📜 Terms of Service

Last Updated: 2025-12-11

1. Purpose

BigHole is an ethical security notification service designed to help developers protect their credentials by alerting them when API keys, tokens, or secrets are accidentally exposed in public GitHub repositories.

2. What We Do

• Scan Public Repositories: We search publicly accessible code on GitHub for patterns that match known API key formats.
• Verify Liveness: We make minimal, read-only API calls to determine if a detected key is active. We never perform destructive operations.
• Notify Owners: We privately and politely notify repository owners so they can rotate their credentials.

3. What We DON'T Do

• ❌ Store raw API keys or secrets (we only store hashed fingerprints for deduplication)
• ❌ Use discovered keys for any purpose other than verification
• ❌ Share, sell, or disclose key information to third parties
• ❌ Access private repositories or non-public code
• ❌ Perform any destructive or write operations with discovered keys
• ❌ Contact anyone other than the repository owner

4. User Obligations

If you use BigHole's API or services, you agree to:

• Use the service only for legitimate security purposes
• Not attempt to extract, store, or misuse any discovered credentials
• Report any vulnerabilities through our responsible disclosure process
• Respect rate limits and not abuse the service

5. Opt-Out Rights

Repository owners may opt-out of scanning and notifications at any time by:

• Using our opt-out form
• Adding a .supascan-ignore file to their repository
• Contacting us directly

6. Disclaimer

BigHole is provided "as-is" without warranty. While we strive for accuracy, we cannot guarantee:

• Detection of all exposed secrets
• Zero false positives
• Timely notification delivery

7. Limitation of Liability

BigHole and its operators shall not be liable for any damages arising from:

• Use or inability to use the service
• Undetected credential exposures
• False positive notifications

8. Changes to Terms

We may update these terms at any time. Continued use constitutes acceptance of updated terms.

9. Contact

For questions about these terms, please open an issue on our GitHub repository.

← Back to Home