Terms of Service

Last updated: May 10, 2026

These Terms of Service (the “Terms”) govern your access to and use of the Evil Merge Detector hosted service available at evilmerge.dev, the GitHub App listed at github.com/apps/evil-merge-detector, and the related dashboard, badges, and APIs (together, the “Service”). By installing the GitHub App or using the Service in any way, you agree to these Terms. If you do not agree, do not install the App and do not use the Service.

1. Provider

The Service is operated by Fimskiy (the “Provider”, “we”, “us”). For any legal or contractual matter, contact [email protected].

2. The Service

The Service scans pull requests in repositories where the GitHub App has been installed and reports merge commits whose content cannot be reproduced by a clean three-way merge of the parent commits (“evil merges”). Findings are posted as GitHub Check Runs on the pull request and, on paid plans, retained in a scan history dashboard.

The Service is provided as-is. We do not guarantee that every evil merge will be detected, that every reported finding represents a real attack, or that the Service will be uninterrupted or error-free.

The detection engine is also distributed as an open-source CLI and GitHub Action under the MIT license. Use of those distributions is governed by the MIT license, not these Terms.

3. Eligibility and Account

You must be at least 16 years old and have authority to bind the GitHub user or organization on whose behalf you install the App. You authenticate to the dashboard through GitHub OAuth; we do not store GitHub passwords. You are responsible for the actions taken under your GitHub identity while using the Service.

4. Plans, Fees, and Billing

Subscriptions renew automatically until cancelled. You may cancel at any time from GitHub Marketplace (or, where applicable, the Stripe customer portal); cancellation takes effect at the end of the current billing period and you retain access until that date. Fees already paid are non-refundable except where required by applicable law (in particular, mandatory consumer-protection rights under EU law are not affected by these Terms).

Prices may change. We will give you reasonable advance notice (at least 30 days) before any price increase takes effect on your subscription, and you may cancel before the change applies.

5. Acceptable Use

You agree not to:

We may suspend or terminate access immediately if we reasonably believe you are violating this section.

6. Your Content and Permissions

The Service requires read access to your repository code, pull requests, and metadata, and write access to GitHub Check Runs in order to post findings. We process this content only to operate the Service: scanning merge commits, generating check output, and (on Pro) storing scan results in the dashboard. We do not use your code to train any machine-learning model and we do not share it with third parties except as described in our Privacy Policy.

You retain all rights to your code and metadata. You grant us a limited, non-exclusive licence to access and process them solely as needed to provide the Service.

7. Privacy

Our collection and use of personal data is described in the Privacy Policy, which forms part of these Terms.

8. Intellectual Property

The hosted Service, the dashboard, the website, the brand, and all related materials are owned by the Provider and protected by applicable intellectual-property laws. Subject to these Terms, we grant you a limited, non-exclusive, non-transferable right to use the Service for its intended purpose. The open-source CLI and GitHub Action remain available under the MIT licence at github.com/fimskiy/Evil-merge-detector.

9. Disclaimer of Warranties

To the maximum extent permitted by law, the Service is provided “as is” and “as available” without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the Service will detect every malicious merge, that findings will be free of false positives, or that scanning results are sufficient on their own to secure your supply chain.

10. Limitation of Liability

To the maximum extent permitted by law, the Provider’s aggregate liability arising out of or related to these Terms or the Service is limited to the greater of (a) the fees you paid for the Service in the twelve (12) months preceding the event giving rise to the claim, or (b) USD 100. We are not liable for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, data, or goodwill, even if advised of the possibility of such damages. Nothing in these Terms limits liability that cannot be limited under applicable law (such as liability for gross negligence, wilful misconduct, or rights of consumers under EU law).

11. Termination

You may stop using the Service at any time by uninstalling the GitHub App and, where applicable, cancelling your paid subscription. We may suspend or terminate your access if you breach these Terms or if continued provision of the Service to you would expose us to legal or security risk. On termination, sections that by their nature should survive (in particular sections 8–10) will survive.

12. Changes to These Terms

We may update these Terms from time to time. The “Last updated” date at the top of this page reflects the latest revision. For material changes affecting paid users we will give reasonable advance notice (e.g. by email or in-product notice). Continued use of the Service after changes take effect constitutes acceptance of the revised Terms.

13. Governing Law

These Terms are governed by the laws of the Republic of Poland, without regard to its conflict-of-laws rules. Any dispute arising out of or in connection with these Terms will be submitted to the exclusive jurisdiction of the competent courts in Poland, except that where you act as a consumer the mandatory consumer-protection rules of your country of residence apply.

14. Contact

Questions about these Terms can be sent to [email protected].