Terms of Service

Last updated: April 14, 2026

1. Acceptance of Terms

By accessing or using Complint ("Service"), operated by Complint ("Company," "we," "us," or "our"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service. By creating an account, installing the GitHub App, or otherwise using the Service, you represent that you have the authority to bind your organization to these Terms.

2. Description of Service

Complint is an automated code review tool that analyzes pull request diffs for potential issues related to the HIPAA Security Rule (45 CFR Part 164). The Service uses artificial intelligence to identify code patterns that may be relevant to HIPAA compliance.

2.1 What Complint Is

  • An automated code analysis tool that flags potential HIPAA-related code patterns
  • A supplementary tool to assist development teams in identifying compliance-relevant code changes
  • A notification system that surfaces code patterns for human review

2.2 What Complint Is NOT

  • Complint is NOT a HIPAA compliance solution, certification, or attestation service
  • Complint is NOT a substitute for a HIPAA compliance officer, legal counsel, or security audit
  • Complint is NOT a Business Associate as defined under HIPAA and does not create, receive, maintain, or transmit Protected Health Information (PHI) or electronic Protected Health Information (ePHI) on your behalf
  • Complint does NOT guarantee, certify, or warrant that your code, application, system, or organization is HIPAA compliant
  • Complint does NOT replace a comprehensive HIPAA compliance program, risk assessment, or security audit

3. No HIPAA Compliance Guarantee

YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT:

  • The Service provides automated analysis based on AI pattern matching and is inherently limited in its ability to detect all potential HIPAA compliance issues.
  • The Service may produce false positives (flagging code that is compliant) and false negatives (failing to flag code that is non-compliant). No automated tool can guarantee complete coverage of all HIPAA requirements.
  • HIPAA compliance is a comprehensive organizational obligation that extends far beyond source code and includes administrative safeguards, physical safeguards, policies, procedures, training, business associate agreements, risk assessments, and more.
  • Use of the Service does not constitute compliance with HIPAA, the HITECH Act, or any other federal, state, or local healthcare regulation.
  • You are solely responsible for ensuring your organization's compliance with all applicable laws and regulations, including HIPAA.

4. Not a Business Associate

Complint does not access, create, receive, maintain, or transmit Protected Health Information (PHI) or electronic Protected Health Information (ePHI). The Service analyzes source code and code diffs only. Source code is not PHI.

Accordingly, Complint is not a Business Associate under HIPAA, and no Business Associate Agreement (BAA) is required or offered. If your source code repositories contain PHI (which itself may constitute a HIPAA violation), you are solely responsible for that condition and should not use the Service until that condition is remediated.

5. Data Handling and Code Access

5.1 GitHub App Permissions

The Service accesses your code repositories through a GitHub App with read-only permissions to pull request diffs and repository contents. The Service does not have write access to your code and cannot modify your repositories.

5.2 Code Processing

  • Code diffs are processed during pull request analysis
  • GitHub webhook payloads, including pull request diffs and commit metadata, are stored in our database for audit logging, service operation, and analysis purposes
  • Analysis findings and metadata (file paths, line numbers, severity levels) are stored to provide the compliance dashboard, historical tracking, and product improvement

5.3 AI Processing

Code diffs are sent to third-party AI providers (Anthropic Claude) for analysis. By using the Service, you consent to this processing. We select AI providers with appropriate data handling practices, but you should review their terms independently.

5.4 Data License

By submitting data to the Service (including code diffs, repository metadata, analysis results, and usage data), you grant Complint a worldwide, perpetual, irrevocable, royalty-free, sublicensable, and transferable license to use, reproduce, modify, analyze, aggregate, create derivative works from, and otherwise process such data for the following purposes:

  • Operating, maintaining, and improving the Service
  • Developing and improving internal analysis models, algorithms, and methodologies
  • Creating aggregated, de-identified datasets and industry benchmarks
  • Generating business intelligence and product analytics
  • Any other lawful commercial purpose in aggregated or de-identified form

This license does not grant Complint the right to publicly disclose your identifiable source code to third parties, except as required to operate the Service (e.g., sending code diffs to AI providers for analysis as described in Section 5.3).

5.5 Aggregated and De-Identified Data

Complint may create and use aggregated, de-identified data derived from your data for any purpose, including commercial purposes, without restriction. Such data will not identify you or your organization. Complint's rights to aggregated data are perpetual and survive termination of your account or these Terms.

6. User Responsibilities

You agree that:

  • You will not rely solely on Complint for HIPAA compliance
  • You will maintain a comprehensive HIPAA compliance program independent of the Service
  • You will have qualified compliance and legal personnel review Complint's findings
  • You will not submit source code that contains actual PHI, patient data, or sensitive health information to the Service
  • You are responsible for all decisions made based on the Service's output
  • You will not use the Service as evidence of HIPAA compliance in regulatory proceedings, audits, or legal matters

7. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

  • THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
  • IN NO EVENT SHALL COMPLINT, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM YOUR USE OF OR INABILITY TO USE THE SERVICE.
  • COMPLINT SHALL NOT BE LIABLE FOR ANY REGULATORY FINES, PENALTIES, SANCTIONS, OR ENFORCEMENT ACTIONS IMPOSED ON YOU OR YOUR ORGANIZATION BY THE OFFICE FOR CIVIL RIGHTS (OCR), THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS), OR ANY OTHER REGULATORY BODY.
  • COMPLINT'S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE AMOUNT YOU PAID TO COMPLINT IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

8. Indemnification

You agree to indemnify, defend, and hold harmless Complint and its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:

  • Your use of the Service
  • Your violation of these Terms
  • Your violation of HIPAA or any other applicable law or regulation
  • Any claim that your use of the Service constitutes or contributes to HIPAA compliance
  • Any regulatory action, investigation, or proceeding related to your HIPAA compliance

9. Billing and Refunds

  • Credit packs are non-refundable once purchased
  • Monthly subscriptions may be canceled at any time through the billing portal; cancellation takes effect at the end of the current billing period
  • Free trial credits expire at the end of the trial period and cannot be converted to paid credits
  • We reserve the right to change pricing with 30 days' notice

10. Termination

We may suspend or terminate your access to the Service at any time, with or without cause, with or without notice. Upon termination, your right to use the Service ceases immediately. Sections 3, 4, 5.4, 5.5, 7, 8, 11, and 12 survive termination. Upon termination, Complint may retain and continue to use aggregated, de-identified data as described in Section 5.5 and the Privacy Policy.

11. Business Transfers

You acknowledge and agree that in the event of a merger, acquisition, reorganization, asset sale, or similar transaction, these Terms and all rights and obligations hereunder, including the data license granted in Section 5.4, may be assigned or transferred to the acquiring or successor entity without your consent or any additional notification beyond what is required by law.

12. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of Utah, without regard to its conflict of law provisions. Any dispute arising from these Terms shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association, conducted in Utah. You waive any right to a jury trial.

13. Changes to Terms

We reserve the right to modify these Terms at any time. We will notify users of material changes via email or through the Service. Continued use of the Service after changes constitutes acceptance of the modified Terms.

14. Contact

For questions about these Terms, contact us at legal@complint.dev.