Kosuke

Terms and Conditions

These Terms and Conditions ("Terms") govern access to and use of kosuke.ai, app.kosuke.ai, preview environments, sandboxes, APIs, and related services operated by Kosuke, Inc. ("Kosuke", "we", "our", or "us").

Kosuke is a B2B AI coding platform. Organizations connect GitHub repositories, collaborate through chat, and use AI-assisted workflows to generate, review, and ship code changes.

1. Company Information

Kosuke, Inc.
1111B S Governors Ave # 54640, Dover, DE 19904
support@kosuke.ai

2. Acceptance and Authority

  • You must be at least 18 years old and legally able to enter into these Terms.
  • If you use Kosuke on behalf of an organization, you represent that you are authorized to do so and that the organization is bound by these Terms.
  • You are responsible for activity that occurs through your account and workspace.

3. Separate Agreements

If your organization has entered into a separate master services agreement, order form, enterprise agreement, or other written commercial agreement with Kosuke, that agreement will control to the extent of any conflict with these Terms.

Penetration Testing and Security Scanning

Kosuke offers self-serve security testing ("Security Testing"): you submit a target (a domain, host, or web application) and authorize Kosuke to perform automated and, where applicable, manual security testing against it. These clauses govern that service. They apply in addition to the Acceptable Use terms in Section 9.

Authorization and Ownership Warranty

Security Testing is only lawful when the owner of the target authorizes it. By submitting a target and accepting these Terms through the request form, you represent, warrant, and agree, for each target you submit, that:

  • you are the owner of the target, or you have current, express, written authorization from the owner to have it tested, and you can produce evidence of that authorization on request;
  • you have the authority to grant the authorization in this Section, including on behalf of any organization you act for;
  • you instruct and authorize Kosuke, and its personnel and automated systems, to access, probe, and test the target and its in-scope assets for security weaknesses; and
  • this authorization is your "authorization" and "exceeds-authorized-access" consent for the purposes of the U.S. Computer Fraud and Abuse Act, the U.K. Computer Misuse Act 1990, EU Directive 2013/40/EU and NIS2, and equivalent computer-misuse laws, to the extent your authorization can provide it.

This authorization is the legal basis for the testing. Kosuke does not independently verify legal title to a target and relies on your representations above. You remain solely responsible for the accuracy of those representations.

Email Verification and Authorization Record

Before any active testing begins, you must confirm control of the email address you provide by clicking the verification link we send to it. We record each request, including the verified email address, the submitted target, the version of these Terms accepted, and the date, time, and originating IP address, as an authorization and audit record. You consent to this record being created and retained for security, fraud-prevention, abuse-handling, legal-compliance, and dispute-resolution purposes.

Scope and Safeguards

Kosuke tests only the targets you submit and authorize, and does not knowingly test assets outside that scope. In performing Security Testing, Kosuke will use commercially reasonable efforts to rate-limit its traffic, decline destructive techniques (such as mass account creation, execution of live payment flows, and deletion or exfiltration of production data), use synthetic data in proofs of concept where practical, and pause or stop testing on detected material production impact. Security Testing is provided on an "as is" basis under Section 15 and is not a guarantee that all vulnerabilities will be found or that no disruption will occur.

The Report, Fees, and Refunds

The security test itself, and a summary of the findings by severity (the counts of critical, high, and medium issues identified), are provided free of charge. The full report, including vulnerability details, locations, proofs of concept, and remediation guidance, is an optional, paid deliverable. We will tell you the price of the full report before you are charged, and no payment is due unless you choose to unlock it. If we find no qualifying issues, no fee is owed.

Fees for the full report are quoted per engagement and are payable before the report is released, unless otherwise agreed in writing. The full report is digital content delivered immediately upon payment. To the maximum extent permitted by law, and except where a non-waivable statutory right applies, fees are non-refundable once the report has been delivered. Where you are a consumer and a statutory right of withdrawal would otherwise apply, by requesting immediate delivery of the report you acknowledge that you lose that right of withdrawal once delivery has begun. Our total liability in connection with Security Testing and any report is subject to the Limitation of Liability in Section 16.

