Terms of Service Discrepancies
Documented review of Gardyn's Terms of Service against the findings in CISA advisory ICSA-26-055-03 (Update A).
Source documents
| Terms of Service (current) | mygardyn.com/policy/terms-of-service/ |
|---|---|
| Wayback Machine capture index | web.archive.org/web/*/mygardyn.com/policy/terms-of-service/ |
| Federal advisory | CISA ICSA-26-055-03 (Update A) |
Item 1: “Effective Date” line revised six and a half years forward
Per Wayback Machine captures of https://mygardyn.com/policy/terms-of-service/:
| Wayback capture date | “Effective Date” text on page |
|---|---|
| August 4, 2025 | Effective Date Of Current Policy: September 1, 2019 |
| October 13, 2025 | Effective Date Of Current Policy: September 1, 2019 |
| January 3, 2026 | Effective Date Of Current Policy: September 1, 2019 |
| February 12, 2026 | Effective Date Of Current Policy: September 1, 2019 |
| April 26, 2026 | Effective Date of Current Policy: February 23, 2026 |
Per the captures, the stated Effective Date was revised between the February 12, 2026 capture (showing “September 1, 2019”) and the April 26, 2026 capture (showing “February 23, 2026”). The corresponding JSON-LD dateModified field changed from 2025-11-17T15:25:53+00:00 in the February 12 capture to 2026-04-06T16:51:48+00:00 in the April 26 capture. The earliest available capture in this set (August 4, 2025) records a JSON-LD dateModified of 2025-06-12T18:59:19+00:00; the “Effective Date” in the body of the document had been “September 1, 2019” in all captures predating the April 6, 2026 revision.
Note: the Terms of Service document does not display a user-facing “Last updated” string parallel to that on the Privacy Policy. The “Effective Date” line in the body of the document is the analogous user-facing date indicator.
Item 2: Document size and word-count change between February 12 and April 26, 2026
Per the captures referenced in Item 1, the byte size and word count of the document differ as follows:
| Capture | Bytes (decompressed) | Word count (text only, scripts and styles stripped) |
|---|---|---|
| August 4, 2025 | 142,178 | 8,793 |
| October 13, 2025 | 172,067 | 8,822 |
| January 3, 2026 | 175,724 | 8,960 |
| February 12, 2026 | 851,550 | 8,934 |
| April 26, 2026 | 861,831 | 9,434 |
The April 26, 2026 capture contains approximately 500 more words of text than the February 12, 2026 capture. A textual diff between those two captures shows approximately 80 sentences present in the April 26 version that are not present in the February 12 version, and approximately 56 sentences present in the February 12 version that are not present in the April 26 version. The substituted sentences include sole-discretion phrasing in liability and account-termination provisions, an updated waste-disposal indemnification clause, and the Effective Date change documented in Item 1.
Item 3: Wayback Machine snapshot index for this page
The following Wayback Machine snapshots of https://mygardyn.com/policy/terms-of-service/ are mirrored locally on this site under /captures/wayback/terms-of-service/. Mirrors are not modified after fetch; SHA-256 hashes are recorded in the /captures/wayback/manifest.json file. The capture index spans August 4, 2025 through May 25, 2026 (fourteen snapshots).
| Captured (UTC) | JSON-LD dateModified | Body “Last updated” | Added | Removed | Primary source | Local mirror | Size | SHA-256 (truncated) |
|---|---|---|---|---|---|---|---|---|
| 2025-10-04 13:39:49 UTC | 2025-06-12 18:59:19 UTC | — | — | “It’s never been easier to get growing Grow now, pay later with Affirm or Klarna Risk-free 60 day trial Free rapid shipping 2 year limited warranty” and a stray “×” glyph (page chrome; no Terms textual edit) | archive.org | local copy | 168.8 KB | e94dc4b4476e… |
| 2025-12-04 17:16:21 UTC | 2025-11-17 15:25:53 UTC | — | “8120 Woodmont Avenue, Suite 640, Bethesda, MD 20814”; “Attn: Legal Department” silent date stamp | “7315 Wisconsin Avenue, Suite #400, Bethesda, MD 20814” | archive.org | local copy | 168.1 KB | e1eacbb562b0… |
| 2026-04-26 23:02:16 UTC | 2026-04-06 16:51:48 UTC | — |
|
| archive.org | local copy | 841.9 KB | 5c486a3e495c… |
Item 4: Section 10 expanded with device-security and security-testing prohibition subsections
Per the captures referenced in Item 3, between the February 12, 2026 capture and the April 26, 2026 capture (the JSON-LD dateModified advancing from 2025-11-17T15:25:53+00:00 to 2026-04-06T16:51:48+00:00), Section 10, titled “General Prohibitions and Gardyn’s Enforcement Rights,” was expanded. In the eight captures dated August 4, 2025 through February 12, 2026, Section 10 opens directly with a list of content-restriction prohibitions (“You agree not to do any of the following: a) Post, upload, publish…”). In the six captures dated April 26, 2026 through May 25, 2026, Section 10 opens instead with seven lettered subsections (a–g) reproduced verbatim below; the prior content-restriction list is retained and relettered. The seven subsections are not present in any capture dated through February 12, 2026 and are present in every capture dated April 26, 2026 onward.
