Last updated: March 15, 2026
By accessing or using MergeShield ("Service"), operated by MergeShield LTD, a company registered in England and Wales (Company No. 17079928, registered address: 124 City Road, London, EC1V 2NX, United Kingdom), you agree to be bound by these Terms of Service ("Terms"). If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms. If you do not agree to these Terms, do not use the Service.
MergeShield provides an AI-powered governance platform for software development. The Service analyzes pull requests on GitHub repositories, detects AI coding agent activity, produces risk assessments, and provides automated governance tools including trust scoring, approval workflows, and auto-merge rules. The Service operates as a GitHub App and optionally as a GitHub Action.
You must authenticate via GitHub OAuth to use the Service. You are responsible for maintaining the security of your GitHub account and any API keys generated through the Service. You must promptly notify us of any unauthorized use of your account. MergeShield is not liable for losses arising from unauthorized access to your account.
The Service requires certain GitHub permissions to function: read access to repository metadata, pull request content, code diffs, commits, and check statuses; write access to post comments and create commit statuses. We only access code diffs and changed files for analysis — we do not clone, store, or retain your full source code. All data access is governed by the permissions you grant when installing the GitHub App.
The Service uses third-party AI models (Anthropic Claude) to analyze pull requests. Risk scores, reasoning, and recommendations are AI-generated and provided for informational purposes. They should not be treated as definitive security audits. You are responsible for reviewing and acting on analysis results according to your own judgment and policies. MergeShield does not guarantee the accuracy, completeness, or suitability of AI-generated analysis.
If you enable auto-merge rules, the Service may automatically merge pull requests on your behalf based on your configured thresholds. You are solely responsible for configuring these rules appropriately. MergeShield is not liable for any consequences of automated merge actions, including code defects, security vulnerabilities, or service disruptions resulting from auto-merged code.
The Service offers multiple pricing tiers with varying usage limits. Paid plans are billed monthly via Stripe. You agree to pay all fees associated with your selected plan. Usage beyond your plan's analysis cap is billed as overage at the published per-analysis rate. We reserve the right to change pricing with 30 days' notice. Downgrading your plan may result in loss of access to certain features.
Each plan includes limits on repositories, analyses per month, and team members. If you exceed your plan's analysis limit, additional analyses will be charged at the overage rate. We reserve the right to throttle or suspend Service access if usage significantly exceeds plan limits without appropriate overage payment.
Analysis results, audit logs, and governance data are retained for the duration of your account. You may request deletion of your data by contacting support. Upon account deletion, we will remove your data within 30 days, except where retention is required by law or for legitimate business purposes (such as aggregate, anonymized analytics).
You retain all rights to your code and repositories. MergeShield retains all rights to the Service, including its analysis algorithms, user interface, documentation, and branding. The risk analysis results generated for your pull requests are provided to you under a non-exclusive license for your internal use.
You may not: (a) reverse engineer, decompile, or disassemble the Service; (b) use the Service to develop a competing product; (c) share API keys with unauthorized third parties; (d) attempt to circumvent usage limits or security measures; (e) use the Service for any unlawful purpose; (f) resell or redistribute the Service without written permission.
We strive to maintain high availability but do not guarantee uninterrupted access to the Service. We may perform scheduled maintenance with reasonable advance notice. We are not liable for downtime caused by third-party services (GitHub, cloud infrastructure providers, AI API providers) or events beyond our reasonable control.
To the maximum extent permitted by law, MergeShield shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or business opportunities, arising from your use of the Service. Our total liability shall not exceed the amount you paid to MergeShield in the twelve months preceding the claim.
You agree to indemnify and hold harmless MergeShield from any claims, damages, or expenses arising from: (a) your use of the Service; (b) your violation of these Terms; (c) your violation of any third-party rights; (d) code merged through auto-merge rules you configured.
We may update these Terms from time to time. We will notify you of material changes via email or through the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated Terms. If you do not agree with changes, you should discontinue use of the Service.
Either party may terminate this agreement at any time. You may cancel your account through the dashboard or by contacting support. We may suspend or terminate your account for violation of these Terms, non-payment, or if required by law. Upon termination, your access to the Service ceases and data deletion procedures in Section 9 apply.
These Terms are governed by and construed in accordance with the laws of England and Wales. Any disputes arising from these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of England and Wales, except where mandatory consumer protection laws in your jurisdiction grant you additional rights.
For questions about these Terms, please contact us at legal@mergeshield.dev. MergeShield LTD, 124 City Road, London, EC1V 2NX, United Kingdom. Company No. 17079928.