Effective: March 30, 2026 · Version 1.0 · H33 Cryptographic Systems, Inc.
These terms govern your use of HICS (H33 Independent Code Scoring), including the free CLI tool, paid attestation services, the HICS-PQ library attestation program, and the HICS verification system. By using any HICS product or service, you agree to these terms.
HICS performs automated pattern analysis against software codebases. It is not a security audit, penetration test, code review, or professional assessment of any kind. HICS uses static analysis, AST parsing, and heuristic pattern matching to produce a numerical score across five weighted categories.
A high score does not mean your code is secure. HICS cannot detect all vulnerabilities, logic errors, or architectural weaknesses. A score of 100/100 means the HICS algorithm found no patterns matching its detection rules. It does not mean the code is free of defects.
A low score does not mean your code is insecure. HICS may produce false positives where legitimate code patterns match detection rules. The scoring algorithm applies heuristic confidence weights but cannot guarantee the accuracy of individual findings.
The algorithm is the authority. H33 does not editorialize, override, or manually adjust scores for any customer, including itself.
HICS IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NON-INFRINGEMENT. H33 CRYPTOGRAPHIC SYSTEMS, INC. DOES NOT WARRANT THAT HICS WILL DETECT ALL VULNERABILITIES, PRODUCE ACCURATE SCORES IN ALL CASES, OR OPERATE WITHOUT ERROR.
H33 Cryptographic Systems, Inc. expressly disclaims liability for any direct, indirect, incidental, special, consequential, or exemplary damages arising from use of or reliance on HICS scores or attestations, including but not limited to procurement decisions, security incidents, data breaches, regulatory actions, contract disputes, or any other losses, whether or not H33 was advised of the possibility of such damages.
IN NO EVENT SHALL H33'S TOTAL LIABILITY EXCEED THE AMOUNT PAID BY YOU FOR HICS SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM. FOR FREE-TIER USERS, H33'S TOTAL LIABILITY IS ZERO.
HICS attestation is one data point. H33 does not recommend for or against any vendor, product, or purchasing decision. Parties using a vendor's Proof ID to inform procurement, compliance, or security decisions do so at their own risk and must exercise their own independent judgment.
HICS scores are not a substitute for independent professional security review, compliance assessment, or legal counsel. Do not use HICS output as the sole basis for legal, compliance, or procurement decisions without independent professional review.
HICS attestation (STARK proof + Dilithium signature) verifies computational integrity only. The STARK proof confirms that the scoring algorithm executed correctly on the submitted codebase. The Dilithium signature confirms the attestation was issued by H33.
The Proof ID and STARK proof do not verify that the submitted codebase represents the software in production deployment. A vendor may submit any codebase for attestation. H33 does not verify, audit, or monitor whether the attested code matches what is deployed in production, staging, or any other environment.
Attestation certificates are point-in-time snapshots. Code changes after scanning are not reflected in existing attestations. Attestations expire 90 days after issuance.
When purchasing a paid HICS attestation, you affirm:
Both representations are recorded in the attestation certificate with a timestamp, the version of these terms accepted, and the HICS algorithm version used.
H33 may update the HICS scoring algorithm at any time. Algorithm changes may affect scores for identical codebases. Historical scores reflect the algorithm version active at time of scan. Scores are not retroactively updated. Each attestation certificate records the algorithm version under which it was generated.
Substantive algorithm changes (modifications to category weights, addition or removal of finding types, changes to grade thresholds) will be documented in the public HICS methodology page and the algorithm version number will be incremented.
The HICS scoring formula (category definitions, weights, grade thresholds, and finding type specifications) is published openly and may be referenced, discussed, and audited by anyone.
The HICS implementation (scanner code, AST analysis logic, STARK proof generation, Dilithium signing infrastructure, CLI binary, API server, and verification system) is proprietary to H33 Cryptographic Systems, Inc. and protected by applicable intellectual property laws.
The HICS name, HICS-PQ name, and associated marks are trademarks of H33 Cryptographic Systems, Inc. Third parties may not represent their tools or services as "HICS certified" or "HICS compatible" without written authorization.
Free CLI: The free HICS CLI runs entirely on your local machine. No source code, findings, scores, or telemetry data is transmitted to H33 or any third party. H33 has no access to your code or results.
Paid attestation: When you generate a HICS attestation, the score, category breakdown, Merkle root, and metadata are transmitted to H33 for STARK proof generation and Dilithium signing. Source code is never transmitted. The Merkle root commits the codebase structure without revealing file contents.
Verification: When a third party verifies a Proof ID, H33 returns the score, category breakdown, timestamp, and verification status. Vendor identity is included only if the vendor has opted into public listing.
These terms are governed by and construed in accordance with the laws of the State of Florida, United States, without regard to conflict of law principles. Any disputes arising under or relating to these terms shall be subject to the exclusive jurisdiction of the state and federal courts located in Florida. You irrevocably consent to the jurisdiction and venue of such courts.
If any provision of these terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.
Questions about these terms: legal@h33.ai
Security issues: security@h33.ai
General support: support@h33.ai
H33 Cryptographic Systems, Inc. · Florida, United States
HICS Terms of Service v1.0 · Effective March 30, 2026