Export and Encryption Compliance
Last updated: March 21, 2026
1. Introduction
Section titled “1. Introduction”This document describes the encryption and export compliance status of the PR macOS application (“Application”) with respect to U.S. Export Administration Regulations (EAR), Japan’s Foreign Exchange and Foreign Trade Act, and Apple’s App Store export compliance requirements.
The Application is developed and published by Instoll Inc., a company registered in Japan.
2. Encryption Usage
Section titled “2. Encryption Usage”2.1 Encryption in the Application
Section titled “2.1 Encryption in the Application”The Application uses the following cryptographic functionality:
| Component | Library | Algorithm | Purpose |
|---|---|---|---|
| Session ID generation | Apple CommonCrypto | SHA-1 | Generating deterministic UUID v5 identifiers for internal session tracking |
| Network communication | Apple Security framework (via URLSession) | TLS 1.2/1.3 | HTTPS connections to GitHub API via gh CLI |
2.2 Encryption the Application Does Not Implement
Section titled “2.2 Encryption the Application Does Not Implement”The Application does not:
- Implement custom encryption algorithms
- Encrypt local data at rest (relies on macOS FileVault and system-level protections)
- Provide encryption as a feature to users
- Store or manage encryption keys
- Implement end-to-end encryption
- Use encryption for authentication (delegates to preinstalled CLIs:
gh, Claude, Gemini, Codex)
3. U.S. Export Administration Regulations (EAR)
Section titled “3. U.S. Export Administration Regulations (EAR)”3.1 Classification
Section titled “3.1 Classification”The Application uses only standard encryption provided by the operating system (Apple’s CommonCrypto and Security frameworks) for:
- HTTPS communication — standard TLS via Apple’s URLSession, which is an operating system component exempt under EAR Section 740.13(e)
- Hashing — SHA-1 via CommonCrypto for non-cryptographic purposes (UUID generation), which is not controlled under EAR as it is not used for confidentiality
The Application qualifies for the EAR encryption exemption as it uses only standard, publicly available encryption incorporated into the operating system and does not modify or enhance the encryption functionality.
3.2 Export Control Classification Number (ECCN)
Section titled “3.2 Export Control Classification Number (ECCN)”Based on the encryption usage described above, the Application is classified as EAR99 (not elsewhere classified) or falls under the mass market encryption exemption (License Exception ENC, Section 740.17), as it uses only operating system-provided encryption for standard network communication.
3.3 BIS Notification
Section titled “3.3 BIS Notification”If distributing outside the Apple App Store, an annual self-classification report to the U.S. Bureau of Industry and Security (BIS) may be filed as applicable. The Application’s use of encryption is limited to standard HTTPS and does not trigger additional licensing requirements.
4. Japan Export Controls
Section titled “4. Japan Export Controls”Under Japan’s Foreign Exchange and Foreign Trade Act, the Application’s use of standard operating system encryption for HTTPS communication does not constitute a controlled cryptographic product. No export license is required from Japan’s Ministry of Economy, Trade and Industry (METI) for the distribution of the Application.
5. Apple App Store Compliance
Section titled “5. Apple App Store Compliance”5.1 ITSAppUsesNonExemptEncryption
Section titled “5.1 ITSAppUsesNonExemptEncryption”The Application is distributed outside the Apple App Store. If the Application is submitted to the App Store in the future, the ITSAppUsesNonExemptEncryption key in Info.plist should be set to NO, as the Application uses only exempt encryption (operating system-provided HTTPS and hashing).
5.2 Export Compliance Documentation
Section titled “5.2 Export Compliance Documentation”No additional export compliance documentation is required for Apple’s review process based on the Application’s current encryption usage.
6. Sanctioned Countries and Regions
Section titled “6. Sanctioned Countries and Regions”The Application must not be used in countries or regions subject to comprehensive sanctions by the United States, Japan, or the European Union. Users are responsible for ensuring their use of the Application complies with all applicable sanctions and export control laws.
7. Changes to Encryption Usage
Section titled “7. Changes to Encryption Usage”If future versions of the Application introduce additional encryption functionality beyond operating system-provided HTTPS and hashing, this document will be updated accordingly, and any required regulatory filings will be made.
8. Contact
Section titled “8. Contact”For questions about export or encryption compliance, please visit https://instoll.com.