Terms of Service

Effective April 5, 2026
Section 00

Acceptance of Terms

By creating an account, accessing the dashboard, using the API, CLI, or SDK, or otherwise using any part of the SikkerKey service (“Service”), you agree to be bound by these Terms of Service (“Terms”). If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.

If you do not agree to these Terms, do not use the Service.

Section 01

Definitions

Throughout these Terms, the following definitions apply:

  • “Service” refers to the SikkerKey platform, including the website at sikkerkey.com, the dashboard, all associated APIs, the CLI, SDKs, and documentation.
  • “Vault” refers to a user’s isolated environment containing projects, secrets, machines, organization members, and audit history.
  • “Secret” refers to any encrypted value stored within a project, including both single-value and structured (multi-field) secrets.
  • “Machine” refers to a registered device, server, or application instance that authenticates via Ed25519 cryptographic signatures to access secrets programmatically.
  • “Project” refers to a named grouping of secrets within a vault. Each project has its own randomly generated master encryption key and independent encryption.
  • “Organization Member” refers to a user who has been invited to and accepted membership in another user’s vault, subject to the capabilities and per-project access granted to them. Organization membership is available on subscription plans that include the Organizations feature.
  • “Personal Data” has the meaning given in Regulation (EU) 2016/679 (General Data Protection Regulation).
Section 02

Accounts & Eligibility

You must be at least 18 years of age or the age of legal majority in your jurisdiction to create an account. By registering, you represent that you meet this requirement and that all information provided during registration is accurate and complete.

You are solely responsible for maintaining the confidentiality and security of your account credentials, including your password and machine private keys. You must not share these credentials with third parties. You are liable for all activity that occurs under your account.

SikkerKey is not liable for unauthorized access to your vault resulting from compromised credentials under your control. This includes, but is not limited to, compromised passwords and exposed machine private keys.

If you use the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms. The organization assumes responsibility for all accounts and machines operating under its vault.

Section 03

Encryption Policy

All secrets are encrypted at rest using AES-256-GCM envelope encryption with three layers. Each secret has its own randomly generated data key. The data key is encrypted (wrapped) by a per-project master key. The master key is in turn encrypted by a root key. After use, key material is cleared from memory.

Each project has an independently generated 256-bit master key. Compromising one project’s encryption has no effect on other projects, even within the same vault.

The root key that protects all project master keys is held on separate, isolated infrastructure, never written to disk, never stored in environment variables, and never logged. A full database dump yields only encrypted blobs that cannot be decrypted without the root key.

SikkerKey cannot decrypt your secrets from a database backup alone. There is no mechanism for SikkerKey staff to access your encrypted data outside of a valid, authenticated request processed by a running server.

Section 04

Machine Authentication

Machines authenticate to SikkerKey using Ed25519 cryptographic signatures on every request. There are no tokens, API keys, sessions, or persistent credentials. Each request includes the machine’s ID, a timestamp, a nonce, and a signature computed from the request method, path, timestamp, nonce, and body hash.

The Ed25519 private key is generated on the machine during bootstrap and never leaves the machine. Only the public key is transmitted to SikkerKey during registration. SikkerKey has no access to machine private keys.

Replay protection is enforced via a timestamp window (±5 minutes) and nonce uniqueness tracking persisted in the database. Nonces survive server restarts.

Newly registered machines start in an unapproved state and cannot authenticate until explicitly approved by the vault owner from the dashboard. Machines can be disabled at any time, immediately revoking their ability to authenticate.

You are responsible for securing your machine private keys. If a private key is compromised, you should immediately disable the affected machine from the dashboard. SikkerKey is not liable for unauthorized access resulting from compromised machine credentials.

Section 05

Access Control & Organization Permissions

For a machine to read a secret, five independent conditions must be satisfied simultaneously: valid Ed25519 signature, machine approved and enabled, vault owner account active, machine added to the project, and explicit grant to the specific secret. There are no wildcards, no inheritance, and no implicit grants.

On plans that include the Organizations feature, the vault owner may invite organization members to the vault. Each member is assigned a capability template that determines their permissions, together with access to specific projects (or all projects, if granted). Machine permissions (view, add, remove, configure) are granular and must be explicitly granted per project.

When a vault owner’s account is suspended, all access to that vault is immediately blocked, including access by organization members and their machines. Organization members are not informed of the suspension reason.

