Terms of Service
Last updated: 27 June 2026
1. Service Description
PRGuard ("the Service," "we," "us") is a Code Governance as a Service platform and a product of Unifi Software Development Ltd ("the Company"), a company registered in England and Wales (company number 11054002), trading at unifidev.com. PRGuard provides two core capabilities:
- Automated Governance — PRGuard acts as an automated code reviewer, analysing pull requests and push events against your organisation's proprietary governance rules ("Context Files") to enforce coding standards, security policies, and compliance requirements.
- Pre-Audit Screening & Cost Controls — Before each audit, PRGuard applies your skip rules (such as file-path patterns, draft pull requests, and skip markers) so changes that don't need review don't consume credits, and screens every submission for prompt-injection and abuse through a lightweight automated pre-screening stage. Together these reduce unnecessary LLM usage and help protect the audit pipeline.
PRGuard integrates with GitHub via a GitHub App installation. When a pull request is opened, synchronised, or reopened — or when commits are pushed to a monitored branch — PRGuard fetches the relevant diff, evaluates it against your Context Files using a large language model (LLM), and posts its findings directly to GitHub as a code review or commit status.
By creating an account, installing the PRGuard GitHub App, or purchasing credits, you ("the User," "you," "your organisation") agree to these Terms of Service.
2. Accounts & Access
2.1 Eligibility
You must be at least 18 years old and have the authority to bind your organisation to these Terms. You can create an account either by registering directly with an email address and password, or by signing in with GitHub (OAuth); a directly-registered account may link a GitHub identity later. Every account, however it is created, is secured with two-factor authentication (TOTP), which must be enrolled within a short grace period after your first sign-in.
2.2 Organisation Structure
PRGuard operates on an organisation model. Each organisation has a single Owner and may have additional Members. The Owner is responsible for billing, plan selection, and membership management. Membership is subject to the seat limits of your active plan.
2.3 GitHub Permissions
When you sign in with GitHub, PRGuard requests only the read:user and user:email GitHub OAuth scopes. Repository access is granted separately through the PRGuard GitHub App installation — not via OAuth — which requires repository read access and webhook permissions to receive pull request and push events. You may revoke access at any time by uninstalling the GitHub App from your GitHub organisation settings.
3. Plans, Pricing & Seat Limits
3.1 Usage-Linked Pricing
PRGuard uses a credit-based pricing model. Costs are linked to engineering output — specifically, the number and complexity of audits your organisation runs — rather than headcount alone. Each plan includes a monthly credit allocation alongside repository and seat limits:
- Trial — One-time activation fee. Includes a fixed credit balance, limited to 3 repositories and 5 seats, valid for 60 days.
- Starter — Monthly subscription. Up to 10 repositories and 15 seats.
- Pro — Monthly subscription. Up to 25 repositories and 30 seats.
- Pro Team — Monthly subscription. Up to 50 repositories and 100 seats.
- Enterprise — Custom pricing with unlimited repositories and seats, custom credit allocations, volume discounts, and dedicated onboarding.
3.2 Seat & Repository Limits
Each plan enforces maximum seat and repository counts. You may not add members or repositories beyond your plan's limits without upgrading. Enterprise plans have no hard limits and are governed by individual agreements.
4. Credits & Billing
4.1 Credit Allocation
Each billing cycle, your organisation receives a fresh allocation of plan credits. Plan credits that are unused at the end of a billing cycle do not roll over — they reset to zero upon renewal. Top-up credits purchased separately persist indefinitely until consumed.
Payments are processed by Stripe on behalf of Unifi Software Development Ltd. Charges, invoices, and bank or card statements will appear under the descriptor Unifi Software Development Ltd (or an abbreviation thereof, depending on your card issuer's display rules), not "PRGuard". This is the legal trading name of the company that operates the PRGuard service.
4.2 How Credits Are Consumed
Credits are debited for each successful LLM call made during an audit, based on the tokens that call consumes. A single audit can involve more than one call: a prompt-injection pre-screening step and, where deep-context enrichment is enabled, additional context-processing calls, alongside the main governance audit. Each of these calls is billed when it completes, independently of the final verdict.
The main governance verdict is either Pass, Fail, or Warning, and all three are charged at the same rate. If a call does not complete — for example, the provider is temporarily unavailable and all retries are exhausted before any response is received — no charge is applied for that call. However, charges already applied for earlier successful calls in the same run (such as a completed pre-screening step) are not automatically reversed if a later call in the same audit subsequently fails.