a) Device Integrity and Ownership The Gardyn device is an integrated hardware and software system. While you may own the physical hardware components, all embedded firmware, operating systems, internal services, configurations, and related software are proprietary to Gardyn and are licensed, not sold. Users are not authorized to, and you shall not, access, modify, probe, disassemble, extract, or interfere with internal system components, firmware layers, operating system environments, command-line interfaces, secure shell (SSH) access points, or undocumented interfaces beyond officially documented user-facing functionality.
b) Security Circumvention Prohibition You shall not bypass, disable, circumvent, override, interfere with, or otherwise defeat any security, authentication, encryption, port restriction, firmware control, or system integrity mechanisms implemented by Gardyn. You shall not breach any security or authentication measures. Any attempt to reopen restricted ports, enable disabled system services, or alter security configurations without explicit written authorization from Gardyn constitutes a material breach of these Terms.
c) Unauthorized Security Testing and Probing Security testing, vulnerability research, port scanning, penetration testing, reverse engineering, credential extraction, traffic interception, or system probing of Gardyn products, devices, firmware, cloud infrastructure, APIs, or services is strictly prohibited without prior written authorization from Gardyn. Unauthorized testing activities may result in account suspension, service termination, warranty void, and potential legal action against you.
d) Credentials and Keys Users shall not access, extract, intercept, monitor, reverse engineer, decrypt, attempt to retrieve, or otherwise obtain authentication credentials, cryptographic keys, tokens, connection strings, API secrets, storage credentials, or internal service identifiers from any Gardyn device, application, or cloud service. Attempting to access or accessing non-public authentication materials is expressly prohibited regardless of whether the Gardyn device is owned by you.
e) Remote Security Updates and Configuration Authority Gardyn reserves the right to deploy firmware updates, patches, configuration changes, port restrictions, credential rotations, feature modifications, or other security controls to devices at any time to maintain system integrity, customer safety, regulatory compliance, or service reliability. Continued use of the Gardyn device after these security updates and modifications constitutes acceptance of such updates and security modifications.
f) Protection of Other Users and Infrastructure You shall not engage in any activity that could impair, disrupt, degrade, compromise, or interfere with the integrity, availability, or security of Gardyn infrastructure, shared cloud environments, or other users’ devices or data. Any actions affecting shared infrastructure, even if initiated from your own device, are prohibited.
g) Warranty and Service Implications of Tampering Any unauthorized modification, tampering, probing, reverse engineering, port manipulation, or security circumvention may result in account suspension, service termination, warranty voidance, and potential legal action against you. Gardyn reserves the right to restrict functionality of Gardyn devices determined to be operating outside authorized parameters.
The subsections above are quoted from the locally mirrored capture at /captures/wayback/terms-of-service/20260429061617.html (captured April 29, 2026; JSON-LD dateModified April 6, 2026). The same text is present in the five other captures dated April 26, 2026 through May 25, 2026 listed in Item 3.
What this site does not say
This page does not characterize the changes documented above or attribute them to any particular cause. It documents the dates on which the Terms of Service text was revised, the corresponding JSON-LD metadata, and the size and word-count differences between captures, with primary-source links to archive.org. Reconciliation is left to the reader and to any regulator or attorney with appropriate jurisdiction.