Terms of Service

1. Description of Service

Desmodus provides a technical pipeline designed to transform compiled software artifacts—such as JVM bytecode, Android APKs, and compiled libraries—into structured architectural knowledge. The Service utilizes a combination of deterministic static analysis, program graph construction, and Large Language Models (LLMs) to identify functional subsystems and generate semantic interpretations of opaque codebases.

2. User Responsibilities and Legal Compliance

2.1 Right to Analyze

The user represents and warrants that they possess the necessary legal rights, licenses, or permissions to perform reverse engineering and analysis on any software artifacts uploaded to or processed by Desmodus. This includes compliance with applicable end-user license agreements (EULAs) and local laws regarding interoperability, security research, or malware analysis.

2.2 Prohibited Conduct

Users shall not use Desmodus to:

• develop or facilitate the creation of malicious exploits;
• violate international intellectual property laws; or
• engage in unauthorized access to third-party systems.

3. Deployment and Data Isolation

3.1 Air‑Gapped and On‑Premise Environments

Desmodus is designed for high‑assurance environments and supports fully on‑premise, bare‑metal, and air‑gapped deployments. In such configurations, the user is solely responsible for maintaining the physical and network isolation of the host environment, including disabling wireless protocols (Wi‑Fi, Bluetooth) where required and managing any physical update procedures ("sneakernet").

3.2 Zero Telemetry

By design, Desmodus does not utilize third‑party APIs or phone‑home telemetry. All analysis data and queries remain within user‑controlled infrastructure unless explicitly configured otherwise.

4. AI Interpretation and Accuracy Disclaimer

4.1 Probabilistic Outputs

The AI Interpretation Layer of Desmodus uses LLMs to suggest subsystem labels and describe functionality. Users acknowledge that these outputs are probabilistic and may occasionally produce hallucinations or technical inaccuracies.

4.2 Expert Verification

Desmodus is a tool meant to augment, not replace, human expertise. Users are responsible for validating all AI‑generated inferences and architectural reports as part of their standard analysis workflow before making security or operational decisions.

5. Intellectual Property

5.1 The Platform

Desmodus, including its proprietary algorithms, program graph construction techniques, and user interfaces, remains the exclusive property of its creators.

5.2 Derived Knowledge Graphs

The structured knowledge graphs, architectural reports, and visualizations generated from user‑provided artifacts are the property of the user. However, users acknowledge that derived data (for example, a graph representing a classified binary) may inherit the security classification or export‑control restrictions of the original source artifact.

6. Regulatory Compliance and Export Control

6.1 ITAR and International Trade

Users analyzing artifacts subject to the International Traffic in Arms Regulations (ITAR) must implement strict role‑based access controls (RBAC) and ensure that access is limited to authorized persons as defined by applicable law. Desmodus provides infrastructure to support these controls, but organizational compliance is the user's responsibility.

6.2 FIPS and Cryptography

For environments requiring FIPS 140‑2 compliance, users must configure Desmodus to utilize NIST‑validated cryptographic modules supplied by the host operating system or a supported Hardware Security Module (HSM).

7. Limitation of Liability

Desmodus is provided "as‑is" for technical research and software archaeology. To the maximum extent permitted by law, we are not liable for:

• security breaches resulting from incorrect software comprehension;
• data loss occurring during analysis of obfuscated or volatile binaries; or
• operational failures in legacy systems audited via the platform.