity to these Terms, in which case "you" or "Customer" includes that entity.

Until Malon Global Tech LLC is formed (target: Month 1 post-revenue), the Service is operated by Olamide Omotere as a sole proprietor based in Lagos, Nigeria. References to "Malon Global Tech LLC" in these Terms refer to Olamide Omotere personally during this transitional period.

2. The Service

AppPulse provides automated and human-augmented audits of web and mobile applications, including but not limited to:

  • Free Scan (automated audit, no charge)
  • Spot Check, Standard Audit, Investor-Ready Audit (one-time paid audits)
  • Cost Optimization Audit, AI-Feature Safety Audit (specialized one-time audits)
  • Continuous Monitoring (subscription-based recurring audits)

AppPulse delivers findings — observations, severity ratings, recommendations, and supporting evidence — in the form of PDF reports, in-application interactive viewers, video walkthroughs, and email notifications.

AppPulse does not implement fixes. All remediation is the Customer's responsibility unless explicitly contracted under a separate agreement.

3. Eligibility & Authorization

3.1 Age and Capacity

You must be at least 18 years old and capable of entering into legally binding agreements to use AppPulse.

3.2 Authorization to Audit

You represent and warrant that:

(a) You own the application(s) and infrastructure being audited, OR (b) You have explicit, documented authority from the rightful owner to authorize an audit of the specified target.

You agree to indemnify and hold AppPulse harmless from any third-party claim arising from your lack of such ownership or authority.

3.3 Prohibited Targets

You may not request audits of:

  • Applications you do not own or have authority over
  • Government or military systems without explicit written consent
  • Critical infrastructure (utilities, transportation, healthcare core systems)
  • Any system whose audit would violate applicable law

We reserve the right to refuse or terminate any audit at our sole discretion if we suspect a target is unauthorized or unsuitable.

4. Audit Scope and Methodology

4.1 Non-Destructive Testing Only

All AppPulse audits are passive and non-destructive. We do not perform:

  • Denial-of-service testing
  • Data destruction or modification
  • Active exploitation beyond proof-of-vulnerability
  • Social engineering or phishing
  • Physical security testing

If you require destructive testing or active exploitation, you must obtain it from a separate penetration-testing vendor under a separate contract.

4.2 Scope Per Tier

The specific checks performed depend on the audit tier you select. Tier scopes are documented at apppulse.net/pricing and may be updated from time to time.

4.3 Limitations of Findings

An AppPulse audit identifies issues observable at the time of testing using the methodology and tooling we employ. An audit does not guarantee the absence of all vulnerabilities, all performance issues, or all cost inefficiencies. Security and quality require ongoing attention beyond any single audit.

5. Access Requirements

5.1 Tier-Specific Access

You agree to grant the following access as required for each audit tier:

  • Free Scan: Public URL only
  • Spot Check: Public URL + GitHub App install (read-only) OR opt-out for reduced depth
  • Standard Audit: Spot Check requirements + read-only Postgres role + test credentials for an account on your application
  • Investor-Ready Audit: Standard requirements + completed discovery call
  • Cost Optimization Audit: Spot Check requirements + read-only access to cloud billing dashboards
  • AI-Feature Safety Audit: Spot Check requirements + LLM provider API logs (last 30 days)

5.2 Service Activation Policy

(a) Payment reserves your audit slot. The audit clock starts only when required access is granted.

(b) You have fourteen (14) days from payment to grant access. During this window, the audit is paused.

(c) If access is not granted within 14 days, your order auto-cancels and a fifty percent (50%) credit is issued toward future audits, valid for six (6) months. The remaining 50% covers reserved capacity and payment processing.

(d) Partial access equals full price. If GitHub App is granted but the database role is not, we audit what is accessible at full price. The report will explicitly state scope limitations.

(e) If technical failure on our infrastructure prevents the audit and the failure is genuinely caused by us (not by your access provision), you receive a full refund minus a $25 processing fee.

(f) No refunds are issued once audit deliverables (PDF, Loom, or both) have been transferred to you, except as specified in the Quality Guarantee (Section 7).

5.3 Test Credentials

When you provide test credentials for post-login audits, you agree:

  • The credentials are for a throwaway test account, not a real user account
  • You authorize AppPulse and its reviewers to log in using those credentials
  • We will not modify, delete, or transmit any data accessed via those credentials except as needed for audit findings
  • Test credentials are deleted from our systems within 30 days of audit delivery

6. Pricing & Payment

6.1 Fees

Current pricing is published at apppulse.net/pricing. We reserve the right to change pricing for new customers at any time. Existing subscribers will receive at least 30 days' written notice before any subscription price change affecting their plan.

6.2 Payment Methods

We accept payment via Stripe. Supported methods include major credit and debit cards, ACH (US), SEPA (EU), and other Stripe-supported methods.

6.3 Taxes

All fees are exclusive of taxes. You are responsible for any applicable sales tax, VAT, GST, withholding tax, or other taxes in your jurisdiction. We may collect and remit sales tax where required.

