Terms of Service
Last updated: May 2026
Service Description
CodeGRC provides independent third-party code audit attestation services. Our service includes manual security review of source code, a private audit report, and a verifiable attestation certificate upon successful completion and remediation.
Attestation Scope
A CodeGRC Audit Attestation confirms that the defined scope was reviewed against the stated standard at the time of audit. It does not guarantee the absence of all vulnerabilities, does not constitute a statutory certification, and does not imply ongoing compliance. The attestation is valid for the specific code version (commit/tag) reviewed.
Confidentiality
All source code, findings, and project details shared during an engagement are treated as confidential. We execute mutual NDAs before accessing private repositories. Audit reports are delivered only to the designated client contact.
Certificate Verification
The public certificate verification system displays only: certificate status, issued date, expiry date, and fingerprint. No project names, repository URLs, findings, or client details are exposed through public verification.
Limitation of Liability
CodeGRC's liability is limited to the fees paid for the specific engagement. We do not guarantee that all vulnerabilities will be identified, nor do we accept liability for security incidents occurring after the audit period. Our attestation represents a professional opinion based on manual review at a point in time.
Contact
Questions about these terms: audit@codegrc.com