When your LLM provider experiences downtime mid-audit, our system automatically retries with exponential backoff and posts a pending status to your PR so your team can see what is happening. Plan credits are consumed first; once plan credits are exhausted, top-up credits are debited.
4.3 Credit Top-Ups
You may purchase additional credits as one-time top-ups via Stripe. Top-up credits are added to your balance immediately upon successful payment and do not expire. A maximum credit balance cap applies to prevent accidental over-purchasing.
4.4 Non-Refundability
All credit purchases and subscription payments are non-refundable except where required by applicable law. If a payment is processed but cannot be applied due to a technical error (e.g. a balance cap conflict), we will work with you to resolve the issue, which may include a manual refund via Stripe on a case-by-case basis.
4.5 Payment Failures
If a subscription payment fails, your subscription status moves to Past Due. While in this state, audits will not be processed. No credits are allocated until the outstanding invoice is settled.
4.6 Provider Failures & Retries
If an LLM provider is temporarily unavailable, PRGuard will automatically retry the audit up to 3 times (4 total attempts), with an exponential backoff between attempts capped at 8 minutes per retry. On each retry attempt, PRGuard posts a pending status to the GitHub pull request or commit so your team can see that the audit is queued and in progress, not silently failing. During an outage, PRGuard may also fail over to another supported LLM provider (see the providers listed in our Privacy Policy) to complete the audit rather than wait for the unavailable one to recover. Where this happens, each completed call is billed at the serving provider's own published per-token rate, on the same basis as a model substitution under §7.4. As described in §4.2, credits are charged per successful LLM call; a call that exhausts all retries without any response is not charged, and charges for earlier successful calls in the same run are not automatically reversed.
4.7 Auto-Fix & Remediation
PRGuard offers an optional auto-fix (remediation) capability. When a member of your organisation requests it, PRGuard uses an LLM to generate suggested code corrections for audit findings and applies them in the way the requester chooses: either by opening a pull request with the proposed changes (the default), or by committing them directly to the repository's default branch. Remediation is user-initiated and is not part of the automatic audit pipeline described above.
A single remediation job can make multiple LLM calls (one or more per finding). Credits are debited for these calls on the same metered, per-token basis as audits. For clarity, the calls in one remediation job are consolidated into a single charge on your billing history — attributed to the member who initiated it — rather than itemised individually. Remediation charges draw on the same balance as audits (plan credits first, then top-up credits) and are subject to the non-refundability terms in §4.4. A remediation job will not start unless your organisation has an active subscription and available credits. Because the charge is metered against actual token usage, the LLM calls a remediation makes are billed when they complete — on the same per-call basis as audits (see §4.2) — whether or not the job results in a committed fix (a pull request or a direct commit). A job may make more than one attempt, including an optional escalation to a stronger model where you have configured one; all completed calls are charged, even if the job ultimately applies no fix (for example, because the proposed change would not improve the audit result).
5. Context Files & Intellectual Property
5.1 Your Content
Context Files — the Markdown documents you author in Context Studio — are and remain your intellectual property. PRGuard does not claim any ownership of your Context Files, governance rules, or any other content you provide.
5.2 Limited Processing Licence
By creating Context Files, you grant PRGuard a non-exclusive, revocable licence to process those files solely for the purpose of constructing audit prompts and performing code governance audits on your behalf. We will not use your Context Files for any other purpose, including training models, marketing, or sharing with other customers.
5.3 Code & Diffs
PRGuard processes pull request diffs and commit data fetched from GitHub in real time. This data is held in memory for the duration of the audit and is not persisted to any database or file system. Only metadata (file count, verdict, findings, truncation status) is stored in the audit log.
6. Acceptable Use
You agree not to use PRGuard to:
- Audit, process, or submit code that is intentionally malicious, including malware, ransomware, exploit code, or denial-of-service tools.
- Reverse-engineer, extract, or reconstruct the models, prompts, or security mechanisms underlying the Service.
- Attempt prompt injection, jailbreaking, or any technique designed to manipulate, bypass, or extract the system prompt or any security controls embedded in audit requests.
- Use the audit engine to generate, refine, or validate offensive security payloads.
- Circumvent seat limits, credit caps, or billing controls through automated account creation, API manipulation, or any other means.
- Resell, sublicence, or redistribute audit results or access to the Service without our prior written consent.
- Transmit content that violates any applicable law, regulation, or third-party right.
