Last updated: 2026-07-05

This is a starting draft that reflects how the product works. Have legal counsel review and adapt it before launch.

1. What Credential Autopsy does

Credential Autopsy ("we", "us") is a leaked-credential exposure-monitoring service. We scan public internet sources for credentials, API keys, tokens, and secrets that appear to belong to you, attribute them to your registered domains and identifiers, and alert you so you can rotate them. We are a detection and notification service; we do not access your systems.

2. How we handle found secrets — our core commitments

3. Your account & acceptable use

You must provide accurate registration information and may only register domains, organizations, and identifiers you own or are authorized to monitor. You may not use the service to monitor assets you have no right to, or to attempt to circumvent these terms. You are responsible for activity under your account and for keeping your credentials secure.

4. Subscriptions & billing

Paid plans are billed monthly in advance via our payment processor (Stripe). Plans renew automatically until cancelled. Fees are non-refundable except where required by law. We may change pricing with reasonable notice; changes apply at your next renewal.

5. Service & disclaimers

We work to surface exposures broadly and accurately, but no monitoring service can guarantee completeness. Absence of a finding is evidence of monitoring across the sources we cover, not a guarantee that no exposure exists anywhere. The service is provided "as is" without warranties of any kind. To the maximum extent permitted by law, our liability is limited to the fees you paid in the prior twelve months.

6. Termination

You may cancel at any time. We may suspend or terminate accounts that violate these terms. On termination we stop monitoring and delete or de-identify your account data on a reasonable schedule.

7. Contact

Questions about these terms: legal@sochq.io. Credential Autopsy is a product of SOCHQ.