Skip to content

Service terms

Practical terms for Microfirm account access, billing, firmware uploads, scanner output, and acceptable use.

Service scope

Microfirm is a firmware vulnerability scanner for authorized firmware review. The service provides secure upload, scan, findings, export, webhook, billing, and audit workflows.

These service terms apply unless a separately signed agreement with TKOResearch says otherwise.

Authorized use

Upload only firmware, binaries, and related metadata that you own or are authorized to assess. Do not use Microfirm to analyze stolen material, evade access controls, distribute malware, or attack systems you do not control.

Billing

Starter subscriptions are billed through Stripe at the published monthly price unless a written agreement says otherwise. Billing is attached to the team workspace, and scan, export, and webhook access may require an active or trialing subscription.

Workspace owners and admins can use Stripe-hosted billing management to review invoices, update payment methods, and cancel future renewal.

Firmware handling

Firmware artifacts are treated as untrusted input and are stored privately for the configured retention window. Do not upload secrets, credentials, personal data, or regulated data unless your written agreement covers that material.

Scanner output

Findings are generated from deterministic signatures, component hints, and advisory correlation available to the scanner. Results are intended to support human review and are not a guarantee that firmware is free of vulnerabilities.

Support and changes

Email support@tkoresearch.com for billing, support, or security questions. Updates to these terms will be published at https://firmware.tkoresearch.com/terms.