Dosanjh Labs  /  Legal  /  Disclaimer

Disclaimer — Not Professional Advice

Last updated June 13, 2026

1. Our Products Are Tools, Not Advisors

Dosanjh Labs builds software that organizes information, generates working documents, and reports posture across security and compliance frameworks. The software automates and assists your work; it does not replace the professional judgment of a licensed attorney, a certified auditor or assessor (such as a C3PAO), a physician or other clinician, a CPA, an insurance broker, or any other licensed professional.

No professional relationship is created. Using our products does not create an attorney–client, physician–patient, fiduciary, advisory, accountant–client, or other professional relationship between you and Dosanjh Labs or Jasvant Dosanjh. We are a software vendor, not your lawyer, auditor, or compliance officer.

2. Specifically: Not Legal Advice

Our products and their outputs — including policy text, procedures, contractual clauses, Business Associate Agreement (BAA) references, breach-notification letters, regulator and timeline guidance, and statements about what a law or framework requires — are informational templates and general information only. They are not legal advice and are not a substitute for advice from an attorney licensed in your jurisdiction. Laws change, and how a law applies depends on your specific facts. Have a licensed attorney review any document or determination before you send, sign, publish, or rely on it.

3. Specifically: Not Medical or HIPAA-Compliance Legal Advice

Ward helps you run a HIPAA Security Risk Assessment (SRA), maintain a risk register, manage policies, BAAs, and training records, and generate a Security Rule readiness gap report. These outputs are an aid to your own compliance program — they are not clinical or medical advice, not a legal determination of HIPAA compliance, and not a guarantee that you will pass an OCR audit or any regulatory review. The SRA, gap report, and any readiness meter or score are starting points you must verify with your own privacy/security officer and a licensed attorney who advises on HIPAA. Dosanjh Labs is not your HIPAA covered entity, business associate, or compliance advisor.

4. Specifically: Not Breach-Notification or Incident Legal Advice

Klaxon provides incident-response and breach-notification playbooks, templates, and jurisdiction-aware timelines (including HIPAA and state breach-notification rules). A real breach is a time-sensitive legal event. Klaxon's playbooks, draft notification letters, contact registries, and timers are informational starting points only. They are not legal advice, do not establish your actual notification obligations, and must not be sent to regulators, affected individuals, the media, or anyone else without review and approval by a licensed attorney (typically breach-counsel) who confirms the applicable deadlines and content for your specific incident and jurisdictions.

5. Specifically: Not an Audit, Assessment, Certification, or Attestation

• Bastion is a CMMC / NIST SP 800-171 self-assessment preparation aid. The SPRS score it calculates, and the SSP and POA&M it generates, are working documents you prepare — not an official CMMC certification, not a C3PAO assessment, and not an attestation to the DoD or any party. Your actual score and certification status are determined by you and the official assessment process.
• Sightline reports your posture across 22+ frameworks. Its readiness meters are informational — not an audit, not an attestation, and not a guarantee of compliance with any framework, law, or contract.
• Charter generates security policies and procedures from templates. Generated policies are drafts that must be reviewed, customized, and approved by your own management and counsel before adoption. Framework "mappings" are aids to organization, not a legal opinion that you satisfy any control.
• Covenant tracks vendor/third-party risk and BAAs. Its risk scores and expiry trackers are management aids, not legal opinions on the adequacy of any agreement or vendor.
• Perimeter scans your external attack surface; Watchword runs phishing simulations and training; Passage automates IT lifecycle tasks; Lookout monitors server health; Cairn reconciles device inventory. None of these guarantees that every vulnerability, threat, change, outage, asset, or risk will be discovered, prevented, or correctly classified.

6. No Guarantee of Compliance or Outcome

Dosanjh Labs does not warrant or guarantee that use of any product will make you compliant with, or certified under, HIPAA, CMMC, NIST SP 800-171, SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, any state breach-notification law, or any other law, regulation, framework, standard, or contractual requirement, or that you will pass any audit, assessment, examination, or enforcement review, or avoid any fine, penalty, breach, or claim.

7. AI-Generated and Automated Output

Some products generate text or analysis using AI (including, where offered, your own bring-your-own-key AI configured client-side). AI and automated output can be incomplete, outdated, or wrong. Treat all generated documents, scores, mappings, and recommendations as drafts requiring human review by a qualified professional. You are responsible for everything you adopt, send, sign, or publish.

8. Your Responsibility

You are solely responsible for the configuration, accuracy of inputs, interpretation, and use of every product and its outputs, and for all decisions you make. Before relying on any output, verify it with your own licensed attorney, qualified assessor, or other appropriate professional.

9. Relationship to the Terms

This Disclaimer is part of, and incorporated into, our Terms of Service, including its disclaimer of warranties and limitation of liability. In case of conflict regarding the nature of the products as informational tools, this Disclaimer and the Terms control together.

10. Contact

Questions? Reach us through our contact form — our sole support, legal, and privacy contact channel.