6.4 One-Time Audits

One-time audit fees are billed upfront at the time of order. Refunds follow the Service Activation Policy (Section 5.2) and Quality Guarantee (Section 7).

6.5 Subscriptions

Continuous Monitoring subscriptions are billed monthly or annually in advance. Subscriptions auto-renew unless cancelled. You may cancel at any time via the customer dashboard. Cancellation takes effect at the end of the current billing period.

6.6 Failed Payments

If a recurring payment fails, we will retry over 7 days. If unresolved, the subscription pauses and the Verified badge deactivates. You may resume by updating your payment method.

6.7 Late Payments

For invoiced (non-Stripe) arrangements with enterprise customers, late payments accrue interest at 1.5% per month or the maximum rate permitted by applicable law, whichever is lower.

7. Quality Guarantee

If a paid one-time audit (Spot Check, Standard, Cost Optimization, AI-Feature Safety, or Investor-Ready) surfaces fewer than three (3) valid findings of Medium severity or higher, you may request a fifty percent (50%) refund within seven (7) days of delivery.

A "valid finding" is one that, in good faith, accurately describes a real condition of your application as of the time of audit. Disputed findings are resolved by the AppPulse team in good faith based on technical evidence.

No 100% refund is offered under the Quality Guarantee. The 50% floor reflects time spent reviewing and producing the report regardless of finding count.

8. Customer Data and Confidentiality

8.1 Confidentiality

Each party agrees to keep confidential all non-public information of the other party disclosed in connection with the Service ("Confidential Information"). Confidential Information shall be used solely to perform or receive the Service and not disclosed to third parties without prior written consent. The obligations in this Section survive termination for three (3) years.

8.2 Source Code Handling

Source code accessed via GitHub App or CLI is processed in an ephemeral sandbox. Source code is not persisted to our database or storage beyond the duration of the scan. Findings — but not source code itself — are persisted per the Retention Policy (Section 8.5).

8.3 Customer Credentials

We store only what is required to perform the audit, encrypted at rest:

  • Stripe customer IDs
  • GitHub App installation tokens (managed by GitHub)
  • Test credentials provided by you (deleted within 30 days of audit delivery)
  • Email and basic profile information

We do not store:

  • Source code beyond ephemeral scan windows
  • Database contents (we only read schema and findings)
  • LLM provider API keys (we use yours via OAuth where possible, otherwise deleted post-scan)

8.4 Aggregated Use

We may use anonymized and aggregated findings for marketing, case studies, product improvement, and the AppPulse Findings Feed. No Customer-identifying information will be used without your prior consent.

8.5 Retention Policy

  • Free scan reports and findings: 30 days from delivery, then auto-deleted
  • Paid one-time audit reports and findings: 12 months active access + 12 months cold archive, then auto-deleted
  • Monitoring scan data: Retained throughout subscription + 90 days post-cancellation
  • Customer-initiated deletion request: Honored within seven (7) days

8.6 Data Processing Agreement

If you require a Data Processing Agreement (DPA) under GDPR, CCPA, or other privacy law, see data-processing-agreement.md or request a copy via email.

9. Public Verified Wall and Findings Feed

9.1 Verified Wall

If you subscribe to Continuous Monitoring and your application maintains an A or B AppPulse Score, you may opt in to public listing on apppulse.net/verified. By opting in, you authorize us to publicly display:

  • Application name and URL
  • Logo and screenshot (you provide or we generate)
  • AppPulse Score (letter grade only)
  • "Verified since" date
  • Stack tags
  • Customer testimonial (if you provide one)

You may opt out at any time. Opting out removes your profile within seven (7) days.

9.2 Anonymized Findings Feed

We publish anonymized findings on apppulse.net/findings and in our weekly newsletter. All published findings are stripped of identifying information (URL, customer name, code excerpts that could identify the source). Stack-level tags are used (e.g., "Lovable-built SaaS") rather than specific identifiers.

You may request that findings from your application be excluded from the feed by emailing us within 30 days of audit delivery. By default, anonymized inclusion is permitted.

9.3 Lapsed Verified Profiles

If you cancel monitoring or your score drops below B, your Verified profile is archived as "Verified [date range]" and remains publicly visible as a historical record. You may request deletion of the archived profile by emailing us; deletion is honored within 30 days.

10. Intellectual Property

10.1 Our Property

AppPulse software, scanners, methodologies, checklists, scripts, templates, and brand are our exclusive property and remain so. You acquire no ownership of any of the foregoing.

10.2 Your Property

You retain all rights to your application, source code, data, and infrastructure. Nothing in these Terms transfers ownership of your property to us.

10.3 Audit Reports

Audit reports delivered to you are licensed on a perpetual, non-exclusive, non-transferable basis for your internal use upon full payment. You may share the report with your team, contractors, board, investors, and acquirers. You may not republish the report publicly without our prior written consent.

10.4 Verified Badge

The AppPulse Verified badge is licensed for use only on the specific application audited and only while your subscription is active and your score qualifies. Misuse of the badge (using it on other apps, displaying after deactivation) is a material breach of these Terms.

