Rose Terms of Service

1.1 Rose Functionality

Rose is an AI-Agent that analyzes OpenTelemetry instrumentation in source code and provides automated suggestions in pull requests and dashboards. Rose is able to automatically apply and fix detected suggestions. The Service operates by:

• Analyzing code in designated repositories
• Creating branches for suggested modifications
• Opening pull requests containing code review suggestions
• Adding comments to existing pull requests
• Creating issues for tracking insights and recommendations

1.2 Scope of Repository Access

The Service is authorized solely to:

• Create branches in designated repositories
• Open pull requests containing suggested code modifications
• Add comments to existing pull requests
• Create issues for tracking insights
• Read repository metadata and content necessary for code analysis

The Service SHALL NOT:

• Directly commit to protected branches
• Merge pull requests without explicit human authorization
• Delete branches, files, or repositories
• Modify repository settings or access controls
• Access repositories beyond those explicitly authorized by Customer
• Access secrets, environment variables, or credentials stored in repositories

1.3 Required Permissions

The Service requires the following GitHub/GitLab permissions:

• Read access to actions, checks, discussions, members, and metadata
• Read and write access to code, commit statuses, issues, and pull requests

Permissions NOT Requested: Repository deletion, settings modification, collaborator management, access to secrets or environment variables, workflow modification.

1.4 Human Review Requirement

All code modifications generated by the Service require human review and approval before integration.

Customer acknowledges and agrees that:

• The Service cannot and will not merge code without human intervention
• Customer maintains sole responsibility for reviewing, testing, and approving all suggested changes
• Customer's designated personnel must affirmatively approve and merge all pull requests created by the Service
• If Customer enables automated merge functionality in their repository settings, Customer accepts full responsibility for any code merged through such automation
• OllyGarden bears no responsibility for code changes merged without adequate human review

2.1 Account Creation

To use the Service, you must:

• Provide accurate and complete registration information
• Maintain the security of your account credentials
• Promptly notify OllyGarden of any unauthorized use of your account
• Be at least 18 years old or the age of majority in your jurisdiction
• Have the authority to bind your organization to this Agreement

2.2 Account Responsibility

You are responsible for all activity occurring under your account, including actions taken by authorized users, contractors, or agents accessing the Service through your account.

2.3 Repository Authorization

You represent and warrant that you have the legal right and authority to authorize the Service to access, analyze, and create branches and pull requests in all repositories you designate for use with the Service.

3.1 Customer Code Ownership

Customer retains all ownership of and responsibility for Customer's source code, repositories, and all content provided to the Service ("Customer Code").

3.2 AI Output Ownership

OllyGarden assigns to Customer all right, title, and interest (if any) in AI-generated suggestions, code fixes, review comments, and related outputs created by the Service and incorporated into Customer's repositories ("AI Output").

Customer acknowledges and agrees that:

• Similar Outputs: Due to the nature of machine learning and AI technology, the Service may generate similar or identical AI Output for different customers providing similar code or requesting similar analyses. This ownership assignment does not apply to AI Output generated for other customers.
• Copyright Eligibility: AI Output may not be eligible for copyright protection under applicable law, depending on the level of human creativity involved in its creation and the jurisdiction's copyright standards.
• Open Source Licensing: AI Output may be similar to, derived from, or contain elements of publicly available open-source code. Customer is responsible for ensuring compliance with applicable open-source licenses.

3.3 OllyGarden IP

OllyGarden retains all rights, title, and interest in and to:

• The Service, including all software, algorithms, machine learning models, and documentation
• OllyGarden's trademarks, service marks, logos, and brand features
• Aggregated, anonymized data derived from Customer's use of the Service that does not identify Customer or Customer Code
• All improvements, modifications, and derivative works of the above

3.4 Feedback

If you provide OllyGarden with any suggestions, comments, or other feedback regarding the Service ("Feedback"), OllyGarden may use such Feedback without restriction or obligation to you.

4.1 AI Technology Acknowledgment

The Service uses artificial intelligence and machine learning that generates probabilistic outputs based on patterns in training data.

Customer acknowledges and agrees that:

• Errors and Defects: AI-generated code suggestions, analysis results, and recommendations may contain errors, bugs, security vulnerabilities, performance issues, or other defects.
• False Positives and False Negatives: Analysis results may incorrectly identify issues that do not exist (false positives) or fail to identify issues that do exist (false negatives).
• Best Practices: Suggestions may not reflect current industry best practices, security standards, or the specific requirements of Customer's environment.
• Variability: Outputs may vary over time due to model updates, improvements, or changes in underlying AI technology.
• Human Review Essential: Human review, testing, and validation are essential before deploying any AI-generated code or implementing any AI-generated recommendations in production environments.
• Experimental Nature: AI technology is rapidly evolving and may produce unexpected, incomplete, or incorrect outputs.
• No Security Guarantee: The Service does not guarantee detection of all security vulnerabilities, and AI-generated code may introduce new vulnerabilities.
• Safety-Critical Systems: The Service is not designed for or suitable for use in safety-critical systems without extensive additional human oversight, testing, and validation.

