Terms of Service
Effective date: 2026-07-13 · Version terms-2026-07-13-r2
repod is provided by Data Demon Systems Limited ("Data Demon", "we", "us"), a private limited company registered in England and Wales with company number 16158110. These Terms of Service ("Terms") govern access to and use of repod.
repod is intended for business use only. If you create an account, start checkout, connect a GitHub organisation, or use repod on behalf of an organisation, you represent that you have authority to bind that organisation to these Terms and the Data Processing Addendum ("DPA"), and that you have reviewed the Privacy Policy and Cookie And Storage Notice.
The DPA forms part of these Terms where Data Demon processes personal data on behalf of a customer. If there is a conflict, a signed order form or written agreement controls first, then the DPA for processor data, then these Terms.
1. Service Description
repod helps engineering teams review and manage GitHub repository access. The service syncs GitHub organization metadata and access-control state, presents reports and change previews, supports spreadsheet-based review workflows, and can apply selected GitHub permission changes when authorized by a customer.
repod does not clone repositories or process source code contents in normal operation. The normal sync path is limited to organization, repository, team, member, collaborator, permission, audit, change-plan, and credential-configuration metadata needed to provide the service.
2. Accounts, Roles, And Authority
You are responsible for maintaining accurate account information, protecting login credentials, and assigning appropriate roles to users in your repod account. You are responsible for ensuring that anyone who connects a GitHub organization, submits a GitHub token, invites users, exports data, or applies changes has authority to do so.
3. GitHub Credentials And Permission Modes
repod accesses GitHub APIs through PAT auth or GitHub App beta. For PAT auth, new and rotated tokens must be fine-grained GitHub PATs beginning with github_pat_. For GitHub App beta, you remain responsible for creating the GitHub App, approving the installation, supplying valid app credentials, and revoking or rotating credentials when personnel or security needs change.
Audit/read mode uses read-oriented access to organization settings, repository metadata, members, teams, direct collaborator access, and repo-team permission state. Core sync, reporting, repo-to-team apply, and repository metadata workflows do not require Repository Contents permission or Organization Members write. Write mode is required only when you ask repod to apply repo-team permission changes, repository metadata changes, repository renames, or team-management actions. Optional Team management is an elevated mode because it requires Organization Members write, which GitHub also uses for organization invitations and membership changes. If customer-provided GitHub credentials technically grant broader access than repod requires, you instruct us not to use those credentials for source-code contents unless a separate written feature or support instruction is agreed.
4. Customer Data
You retain your rights in data you submit to or connect with repod. You grant us the limited rights needed to host, process, transmit, display, secure, back up, and support that data for the purpose of providing repod. Customer data may include account data, GitHub organization metadata, GitHub credential configuration, org-history records, audit records, change plans, exports, imports, and support communications.
For customer-connected GitHub organisation metadata and access-control data, the customer is controller and Data Demon acts as processor under the DPA. Data Demon remains controller for its own account, billing, support, website, analytics, security, marketing, and service-operation data.
You must not intentionally submit source code, secrets, special-category data, or unrelated personal data to repod through support messages, import files, account fields, repository metadata, team descriptions, or other service inputs unless we expressly agree in writing.
5. Acceptable Use
You must not use repod to access GitHub organizations without authorization, exfiltrate data, probe or attack systems, bypass security controls, circumvent GitHub or repod rate limits, upload malicious content, infringe rights, or use the service in a way that could materially harm repod, GitHub, other customers, or third parties.
6. Plans, Billing, And Limits
Usage is subject to the plan limits and pricing shown in the application or agreed separately in writing. Some limits may affect visibility, sync scope, exports, imports, automation, or creation of additional resources. Payments, checkout, and subscription management may be handled through Stripe.
Unless shown otherwise at checkout or agreed separately in writing, paid plans are business subscriptions billed annually in advance, renew for successive annual terms until cancelled through Stripe or an agreed account process, and are exclusive of taxes. Cancellation normally takes effect at the end of the then-current paid term. We do not provide automatic refunds or credits for partial subscription periods unless required by law or agreed in writing.
Stripe may collect billing address and tax ID details to support invoices and tax handling. If VAT, reverse-charge, withholding, sales tax, or similar taxes apply and are not collected at checkout, you remain responsible for taxes you are legally required to self-account for. We may update tax collection settings when required by law or accounting review.
7. Security And Vulnerability Reporting
We operate security controls described on the Security page. You are responsible for configuring GitHub permissions appropriately, reviewing changes before applying them, and keeping your users, tokens, GitHub App installations, and GitHub App credentials current. Security issues should be reported through Vulnerability Disclosure.
8. Privacy And Subprocessors
Our handling of personal data is described in the Privacy Policy and DPA. Our public summary of service-provider categories is available on the Subprocessors page.
9. Third-Party Services
repod depends on third-party services including GitHub and billing, hosting, email, analytics, monitoring, and infrastructure providers. Your use of GitHub remains subject to GitHub's own terms and controls. We are not responsible for third-party outages, API changes, approval workflows, rate limits, permissions, or policies outside our control.
You must not use repod in violation of applicable sanctions, export control, anti-abuse, or GitHub API rules.
10. Service Changes And Availability
We may change, suspend, or discontinue features as the service evolves. We aim to operate repod reliably, but we do not promise uninterrupted or error-free availability unless a separate written agreement says otherwise.
11. Confidentiality
Each party may receive non-public information from the other. Each party will use reasonable care to protect confidential information and will use it only for purposes related to the service, except where disclosure is required by law or permitted by these Terms.
12. Intellectual Property
Data Demon and its licensors retain all rights in repod, including software, designs, documentation, templates, and service content. These Terms do not grant you ownership of repod or the right to copy, resell, reverse engineer, or create a competing service from repod except where permitted by law.
13. Suspension And Termination
We may suspend or terminate access if you materially breach these Terms, create security or abuse risk, fail to pay applicable fees, or use the service unlawfully. You may stop using repod at any time. Certain data may remain in backups, logs, or audit records for a limited period as described in the Privacy Policy.
14. Disclaimers
repod is provided "as is" and "as available" to the maximum extent permitted by law. We do not guarantee that repod will find every access issue, prevent every misconfiguration, or replace your own GitHub administration, security review, legal review, or compliance obligations.
15. Liability
Nothing in these Terms excludes or limits liability that cannot lawfully be excluded or limited, including liability for death or personal injury caused by negligence, fraud, fraudulent misrepresentation, or any other liability that cannot be excluded under the laws of England and Wales.
Subject to the previous sentence, Data Demon will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost goodwill, business interruption, loss of anticipated savings, or loss of data. Our aggregate liability under these Terms is limited to the fees paid to us for repod in the 12 months before the event giving rise to the claim, or GBP 100 if no fees were paid.
16. Changes To Terms
We may update these Terms as the service changes. Material changes will be signposted in-app, on the website, or by email where appropriate. Continued use after an update takes effect means you accept the updated Terms.
17. Governing Law
Unless a separate written agreement states otherwise, these Terms are governed by the laws of England and Wales, and the courts of England and Wales will have jurisdiction, subject to any mandatory rights that cannot be excluded.
18. Contact
Questions: support@repod.dev.
Company details: Data Demon Systems Limited, company number 16158110, registered in England and Wales. Contact: support@repod.dev.