Terms of Use

Patch is made by Plateau Labs LLC. These terms explain what Patch does, what it doesn't do, and the rules for using it. We've written them in plain language on purpose. Please read them — by using Patch, you agree to them.

What Patch is

Patch is a security center. It looks at things like your sign-ins, passkeys, two-factor settings, and whether your email has shown up in known data breaches, and it shows you what to do about them. Think of it as a guide that points you in the right direction.

Patch is a flashlight, not a safe. It shows you where things are; it doesn't hold your secrets. Patch is not a password manager, an antivirus, a VPN, or a monitoring service.

What Patch can see

What Patch reads depends on which version you're using.

On Mac (the full version), Patch reads your saved logins from your browser's own files — Chrome, Edge, Brave, and Firefox: the website, your username, and your saved password. It also reads your browsing history (which sites you visit and how often) to decide what to show you first. It uses this to find problems: weak, reused, or breached passwords, and sites that have been part of a known data breach.

Patch finds those problems two ways: by reading the "compromised," "reused," and "weak" warnings your browser has already flagged, and by running its own checks against Have I Been Pwned. When Patch checks a password against Have I Been Pwned, it hashes the password on your Mac and sends only the first five characters of that hash — your password itself never leaves your device. When it checks your sites, it compares your site list against a public breach list locally, sending nothing about you.

Patch reads your passwords in memory to check them and to spot reuse, but it never stores the password itself. It keeps only a small on-device cache of one-way password fingerprints — not your actual passwords — and their breach counts, so it doesn't have to re-check every time. A fingerprint can't be turned back into your password. Nothing is uploaded except that partial hash and the request for the public breach list. Patch does not read your autofill data, saved addresses, or payment cards.

On iPhone and iPad, Patch can't read your accounts at all — Apple's rules don't allow it. So you tell Patch which sites you use, and it checks those. If you share your Mac's findings to your iPhone, the Mac version is what gathered them, under the terms above.

What Patch is not — and what you're responsible for

This is the most important part, so we'll be direct.

Patch gives you information and guidance. It does not make you secure, and it can't guarantee you won't be hacked, breached, or scammed. We can show you the door; we can't walk you through it. The actual steps — changing a password, turning on two-factor, freezing your credit — happen on other companies' websites and apps, by you, not by Patch.

So:

• Patch is provided "as is," without warranties of any kind. We don't promise it's error-free, complete, always available, or fit for any particular purpose. To the fullest extent allowed by law, Plateau Labs LLC disclaims all warranties, express or implied.
• Patch is not a guarantee of safety. Following Patch's guidance reduces risk; it does not eliminate it. You are responsible for your own accounts, devices, and decisions.
• We're not liable for what happens to your accounts. To the fullest extent allowed by law, Plateau Labs LLC is not responsible for any loss, damage, breach, theft, or harm arising from your use of Patch or your reliance on its guidance. If a court won't enforce that fully, our total liability to you is limited to the amount you paid us for Patch in the twelve months before the claim — which, for the free version, is zero.

Breach and scam information comes from outside sources

Patch checks your email against known data breaches using third-party data, including Have I Been Pwned. When you ask Patch to check whether a message or link looks like a scam, it uses an automated service to form an opinion.

We don't control these outside sources, and we don't warrant that their data is accurate, current, or complete.

Patch's scam check returns a verdict — like "scam," "caution," or "safe" — as a judgment, not a guarantee. A "safe" result is not a promise that something is safe, and a "scam" result is not a legal determination. Use your own judgment. When something involves your money, your accounts, or your identity, treat Patch's verdict as one input, not the final word.

Using Patch responsibly

Patch is for your own personal security. Don't use it to break the law, to access accounts that aren't yours, or to do anything that interferes with how Patch works or with other people's use of it. Don't copy, resell, reverse-engineer, or pull apart the app except where the law specifically allows it.

Your data

Patch is built to keep your information on your device. As described above, the Mac version reads sensitive data — including your saved passwords — to do its job, but it does that work on your Mac and doesn't send your passwords, usernames, or browsing history anywhere. There's nothing held on our servers for someone to steal. How Patch handles your information is covered in full by our Privacy Policy, which is part of these terms by reference.

Changes to Patch and to these terms

We may update, change, or discontinue Patch or any part of it at any time. We may also update these terms. When we make a meaningful change, we'll update the "last updated" date above, and significant changes will be made clear in the app. If you keep using Patch after a change, you're agreeing to the updated terms.

Ending your use

You can stop using Patch and delete it at any time. We may suspend or end your access if you break these terms.

The legal basics

These terms are governed by the laws of the State of Texas, without regard to its conflict-of-laws rules. Any dispute relating to Patch or these terms will be brought in the state or federal courts located in Texas, and you and Plateau Labs LLC agree to that venue.

If any part of these terms is found unenforceable, the rest stays in effect. These terms are the entire agreement between you and Plateau Labs LLC about Patch, and they replace any earlier understanding. Our not enforcing a term once doesn't mean we give it up.

Contact

Patch is made by Plateau Labs LLC. Questions about these terms? Email us at hello@patch-security.com.