Terms of Service

Effective: February 6, 2026 · Last updated: February 6, 2026

      Plain-language summary: Use our feeds to power your products. Don't resell our feeds as your own service. Don't abuse the infrastructure. That's it.
    

1. Definitions

"DiffDelta" — the changefeed protocol, data feeds, client libraries, specifications, and related documentation operated at diffdelta.io.
"Service" — the DiffDelta API endpoints, including all URLs under /diff/, /archive/, /.well-known/, and /schema/.
"Feed Data" — the JSON content returned by the Service, including normalized items, cursor chains, risk scores, summaries, and metadata produced by DiffDelta's engine.
"Upstream Data" — the raw information from third-party sources (e.g., CISA, NVD, GitHub, AWS) that DiffDelta monitors. DiffDelta does not claim ownership of Upstream Data.
"User" — any person, bot, agent, or system that accesses the Service.
"Competing Service" — any product or service whose primary purpose is to provide normalized changefeed data, structured diffs, or change-monitoring feeds to third parties in a manner substantially similar to DiffDelta.

2. Acceptance

By accessing or using the Service, you agree to these Terms. If you access the Service on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.

3. What you CAN do (Permitted Use)

      DiffDelta is designed to be consumed freely. These uses are explicitly permitted and encouraged.
    

Consume feeds in your products — Use Feed Data to power internal tools, dashboards, bots, agents, alerting systems, or any application you build.
Use feeds in commercial products — You may integrate DiffDelta as a data source within commercial software, SaaS platforms, or paid services, provided you are not reselling the Feed Data itself as the primary offering.
Cache locally — Cache Feed Data on your infrastructure for performance, resilience, or offline access.
Build integrations — Create plugins, connectors, or middleware that consumes DiffDelta feeds (e.g., LangChain tools, Slack bots, CI/CD actions).
Share individual items — Share or republish individual feed items (e.g., a specific CVE alert) with attribution to DiffDelta.
Fork the client libraries — The client libraries and spec documentation are MIT-licensed. Fork, modify, and redistribute them freely under MIT terms.
Use for research and education — Academic, research, and educational use is unrestricted.

4. What you CANNOT do (Prohibited Use)

      These restrictions protect DiffDelta's ability to continue operating as a free service. Violations may result in immediate termination of access.
    

No reselling Feed Data. You may not resell, sublicense, or redistribute Feed Data — in whole or in substantial part — as a standalone product or data feed. Wrapping DiffDelta's output in your own API and charging for access is prohibited.
No rebranding. You may not present Feed Data as originating from your own monitoring infrastructure. If you display or redistribute Feed Data, you must include reasonable attribution to DiffDelta (see Section 5).
No building a Competing Service. You may not use Feed Data to build, train, or operate a Competing Service. Using DiffDelta's normalized output as the foundation for a rival changefeed product is prohibited.
No bulk mirroring for redistribution. You may not systematically mirror the entire Feed catalog (all sources, all archives) for the purpose of redistributing it to third parties. Local caching for your own consumption is fine.
No abusive polling. You may not intentionally overload the Service. This includes polling faster than the ttl_sec value for a source, ignoring head.json and repeatedly fetching full feeds, or sending automated requests at a rate designed to degrade service for other Users.
No circumventing access controls. If DiffDelta introduces API keys, rate limits, or tier restrictions in the future, you may not bypass, spoof, or circumvent those controls.
No using feeds for attacks. You may not use Feed Data to facilitate cyberattacks, exploit vulnerabilities disclosed in the feeds, or cause harm to the upstream sources DiffDelta monitors.