4.2 No Warranty

The Service and all AI Output are provided "as is" and "as available" without warranties of any kind, whether express, implied, statutory, or otherwise.

OllyGarden specifically disclaims all warranties, including but not limited to:

• Merchantability: Warranties that the Service is merchantable or suitable for any particular purpose
• Fitness for Purpose: Warranties that the Service will meet Customer's specific requirements
• Non-Infringement: Warranties that AI Output will not infringe third-party intellectual property rights (subject to indemnification provisions in Section 9)
• Accuracy: Warranties regarding the accuracy, completeness, or reliability of analysis results or suggestions
• Security: Warranties that suggestions will be free from security vulnerabilities or defects
• Uninterrupted Service: Warranties that the Service will be uninterrupted, timely, secure, or error-free
• Data Accuracy: Warranties regarding the accuracy or reliability of information obtained through the Service

Customer's use of AI Output is at Customer's sole risk and discretion.

5.1 Customer Obligations

Customer shall:

• Use the Service in compliance with all applicable laws and regulations
• Implement reasonable security measures for account access
• Review and test all AI-generated code before production deployment
• Ensure all individuals accessing the Service through Customer's account comply with this Agreement
• Maintain current contact information for legal and security notices
• Promptly notify OllyGarden of any suspected security incidents or unauthorized access

5.2 Acceptable Use Policy

Customer shall not:

• Illegal Activity: Use the Service for any unlawful purpose or in violation of any applicable laws or regulations
• Unauthorized Access: Access or attempt to access repositories, systems, or data Customer is not authorized to access
• Malicious Code: Intentionally use the Service to generate, analyze, or distribute malware, ransomware, viruses, or other malicious code intended to cause harm
• Fraud and Deception: Use the Service for impersonation, phishing, fraud, or other deceptive practices
• Service Integrity: Interfere with or disrupt the integrity or performance of the Service
• Reverse Engineering: Reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code or underlying algorithms of the Service (except to the extent expressly permitted by applicable law)
• Competitive Use: Use the Service to build, train, or improve a competitive product or service
• Excessive Use: Use the Service in a manner that imposes an unreasonable or disproportionately large load on OllyGarden's infrastructure
• AI Manipulation: Attempt to manipulate the Service to generate content that violates this Agreement or applicable law, including through prompt injection or adversarial inputs

5.3 Enforcement

OllyGarden reserves the right to investigate and take appropriate action against violations of this Agreement, including suspending or terminating access to the Service, removing content, and reporting violations to law enforcement authorities.

6.1 Source Code Confidentiality

Customer Code and repository contents constitute Customer's Confidential Information. OllyGarden shall:

• Use Customer Code solely to provide the Service
• Not disclose Customer Code to third parties except as necessary for Service delivery or as required by law
• Implement industry-standard administrative, physical, and technical security measures to protect Customer Code
• Limit access to Customer Code to personnel with a legitimate need to access it for Service delivery
• Ensure personnel with access to Customer Code are bound by confidentiality obligations

6.2 Data Processing and Retention

6.3 AI Model Training

OllyGarden shall not use Customer Code to train, develop, or improve general-purpose AI models.

This prohibition includes:

• Using Customer Code as training data for machine learning models
• Fine-tuning publicly available models using Customer Code
• Sharing Customer Code with third parties for model training purposes

Exception: Customer-specific fine-tuning or personalization, if explicitly requested by Customer in writing, shall not breach this obligation.

6.4 Third-Party AI Providers

The Service uses third-party AI providers for natural language processing and code analysis. OllyGarden maintains agreements with these providers that prohibit retention and use of Customer Code for model training, and require deletion of Customer Code immediately after processing.

Current Third-Party AI Providers: OpenAI (with zero-retention agreement), Anthropic (with zero-retention agreement), and Google.

