Terms of Service

Halden provides a desktop app and web account service that finds exposed API keys in local projects and fixes env-file mistakes before secrets leak into code, git history, cloud sync, or deployment.

You are responsible for choosing which local folders to scan and for making sure you have the right to inspect and modify those projects.

Some features require a Halden account. You are responsible for keeping your account and OAuth provider access secure.

You may not use Halden to abuse the service, bypass license limits, interfere with the service, or access another person's account or data.

Starter access includes one local project for the signed-in account.

Halden Lifetime is a $49 one-time license that unlocks additional local projects for the same account.

Project limits are enforced in the desktop interface and in the desktop command boundary. Updating an already-added project does not count as adding a new project.

Halden uses Stripe for checkout and payment processing. Prices are shown before checkout.

Unless a different refund policy is shown at checkout or required by law, paid licenses are intended as one-time digital software purchases.

If a duplicate purchase, failed license activation, refund, chargeback, or payment dispute occurs, Halden may update the license status associated with the account.

Halden can apply local file fixes such as moving detected values into env files, editing gitignore files, and creating missing env templates.

You are responsible for reviewing suggested fixes, keeping backups where appropriate, and confirming that your project still works after changes.

If a key, token, credential, or env file may already have been exposed, moving the value locally is not enough. You should rotate the affected key with the provider and review git history or other published copies.

Halden is a security helper, not a guarantee that a project is safe.

Halden may miss secrets, classify values incorrectly, or fail to identify all places where a secret was exposed.

You remain responsible for your own security review, provider key rotation, deployment configuration, repository history, and compliance obligations.

Do not use Halden to scan projects you are not authorized to inspect.

Do not attempt to reverse engineer, disrupt, overload, or bypass Halden's account, licensing, checkout, or authentication systems except where allowed by applicable law.

Do not submit secrets, passwords, API keys, or confidential source code through support channels unless Halden explicitly provides a secure process for that purpose.

Halden may change, suspend, or discontinue parts of the desktop app, web account service, licensing system, pricing, or provider integrations.

If a change materially affects paid access, Halden will make reasonable efforts to avoid unnecessary disruption to active Lifetime users.

Halden relies on third-party services such as Supabase for authentication and account data, and Stripe for payments.

Your use of OAuth providers, payment services, package managers, API providers, repositories, and cloud platforms may also be governed by their own terms.

Halden is provided as is and as available to the fullest extent allowed by law.

Halden does not promise that the app will detect every issue, prevent every leak, work with every framework, run without interruption, or meet every security, legal, or compliance requirement.

To the fullest extent allowed by law, Halden will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, including lost profits, lost data, leaked secrets, service interruption, or provider charges.

Some jurisdictions do not allow certain limitations, so parts of this section may not apply to you.

Halden's handling of account, license, payment-reference, and local project data is described in the Privacy Policy.

Do not use Halden if you do not agree with the Privacy Policy and these Terms.

For account, purchase, license, or legal requests, contact Halden at hello@gethalden.com.