Prohibited Targets and Use

You may not submit, and may not use Security Testing against:

  • any asset you do not own or are not expressly authorized to test;
  • assets of third parties (including shared-hosting neighbors, upstream providers, or unrelated services reachable from the target) outside the scope you are authorized for;
  • government, military, or critical-infrastructure systems, or any target where testing is prohibited by law or by an applicable provider acceptable-use policy; or
  • any target in a manner that violates the acceptable-use policy of a hosting or cloud provider (including AWS, Google Cloud, and Microsoft Azure), which generally permit testing of customer-owned assets subject to provider-specific conditions.

Kosuke may refuse, suspend, throttle, or terminate Security Testing at any time, including where we detect suspicious patterns (for example, many unrelated domains, prohibited targets, or known do-not-test assets), and may suspend first and investigate afterward.

Indemnification

You will defend, indemnify, and hold harmless Kosuke, Inc. and its officers, employees, and agents from and against any claims, liabilities, damages, losses, fines, and expenses (including reasonable legal fees) arising out of or related to: (a) any target you submitted that you did not own or were not authorized to test; (b) any breach of the warranties or restrictions in this Section; or (c) your inaccurate or fraudulent representations about ownership or authorization. This indemnity is in addition to, and not limited by, any other indemnity in these Terms, and survives termination.

Data Protection

Where Security Testing involves personal data subject to the EU GDPR, UK GDPR, or Swiss FADP, that processing is governed by our Data Processing Agreement, available at /legal/dpa, which is incorporated by reference into these Terms and binds on your acceptance of these Terms without a separate signature. For self-serve Security Testing, Kosuke acts as your processor and accesses personal data only to the minimum necessary to validate and document findings. Any open-source intelligence, breach-exposure, or similar add-on services that collect personal data about third parties from external sources are offered separately and are not covered by that processor relationship.

Relationship to a separate agreement

Self-serve Security Testing requested through the form is governed by these Terms. Where Kosuke and a customer enter into a separate written agreement for a scoped or paid engagement, together with any applicable Data Processing Agreement (available at /legal/dpa), that agreement controls to the extent of any conflict on matters relating to penetration testing services for that engagement.

4. The Service

Kosuke may provide features such as:

  • authentication, user management, and organization or workspace administration;
  • GitHub repository connection and related project workflows;
  • AI-assisted chat, code generation, code modification, and related product features;
  • sandbox and preview environments used to analyze, test, or prepare changes; and
  • storage of chat history, attachments, generated output, project configuration, and operational records required to run the platform.

Some features may change, be limited, or be removed over time.

5. Accounts and Workspaces

You are responsible for:

  • maintaining the confidentiality of your login credentials;
  • keeping account information accurate and up to date;
  • managing workspace membership and permissions appropriately; and
  • ensuring that only authorized users connect repositories, submit prompts, upload files, or trigger code-related workflows.

We may suspend or restrict access if we reasonably believe an account or workspace is being used in violation of these Terms, applicable law, or our security requirements.

6. Repository Connection and Customer Content

  • You retain your rights in your repositories, prompts, attachments, project configuration, and other content you submit to Kosuke.
  • You grant us the limited rights needed to host, copy, transmit, display, process, analyze, and modify that content solely to operate, secure, and improve the service for you.
  • You authorize Kosuke to access connected repositories and process repository content as needed to provide the service.
  • You are responsible for ensuring that you have the rights to connect the repositories, credentials, code, and data you submit to Kosuke.

7. AI Features and Output

  • Kosuke may process prompts, repository context, attachments, and other inputs with third-party AI providers selected by Kosuke or by your organization configuration.
  • Kosuke does not use customer workspace content to train its own general-purpose AI models.
  • Third-party AI providers may process submitted content under their own terms and technical controls. Provider-specific retention periods, model-training restrictions, and available opt-out settings can vary by provider and by configuration.
  • AI-generated output can be incomplete, incorrect, or unsuitable for production. You are responsible for reviewing, testing, and approving output before merge, deployment, or other use.
  • You remain responsible for the code, content, and instructions submitted by your users, and for the consequences of using generated output.
  • If your organization configures its own Anthropic or AWS Bedrock credentials, you are responsible for maintaining those credentials, permissions, usage limits, provider terms, and provider-side data-use settings.