5. Attribution

When attribution is required

If you publicly display, republish, or redistribute Feed Data (beyond using it internally within your own product), you must include a reasonable attribution such as:

"Data via DiffDelta" — or —
"Powered by DiffDelta (diffdelta.io)"

When attribution is NOT required

You do not need to attribute DiffDelta when:

Using Feed Data internally (dashboards, alerts, bots that don't republish)
Processing Feed Data and acting on it without displaying the raw feed content
Using the client libraries (MIT-licensed, no attribution required)

6. Fair Use & Rate Limits

DiffDelta is served as static files from a global CDN. To keep it fast and free for everyone:

Respect ttl_sec. Each source declares a recommended polling interval. Do not poll more frequently than this value.
Use the two-step pattern. Always check head.json before fetching latest.json. The head pointer is ~400 bytes; the full feed can be 50KB+.
Use If-None-Match (ETag) headers. This allows the CDN to return 304 Not Modified when nothing has changed, saving bandwidth for everyone.
No more than 1 request per second per source for the Free tier without an API key.

DiffDelta reserves the right to throttle or block access from Users who consistently violate these guidelines.

7. Service Tiers

Free Tier (current)

All sources, unlimited polling (within fair use), full feed access, no API key required. No SLA. Best-effort availability.

Pro Tier ($29/month)

Includes 1,000 requests/minute, webhook push delivery, usage analytics, API key management, key rotation, and priority support. Requires a valid X-DiffDelta-Key header. Subscription managed via Stripe.

Enterprise Tier (custom pricing)

Includes 5,000+ requests/minute, custom source onboarding, SLA with financial backing, SSO & team key management, and dedicated support. Contact enterprise@diffdelta.io.

Free tier access will not be retroactively restricted for existing Users.

8. Intellectual Property

What DiffDelta owns

DiffDelta owns the proprietary engine, normalization logic, risk-scoring algorithms, cursor computation methods, feed structure, and the curated selection and configuration of sources. The Feed Data — as a compiled, normalized, and value-added dataset — is the intellectual property of DiffDelta.

What DiffDelta does NOT own

DiffDelta does not claim ownership of Upstream Data. The raw content from third-party sources (vulnerability disclosures, release notes, status updates, etc.) belongs to their respective owners. DiffDelta's value is in the normalization, diffing, risk assessment, and delivery — not the underlying facts.

Open-source components

The DiffDelta client libraries, feed specification, and JSON schemas are released under the MIT License. These components are governed by their respective license terms, not these Terms of Service.

9. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. DIFFDELTA DOES NOT WARRANT THAT:

The Service will be uninterrupted or error-free
Feed Data will be accurate, complete, or current
Upstream sources will continue to be available or maintain their current format
Risk scores or summaries will correctly assess the severity or impact of any change

DiffDelta monitors third-party sources on a best-effort basis. Source availability, data freshness, and feed completeness may vary. Do not rely on DiffDelta as your sole source for security-critical decisions without independent verification.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, DIFFDELTA SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, OR BUSINESS OPPORTUNITIES, ARISING FROM YOUR USE OF THE SERVICE.

IN NO EVENT SHALL DIFFDELTA'S TOTAL LIABILITY EXCEED THE AMOUNT YOU HAVE PAID TO DIFFDELTA IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM. FOR FREE TIER USERS, THIS AMOUNT IS ZERO.

11. Termination

DiffDelta may suspend or terminate your access to the Service at any time, with or without cause, and with or without notice. Reasons for termination include, but are not limited to:

Violation of these Terms (particularly Sections 4 and 6)
Abusive behavior that degrades the Service for other Users
Using Feed Data to build a Competing Service

Upon termination, your right to access the Service ceases immediately. Cached Feed Data already in your possession is not affected, but you may not continue to access the live Service.

12. Changes to These Terms

DiffDelta may update these Terms from time to time. Material changes will be announced at least 30 days in advance via:

An update to this page (with a new "Last updated" date)
A notice in the _discovery block of the global feed (latest.json)

Continued use of the Service after the effective date of a change constitutes acceptance of the updated Terms.

13. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the United States. Any disputes shall be resolved in the courts of competent jurisdiction.

14. Contact

Questions about these Terms? Contact us at legal@diffdelta.io.

Note: These Terms apply to the DiffDelta data feeds and API endpoints. The client libraries, feed specification, and schema files are separately governed by the MIT License.