Service terms
Practical terms for Microfirm account access, billing, firmware uploads, scanner output, and acceptable use.
Service scope
Microfirm is a firmware vulnerability scanner for authorized firmware review. The service provides secure upload, scan, findings, export, webhook, billing, and audit workflows.
These service terms apply unless a separately signed agreement with TKOResearch says otherwise.
Authorized use
Upload only firmware, binaries, and related metadata that you own or are authorized to assess. Do not use Microfirm to analyze stolen material, evade access controls, distribute malware, or attack systems you do not control.
Billing
Starter subscriptions are billed through Stripe at the published monthly price unless a written agreement says otherwise. Billing is attached to the team workspace, and scan, export, and webhook access may require an active or trialing subscription.
Workspace owners and admins can use Stripe-hosted billing management to review invoices, update payment methods, and cancel future renewal.
Firmware handling
Firmware artifacts are treated as untrusted input and are stored privately for the configured retention window. Do not upload secrets, credentials, personal data, or regulated data unless your written agreement covers that material.
Scanner output
Findings are generated from deterministic signatures, component hints, and advisory correlation available to the scanner. Results are intended to support human review and are not a guarantee that firmware is free of vulnerabilities.
Support and changes
Email support@tkoresearch.com for billing, support, or security questions. Updates to these terms will be published at https://firmware.tkoresearch.com/terms.