We reserve the right to suspend or terminate any account that violates these terms, with or without notice.
7. AI Accuracy & Decision Support
7.1 No Warranty on AI Output
PRGuard uses large language models to analyse code. LLMs are probabilistic systems. While we design our prompts and pipelines to maximise accuracy, we do not and cannot guarantee that every finding, verdict, or score produced by PRGuard is correct, complete, or free from error.
7.2 Decision Support Tool
PRGuard is a decision support tool, not an autonomous decision maker. The final responsibility for merging, rejecting, or modifying code rests entirely with you and your engineering team. A "Pass" verdict from PRGuard does not constitute a certification that code is free of bugs, security vulnerabilities, or compliance violations.
7.3 Human Oversight
You acknowledge that PRGuard findings should be reviewed by qualified personnel before acting on them. We strongly recommend that PRGuard be used alongside — not as a replacement for — human code review, security audits, and testing processes.
7.4 Model Availability & Substitution
PRGuard relies on third-party LLM providers, and the specific models they make available change over time. When a model your organisation has selected is retired or deprecated by its provider, we will automatically switch your organisation to the closest available supported model — wherever possible from the same provider — so that your audits continue without interruption. Where that provider has no equivalent model remaining, the affected integration is paused until an organisation owner selects a replacement, and audits will not run in the meantime.
We will notify your organisation's owners and admins — by email and in-app — whenever such a substitution or pause occurs. Because different models are probabilistic systems with differing behaviour, audit findings, verdicts, and scores may differ after a model change (see §7.1). Billing for a substituted model continues on the same metered, per-token basis described in §4 — calculated at the substituted model's own published per-token rate, not that of the retired model — and you may review or change your selected model at any time from your organisation's AI model settings.
8. Limitation of Liability
8.1 Service Limitations
To the maximum extent permitted by applicable law, Unifi Software Development Ltd, its directors, employees, and affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from or related to your use of the Service, including but not limited to:
- Code regressions, bugs, or defects in code that received a "Pass" verdict.
- Security vulnerabilities, data breaches, or compliance failures in code that was audited by PRGuard.
- Production outages, data loss, or service disruptions caused by code that passed a PRGuard audit.
- Financial losses arising from incorrect, incomplete, or misleading audit findings.
- Costs or losses arising from changes that PRGuard skipped, did not audit, or screened differently than you expected.
8.2 Aggregate Cap
Our total aggregate liability for any claims arising under these Terms shall not exceed the amount you paid to PRGuard in the twelve (12) months immediately preceding the event giving rise to the claim.
8.3 Essential Basis
You acknowledge that the limitations of liability in this section reflect a reasonable allocation of risk and are an essential basis of the bargain between you and Unifi Software Development Ltd.
9. Service Availability
We aim to provide high availability but do not guarantee uninterrupted access. The Service depends on third-party infrastructure including GitHub, Stripe, and LLM providers. Downtime caused by these third parties, scheduled maintenance, or force majeure events is not a breach of these Terms.
10. Termination
10.1 By You
You may cancel your subscription at any time, either at the end of your current billing period or immediately. If you cancel at period end, your subscription remains active until then, and your remaining plan and top-up credits can be used as normal during that time. Once a subscription is cancelled — at period end, or straight away if you cancel immediately — no further plan credits are allocated and your organisation can no longer run audits or remediations, so any unused credits, whether plan or top-up, can no longer be spent. Unused credits are non-refundable (see §4.4).
10.2 By Us
We may suspend or terminate your access immediately if you breach these Terms, fail to pay, or engage in activity that threatens the integrity or security of the Service. We will make reasonable efforts to notify you before or promptly after termination.
10.3 Effect of Termination
Upon termination, your organisation's repositories will no longer be audited. Audit logs and billing records are retained in accordance with our Privacy Policy. Context Files are deleted when the organisation is deleted.
11. Indemnification
You agree to indemnify and hold harmless Unifi Software Development Ltd from any claims, damages, losses, or expenses (including reasonable legal fees) arising from: (a) your use of the Service, (b) your violation of these Terms, (c) your Context Files or any content you submit, or (d) your violation of any third-party rights.
12. Changes to These Terms
We may update these Terms from time to time. Material changes will be communicated via email to the organisation Owner's registered address at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Terms.
13. Governing Law
These Terms are governed by and construed in accordance with the laws of England and Wales. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales.
14. Contact
If you have any questions about these Terms, please contact us at legal@prguard.dev.