Dosanjh Labs  /  Legal  /  Terms of Service

Terms of Service

Last updated June 12, 2026

1. Acceptance & Eligibility

These Terms of Service ("Terms") are a binding agreement between you ("you," "Customer," or "your organization") and Dosanjh Labs, a sole proprietorship operated by Jasvant Dosanjh and based in Washington State, USA ("Dosanjh Labs," "we," "us," or "our"). By creating an account, completing checkout, or using any product or service we offer (the "Service"), you agree to these Terms and to our Privacy Policy and Refund & Cancellation Policy, each incorporated by reference.

You represent that you are at least 18 years old and that, if you are using the Service on behalf of a company, agency, or other organization, you have the authority to bind that organization to these Terms. If you do not agree, do not use the Service.

2. Description of the Service — Tools, Not Guarantees

Dosanjh Labs offers a suite of subscription software products. Each is a tool and aid that supports your own security, compliance, and IT work. It is your responsibility to interpret and act on what the tools tell you. In particular:

• Sightline connects to tools you already operate and reports your posture across security and compliance frameworks. Its outputs are informational only — they are not legal advice, not an audit, not an attestation, and not a guarantee that you are or will become compliant with any framework, law, or contractual requirement.
• Bastion is a self-assessment preparation aid for CMMC / NIST SP 800-171. It helps you organize your assessment and generate working documents (such as an SSP and POA&M). It is not an official CMMC certification, not a C3PAO assessment, and not an attestation to the DoD or any other party. Your SPRS score and certification status are determined by you and the official assessment process, not by Bastion. Controlled Unclassified Information ("CUI") you enter into Bastion is handled locally in your own browser and does not reach Dosanjh Labs.
• Lookout runs outbound-only agents that report server health metrics. It is a monitoring aid; it does not guarantee that issues will be detected, that alerts will be delivered, or that downtime will be prevented.
• Cairn is free and open-source software licensed under AGPL-3.0 and runs in your own environment (see Section 8).

We may add, change, or discontinue products and features. Future products (including Ward, which is planned to involve Protected Health Information) are described as roadmap items and are not part of the Service until launched and separately offered.

3. Accounts & Security

Accounts are passwordless and managed through our authentication provider (Clerk) using magic-link sign-in, passkeys, multi-factor authentication, and/or single sign-on (SSO). We collect your email address at checkout to provision your account.

You are responsible for:

• maintaining control of the email accounts, passkeys, devices, and identity providers (including any SSO or Okta connection) used to access the Service;
• all activity that occurs under your account; and
• promptly notifying us through the contact form if you believe your account has been compromised.

We are not responsible for losses arising from your failure to safeguard your access methods or from misconfiguration of your own identity provider or SSO.

4. Acceptable Use

You agree not to, and not to permit anyone to:

• use the Service in violation of any applicable law, regulation, or third-party right;
• reverse engineer, decompile, or attempt to derive source code of any non-open-source product, or circumvent usage limits, license terms, or security controls;
• resell, sublicense, or provide the Service to third parties except as expressly permitted;
• upload malware, attempt to gain unauthorized access, probe or disrupt the Service or its infrastructure, or interfere with other customers;
• use the Service to store or transmit unlawful, infringing, or harmful content; or
• misrepresent the outputs of any tool (for example, presenting a Bastion self-assessment as an official certification).

We may suspend or terminate access for violations of this Section, with or without notice, to protect the Service or other customers.

5. Subscriptions, Billing, Auto-Renewal & Taxes

• Pricing & currency. Fees are in U.S. Dollars (USD) and are charged through our payment processor, Stripe. Stripe stores and processes your card data; we do not store full card numbers.
• Billing terms. You may choose monthly or annual billing. Annual plans receive a 15% discount versus twelve monthly payments. When 3 or more paid products are in your subscription, an additional 5% suite discount applies. Per-server products (Lookout) are billed by the number of servers you monitor.
• Auto-renewal. Subscriptions automatically renew at the end of each billing period (monthly or annual) at the then-current rate, using your payment method on file, until you cancel. By subscribing, you authorize these recurring charges.
• Price changes. We may change prices; changes apply on your next renewal after reasonable notice (for annual plans, before the renewal date).
• Taxes. Fees are exclusive of taxes. You are responsible for any sales, use, VAT, or similar taxes, which may be calculated and collected at checkout.
• Cancellation. You may cancel at any time through the contact form. See Section 6 and the Refund & Cancellation Policy.

6. Refunds & Cancellation

Our refund terms are set out in full in the Refund & Cancellation Policy and summarized here:

• Monthly plans are non-refundable.
• Annual plans include a 30-day money-back window from the date of the charge; after 30 days they are non-refundable.
• You may cancel anytime, and your access continues until the end of the period you have already paid for. We do not pro-rate or refund partial periods except as required by law or as expressly stated in the Refund Policy.
• Free / open-source products (Cairn) involve no charge and are excluded from refunds.

7. Intellectual Property & License Grant

Except for open-source components, the Service, software, documentation, trademarks, and all related intellectual property are owned by Dosanjh Labs or its licensors. Subject to these Terms and your payment of fees, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the paid Service for your organization's internal business purposes during your subscription. You retain ownership of your own data.

Cairn is licensed separately under the GNU Affero General Public License, version 3.0 (AGPL-3.0). Your use of Cairn is governed by that license, not by the proprietary license in this Section. Nothing in these Terms limits any rights granted to you under AGPL-3.0 for Cairn.