6.5 Data Security Measures

OllyGarden implements and maintains:

• AES-256 encryption for data at rest; TLS 1.3 (or TLS 1.2 minimum) for data in transit
• Role-based access controls limiting personnel access to Customer repositories
• Multi-factor authentication for administrative access to production systems
• Security monitoring and logging of system access and activities
• Regular security assessments, penetration testing, and vulnerability scanning
• Documented incident response procedures and security incident management

6.6 Security Incident Notification

In the event of a security incident affecting Customer Code or Customer's account, OllyGarden shall notify Customer within seventy-two (72) hours of discovery, including the nature and scope of the incident, categories of data potentially affected, measures taken to contain and remediate the incident, and recommended actions for Customer.

6.7 Data Deletion

Upon termination of this Agreement or upon Customer's written request, OllyGarden shall cease accessing Customer's repositories and delete or anonymize Customer metadata within thirty (30) days. OllyGarden may retain information as required by law or as necessary for legitimate business purposes (e.g., billing records, audit logs for security investigations).

6.8 Data Protection Addendum

For Customers subject to the EU General Data Protection Regulation (GDPR), UK GDPR, or similar data protection laws, the Data Processing Addendum is available upon request.

6.9 International Data Transfers

Customer data may be processed in the United States and other jurisdictions where OllyGarden or its subprocessors operate. For transfers from the EEA, United Kingdom, or Switzerland, OllyGarden relies on the EU-U.S. Data Privacy Framework, Standard Contractual Clauses approved by the European Commission, and other lawful transfer mechanisms as detailed in the Data Processing Addendum.

6.10 Privacy Policy

OllyGarden's collection and use of personal information is described in our Privacy Policy. The Privacy Policy is incorporated into this Agreement by reference.

7.1 Subscription Fees

Customer shall pay the subscription fees specified in the applicable order form or pricing page ("Fees"). Fees are based on:

• Number of repositories
• Number of pull requests analyzed
• Usage tier or plan selected
• Additional features or services purchased

7.2 Payment Terms

• Fees are due in advance on a monthly or annual basis as specified
• Payment must be made via credit card or other payment method accepted by OllyGarden
• All Fees are non-refundable except as expressly provided in this Agreement
• OllyGarden may suspend access for non-payment after providing ten (10) days' written notice

7.3 Taxes

Fees do not include any taxes, levies, duties, or similar governmental assessments ("Taxes"). Customer is responsible for all Taxes except those based on OllyGarden's net income.

7.4 Fee Changes

OllyGarden may change Fees upon thirty (30) days' written notice. Fee changes apply to subsequent subscription renewal periods. If you object to a Fee increase, you may terminate this Agreement before the renewal date.

7.5 Free Trials

OllyGarden may offer free trials or promotional periods. During such periods, the Service is provided "AS IS" with no warranties or support commitments. OllyGarden may terminate free trials at any time.

8.1 General Liability Cap

Except for excluded claims, neither party's total aggregate liability arising out of or related to this Agreement shall exceed the amounts paid by Customer to OllyGarden in the twelve (12) months preceding the event giving rise to the claim.

For Customers on free plans or trials where no fees have been paid, the liability cap is one hundred dollars ($100.00).

8.2 Excluded Claims

The following are excluded from the general liability cap:

• Indemnification obligations under Section 9
• Either party's gross negligence, willful misconduct, or intentional breach
• OllyGarden's breach of confidentiality or data security obligations under Section 6, capped at three times (3x) the amounts paid in the preceding twelve months
• OllyGarden's infringement of Customer's intellectual property rights
• Claims for death or bodily injury caused by either party's negligence

8.3 Consequential Damages Exclusion

In no event shall either party be liable for any special, incidental, consequential, exemplary, punitive, or indirect damages, including but not limited to:

• Loss of profits, revenue, or business opportunities
• Loss of data or cost of procurement of substitute goods or services
• Loss of goodwill or reputation
• Business interruption
• False positive or false negative code analysis results
• Bugs, vulnerabilities, or defects in AI-generated code suggestions
• Damage or loss arising from Customer's deployment of AI Output without adequate testing or human review

8.4 Liability Acknowledgments

Customer specifically acknowledges and agrees that OllyGarden shall not be liable for:

• Code changes Customer chooses to merge without adequate review or testing
• Security vulnerabilities in AI-generated code suggestions
• False positives or false negatives in code analysis
• Compatibility issues or performance degradation from implementing AI-generated suggestions
• Damages resulting from Customer's failure to implement recommended security measures
• Actions or omissions of third-party AI providers, repository hosting platforms, or other third-party services

8.5 Essential Purpose

Customer acknowledges that the limitations of liability in this Section 8 are an essential element of the basis of the bargain between the parties and reflect a reasonable allocation of risk.