8. Customer Responsibilities

You agree to:

  • keep authentication credentials, GitHub access, and workspace administration under appropriate control;
  • review generated code, pull requests, preview behavior, migrations, and deployment changes before relying on them;
  • use the service in compliance with applicable laws, contracts, privacy requirements, export controls, and third-party license terms; and
  • maintain your own internal review, testing, backup, and change-management procedures where appropriate for your organization.

9. Acceptable Use

You may not use Kosuke to:

  • violate the law, infringe intellectual property rights, or breach confidentiality obligations;
  • upload, generate, or distribute malware or destructive code;
  • attempt to gain unauthorized access to our systems, other customers' workspaces, or third-party systems;
  • bypass product limits, security controls, or usage restrictions; or
  • use the service in a way that materially interferes with platform stability, availability, or security.

10. Third-Party Services

Kosuke relies on third-party providers and integrations to operate the service. Information about our use of service providers, data handling practices, and cookie-based technologies is described in our Privacy Policy and Cookies Policy.

11. Suspension and Termination

  • You may stop using Kosuke at any time.
  • We may suspend or terminate access if you breach these Terms, create legal or security risk, misuse the platform, fail to pay applicable fees under any separate commercial arrangement, or if we are required to do so by law.
  • We may also remove or disable specific repositories, workspaces, or integrations where necessary to protect the service or third parties.

12. Data After Termination or Deletion

If your account or workspace is deleted, or if the customer relationship ends, customer access to the service ends unless otherwise agreed in writing.

In general:

  • source repositories remain in customer-controlled GitHub accounts or other external systems;
  • branches, pull requests, commits, or other artifacts already created in customer-controlled repositories remain there until the customer removes them;
  • chat history, attachments, generated output, project metadata, and other data stored in Kosuke production systems are deleted or deactivated under our normal retention and cleanup processes, subject to any required retention; and
  • temporary preview, sandbox, and related infrastructure resources are removed under our normal cleanup processes.

Limited copies may remain in backups, audit trails, and security logs for a limited period where needed for resilience, fraud prevention, legal compliance, or dispute resolution.

Customers should export or retain any data they need before requesting workspace deletion or termination. Export and retrieval options may vary by data type and workflow.

13. Availability and Beta Features

Kosuke includes preview, sandbox, and AI-assisted workflows that can fail, change output, or become temporarily unavailable. We do not guarantee uninterrupted availability, successful builds, or production-ready output.

14. Intellectual Property

  • We retain all rights in the Kosuke service, software, design, documentation, trademarks, and other materials we provide, excluding your content and third-party materials.
  • Open-source software and third-party code remain subject to their own license terms.
  • Nothing in these Terms transfers ownership of the Kosuke platform or any third-party service to you.

15. Disclaimers

To the maximum extent permitted by law, Kosuke is provided on an "as is" and "as available" basis. We disclaim implied warranties of merchantability, fitness for a particular purpose, non-infringement, and uninterrupted or error-free operation.

16. Limitation of Liability

To the maximum extent permitted by law, Kosuke, Inc. will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for loss of profits, revenue, goodwill, data, or business opportunity.

Our aggregate liability arising out of or relating to the service will not exceed the greater of the amounts paid by you to us for the service in the 12 months before the claim arose or USD 100.

17. Governing Law

These Terms are governed by the laws of the State of Delaware, without regard to conflict-of-law rules. Any dispute arising from these Terms or the service will be resolved in the state or federal courts located in Delaware, except where applicable law requires otherwise.

18. Changes to These Terms

We may update these Terms from time to time. If we make material changes, we may notify users through the service, by email, or by updating the date associated with these Terms.

19. Contact

Questions about these Terms can be sent to support@kosuke.ai. You can also review our Privacy Policy and Cookies Policy.