11. Acceptable Use

You agree not to:

(a) Submit URLs you do not own or are not authorized to audit (b) Use AppPulse to violate any law or third-party right (c) Reverse engineer, decompile, or attempt to extract source code from AppPulse beyond what is publicly documented (d) Resell AppPulse audits without a written white-label agreement (e) Submit known-malicious code or binaries via our CLI tools (f) Spam, abuse rate limits, or attempt to circumvent throttling (g) Impersonate another person or entity (h) Use the Verified badge in misleading ways

We may suspend or terminate accounts that violate these Acceptable Use Rules.

12. Warranties and Disclaimers

12.1 Limited Warranty

We warrant that the Service will be performed in a professional manner consistent with industry practice. Your sole remedy for breach of this warranty is, at our option, re-performance of the affected audit or refund per the Quality Guarantee.

12.2 Disclaimer

EXCEPT AS EXPRESSLY STATED, THE SERVICE AND ALL DELIVERABLES ARE PROVIDED "AS IS" AND "AS AVAILABLE." WE DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE, THAT FINDINGS WILL BE COMPLETE OR EXHAUSTIVE, OR THAT AUDITED APPLICATIONS WILL BE FREE OF VULNERABILITIES.

13. Limitation of Liability

EXCEPT FOR BREACHES OF SECTION 8 (CONFIDENTIALITY) OR YOUR INDEMNITY OBLIGATIONS, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING LOSS OF REVENUE, PROFITS, DATA, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL CUMULATIVE LIABILITY UNDER THESE TERMS SHALL NOT EXCEED THE GREATER OF (A) THE FEES PAID BY YOU IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED US DOLLARS ($100).

14. Indemnification

14.1 Your Indemnification of Us

You agree to defend, indemnify, and hold AppPulse harmless from any claim, loss, damage, liability, or expense (including reasonable attorney fees) arising from:

(a) Your breach of these Terms (b) Your lack of authorization for any application you submit (c) Your provision of false or misleading information (d) Your misuse of the Verified badge or audit reports (e) Your violation of any law or third-party right

14.2 Our Indemnification of You

We will defend you against any third-party claim that your authorized use of the Service infringes that third party's intellectual property rights, and will pay damages finally awarded against you, provided you promptly notify us of the claim and cooperate in defense.

15. Term and Termination

15.1 Term

These Terms are effective when you first use the Service and continue until terminated.

15.2 Termination by You

You may terminate by ceasing use of the Service. If you have an active subscription, follow Section 6.5 to cancel.

15.3 Termination by Us

We may terminate or suspend your access immediately, without notice, for:

(a) Material breach of these Terms (b) Suspected fraud or abuse (c) Non-payment after the cure period (d) Legal compulsion

15.4 Effect of Termination

Upon termination:

(a) Your right to use the Service ceases (b) We will provide a data export upon request within 30 days (c) After 90 days post-termination, we may delete your data per the Retention Policy (d) Sections that by their nature survive (Confidentiality, IP, Liability, Indemnification, Dispute Resolution) remain in effect

16. Governing Law and Disputes

16.1 Governing Law

These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict-of-law principles.

16.2 Informal Resolution

Before filing a claim, the parties shall attempt to resolve the dispute informally for thirty (30) days, beginning with written notice to the other party.

16.3 Binding Arbitration

If informal resolution fails, all disputes shall be resolved by binding arbitration administered by JAMS under its Streamlined Arbitration Rules. Arbitration shall be seated in Wilmington, Delaware. The arbitrator's decision shall be final and enforceable in any court of competent jurisdiction.

16.4 Class Action Waiver

You and AppPulse agree to bring any dispute on an individual basis only. Class actions and class arbitrations are waived.

16.5 Carve-Outs

Notwithstanding the foregoing, either party may seek injunctive relief in any court of competent jurisdiction for breaches of confidentiality, intellectual property infringement, or unauthorized use of the Service.

17. Changes to These Terms

We may update these Terms from time to time. Material changes will be communicated via email at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Terms.

18. General Provisions

18.1 Entire Agreement

These Terms, together with the Privacy Policy and any Order Form, are the entire agreement between you and us. They supersede any prior oral or written communications.

18.2 Severability

If any provision is held unenforceable, the remaining provisions remain in effect.

18.3 No Waiver

Failure to enforce any provision is not a waiver of our right to enforce it later.

18.4 Assignment

You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of our assets.

18.5 Independent Contractor

Nothing in these Terms creates an employment, partnership, agency, or joint-venture relationship.

18.6 Force Majeure

Neither party is liable for delay or failure due to events beyond reasonable control (acts of God, war, government action, internet outages, etc.).

18.7 Notices

Notices to AppPulse: omotereolamide@malonglobaltech.com Notices to you: the email address on your account

Notices are deemed received one (1) business day after sending.

19. Contact

Questions about these Terms? Email omotereolamide@malonglobaltech.com.

End of Terms of Service. Pre-launch task: Have reviewed by US attorney + Nigerian attorney.