9.1 OllyGarden Indemnification

OllyGarden shall defend Customer against any third-party claim alleging that the Service, as provided and used in accordance with this Agreement, infringes or misappropriates such third party's intellectual property rights ("IP Claim"), and shall indemnify Customer for any damages finally awarded or agreed to in a settlement approved by OllyGarden.

OllyGarden's indemnification obligation is conditioned on Customer providing prompt written notice, reasonable cooperation, and granting OllyGarden sole control of the defense and settlement.

OllyGarden has no indemnification obligation for IP Claims arising from Customer's modification of AI Output, combination with third-party software not provided by OllyGarden, use in violation of this Agreement, or use after OllyGarden notified Customer to discontinue use.

9.2 Customer Indemnification

Customer shall defend OllyGarden against any third-party claim arising from Customer's use of the Service in violation of this Agreement or applicable law, Customer's modification of AI Output, Customer Data, Customer's failure to comply with export control or sanctions laws, and claims by Customer's users related to their use of the Service through Customer's account.

9.3 Indemnification Cap

OllyGarden's total liability under Section 9.1 for all IP Claims shall be capped at three times (3x) the amounts paid by Customer to OllyGarden in the twelve (12) months preceding the first IP Claim.

9.4 Exclusive Remedy

This Section 9 states the parties' sole and exclusive remedy and liability for intellectual property infringement claims.

10.1 Agreement Term

This Agreement begins on the Effective Date and continues until terminated in accordance with this Section 10.

10.2 Subscription Term

Subscriptions are for the initial term specified in the order form and automatically renew for successive periods of the same duration unless either party provides written notice of non-renewal at least thirty (30) days before the end of the then-current term.

10.3 Termination for Convenience

Either party may terminate this Agreement:

• By Customer: At any time by discontinuing use of the Service and providing written notice. Termination is effective at the end of the then-current paid subscription term. No refunds will be provided for early termination.
• By OllyGarden: With thirty (30) days' written notice. OllyGarden will provide a pro-rata refund for prepaid Fees covering the period after termination.

10.4 Termination for Breach

Either party may terminate this Agreement immediately upon written notice if the other party materially breaches this Agreement and fails to cure within thirty (30) days of written notice (or ten (10) days for payment breaches).

OllyGarden may suspend access to the Service immediately if Customer violates the Acceptable Use policy, poses a security risk, uses the Service in a manner that could subject OllyGarden to liability, or fails to pay Fees when due.

10.5 Effect of Termination

Upon termination or expiration: Customer's access will be terminated, OllyGarden will cease accessing Customer's repositories, and Customer shall pay any outstanding Fees.

Sections 3, 4, 6.7, 8, 9, 10.5, and 11 shall survive termination.

10.6 No Refunds

Except as expressly provided in this Agreement, all Fees are non-refundable. No refunds will be provided for partial months or years of service, features or capacity not utilized, termination by Customer before the end of the subscription term, or termination by OllyGarden for Customer's breach.

11.1 Governing Law and Jurisdiction

This Agreement shall be governed by the laws of the State of Delaware, United States of America, without regard to its conflicts of law principles.

11.2 Dispute Resolution

Before initiating formal proceedings, the parties shall attempt to resolve disputes through good-faith negotiation for at least thirty (30) days. Any dispute shall be finally resolved by binding arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules, conducted by a single arbitrator in Wilmington, Delaware (or remotely by mutual agreement).

Class Action Waiver: To the maximum extent permitted by law, each party agrees that any arbitration or legal proceeding shall be conducted only on an individual basis and not as a class, consolidated, or representative action.

11.3 Export Compliance

Customer represents and warrants that Customer is not located in any country subject to a U.S. Government embargo, is not listed on any U.S. Government list of prohibited parties, and will comply with all applicable export control, sanctions, and anti-boycott laws and regulations.

11.4 Entire Agreement

This Agreement, together with any order forms, Data Processing Addendum, and Privacy Policy, constitutes the entire agreement between the parties and supersedes all prior or contemporaneous agreements.

11.5 Amendments

OllyGarden may modify this Agreement from time to time by posting an updated version and/or sending notice. Continued use of the Service after the effective date constitutes acceptance. Material adverse changes will be communicated with at least thirty (30) days' advance notice.

11.6 Assignment

Customer may not assign this Agreement without OllyGarden's prior written consent. OllyGarden may assign this Agreement without consent in connection with a merger, acquisition, or sale of all or substantially all of its assets.

11.7 Notices

All notices must be in writing and delivered via email to the address on file (for Customer) or legal@ollygarden.com (for OllyGarden), certified mail, or nationally recognized overnight courier. Notices are effective upon receipt or, if by email, 24 hours after sending.