We may use aggregated, de-identified data (which does not identify you, your organization, or any individual) to operate and improve the Service.

8. Third-Party Services

The Service relies on third-party providers, including Stripe (payments), Clerk (authentication), Cloudflare (hosting and delivery), and Resend (transactional email). Sightline and other products may also connect to tools you operate (identity, device, cloud, ticketing, and similar systems). Your use of those third-party services is governed by their own terms and policies. We are not responsible for third-party services, and you are responsible for your own connected tools and the credentials you provide to connect them.

9. Disclaimer of Warranties

The Service is provided "as is" and "as available," with all faults and without warranties of any kind. To the maximum extent permitted by law, Dosanjh Labs disclaims all warranties, whether express, implied, statutory, or otherwise, including any implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement, and any warranties arising from course of dealing or usage of trade.

Dosanjh Labs does not warrant that the Service will be uninterrupted, secure, error-free, or free of harmful components, that any data will be accurate or preserved, or that the Service will detect every issue or result in compliance with, or certification under, any framework, law, contract, or standard. You assume full responsibility for your use of the Service and any decisions made based on its outputs. Some jurisdictions do not allow certain warranty exclusions, so some of the above may not apply to you.

10. Limitation of Liability

To the maximum extent permitted by law, in no event will Dosanjh Labs be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, data, goodwill, or business, arising out of or relating to the Service or these Terms, even if advised of the possibility of such damages and even if a remedy fails of its essential purpose.

Dosanjh Labs' total aggregate liability arising out of or relating to the Service or these Terms will not exceed the total fees you actually paid to Dosanjh Labs in the twelve (12) months immediately preceding the event giving rise to the claim.

Nothing in these Terms limits or excludes any liability that cannot be limited or excluded under applicable Washington State law, including liability for fraud, gross negligence, or willful misconduct.

11. Indemnification

You agree to defend, indemnify, and hold harmless Dosanjh Labs and Jasvant Dosanjh from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) your use or misuse of the Service; (b) your data and any content you submit, including any CUI, PHI, or other regulated data; (c) your violation of these Terms, any law, or any third-party right; and (d) your connected tools and identity providers.

12. Regulated Data (CUI, PHI & Similar)

• You are the controller / covered entity. For any regulated data you process using the Service, you remain the data controller and, where applicable, the covered entity or business associate. You are responsible for ensuring your use of the Service is lawful for that data.
• CUI stays local in Bastion. Bastion is designed so that CUI you enter is processed locally in your browser and is not transmitted to or stored by Dosanjh Labs.
• No BAA implied. Dosanjh Labs is not a HIPAA covered entity or business associate, and no Business Associate Agreement ("BAA") is created by these Terms or by your use of the Service. You must not submit PHI to any product unless a separate, signed BAA is in place. PHI-oriented products (such as the planned Ward) are not yet available and will require a separate signed BAA before any PHI is processed.

13. Binding Arbitration; Class-Action & Jury-Trial Waiver

Please read this section carefully — it affects your legal rights.

• Binding arbitration. Except as provided below, any dispute, claim, or controversy arising out of or relating to the Service or these Terms will be resolved by final and binding arbitration, rather than in court, administered by a recognized arbitration provider under its commercial rules. The arbitration will be seated in Washington State, and judgment on the award may be entered in any court of competent jurisdiction.
• Class-action waiver. All claims must be brought in your individual capacity, and not as a plaintiff or class member in any purported class, collective, consolidated, or representative proceeding.
• Jury-trial waiver. To the extent any dispute proceeds in court rather than arbitration, you and Dosanjh Labs each waive any right to a jury trial.
• 30-day opt-out. You may opt out of this arbitration agreement by notifying us through the contact form within 30 days of first accepting these Terms, stating your name and intent to opt out. If you opt out, the arbitration/class-waiver provisions do not apply to you, but the remainder of these Terms (including the governing-law and venue provisions) still do.
• Small-claims carve-out. Either party may bring an individual claim in small-claims court if it qualifies. Claims for injunctive relief to protect intellectual property may also be brought in court.

14. Governing Law & Venue

These Terms are governed by the laws of the State of Washington, USA, without regard to its conflict-of-laws rules. Subject to the arbitration provision above, you and Dosanjh Labs agree to the exclusive jurisdiction and venue of the state and federal courts located in Washington State for any matter not subject to arbitration.

15. Changes to the Terms or Service

We may update these Terms from time to time. When we do, we will update the "Last updated" date above and, for material changes, take reasonable steps to notify you. Your continued use of the Service after changes take effect constitutes acceptance. We may also modify, suspend, or discontinue any part of the Service.

16. Termination

You may stop using the Service and cancel at any time. We may suspend or terminate your access if you breach these Terms, fail to pay, or use the Service in a way that risks harm to us or others. On termination, your license ends and the survival provisions below continue to apply.

17. Force Majeure

We are not liable for any failure or delay caused by events beyond our reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, labor disputes, internet or utility failures, third-party service outages, or government action.

18. Severability

If any provision of these Terms is held unenforceable, that provision will be limited or removed to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

19. Entire Agreement & Survival

These Terms, together with the Privacy Policy and Refund & Cancellation Policy, are the entire agreement between you and Dosanjh Labs regarding the Service and supersede any prior agreements. The provisions that by their nature should survive termination — including Sections 7, 9, 10, 11, 12, 13, 14, 18, and 19 — survive.

20. Contact

Questions about these Terms? Reach us through our contact form — our sole support, legal, and privacy contact channel.