Section 06

Data Ownership & Processing

You retain full ownership of all data you store in the Service. SikkerKey does not access, read, inspect, sell, share, or use your encrypted secrets for any purpose other than providing the Service.

SikkerKey is not a zero-knowledge system. During request processing, SikkerKey holds the project master key, the data key, and the plaintext secret in memory, then clears them once the request completes. The root key that protects the project master keys is never present on this infrastructure; it is held on separate, isolated infrastructure. The security model protects against compromise of the database, disk, backups, and logs. It does not protect against compromise of the running server process while it is handling a request.

Section 07

Data Collection & Privacy

By using the Service, you acknowledge that SikkerKey collects and processes the following data:

  • Registration information — email address, username, hashed password (Argon2id), and the IP address used during registration.
  • Session data — IP addresses, User-Agent strings, and geolocation (country and city, resolved from a locally-hosted dataset) for each active session.
  • Login history — IP address, geolocation, success or failure, and failure reason for every login attempt.
  • Machine metadata — machine name, Ed25519 public key, registration IP, last-seen IP and timestamp.
  • Audit logs — every action performed in your vault is logged with user or machine ID, action type, severity, source IP, detail text, and timestamp.
  • OAuth data — if you link a GitHub account, we store your GitHub user ID, email, display name, and avatar URL.
  • Support tickets — ticket content, messages, and file attachments (encrypted at rest).

Data is processed under the lawful basis of performance of contract (Article 6(1)(b) GDPR) for account registration and provision of the Service, and legitimate interest (Article 6(1)(f) GDPR) for security monitoring, abuse prevention, and service improvement.

SikkerKey complies with the General Data Protection Regulation (GDPR) and applicable Danish data protection law. Payment processing is handled by Stripe; no payment card data is stored on SikkerKey systems.

You may exercise your rights under GDPR (access, rectification, erasure, portability, objection) by contacting us at the address provided in the Contact section.

Section 08

Data Retention

Data retention periods vary by category:

  • Account data — retained for the lifetime of the account and deleted upon account deletion.
  • Audit logs — retained for a period that depends on your subscription plan, pruned automatically on an hourly schedule. Higher-severity security events are retained longer.
  • Deleted secrets — soft-deleted secrets remain in trash for 30 days, after which they are permanently and irreversibly deleted. This process is logged.
  • Sessions — expire after 24 hours, or 30 days if “remember me” is enabled. Expired sessions are cleaned up automatically.
  • Verification and reset tokens — email verification codes expire after 10 minutes. Password reset tokens expire after 1 hour. Both are single-use.
  • Replay protection nonces — expired nonces (older than 6 minutes) are pruned every 60 seconds.
  • Login event history — retained for the lifetime of the account.

Upon account deletion, all personal data, encrypted secrets, projects, machine registrations, organization memberships, and audit history are permanently deleted within 30 days, subject to legal obligations requiring continued retention.

Section 09

Subscriptions & Billing

Paid plans are billed in advance on a monthly or annual basis via Stripe. All fees are non-refundable except where required by applicable law.

Pricing changes will be communicated with at least 30 days’ notice via email or dashboard notification. Price changes do not apply retroactively to the current billing period.

Some dimensions vary by subscription tier: the number of machines included, the Organizations feature and the number of organization members, audit log retention, webhook delivery limits, and features such as SSO. New machines and organization members are limited at creation, and additional machines are available as a per-machine add-on. When you downgrade to a plan with a lower machine allowance, machines that exceed the new limit are disabled (they are not deleted). Before the downgrade takes effect, you may choose which machines remain enabled, up to the new limit; any you do not choose are disabled, starting with the most recently added. You can re-enable a disabled machine at any time, within your current limit.

If a payment fails, we begin a notice period of at least seven days, during which we send escalating email reminders while your account continues to function normally. You may resolve the payment at any point during this period to stop the process, and you may open a billing support ticket to request an extension of the deadline. If the payment remains unresolved when the period ends, your account is moved to the Free plan: paid features are turned off, and machines exceeding the Free plan’s allowance are disabled (not deleted). Your projects, secrets, and machine identities are preserved, and paid features are restored if you resubscribe. Non-payment results in this downgrade, not in account suspension; suspension is a separate measure reserved for abuse or breach of these Terms.

If you initiate a chargeback or payment dispute with your bank or card issuer instead of requesting a refund or contacting our support team, the disputed subscription and any associated paid resources are revoked immediately and your account is moved to the Free plan. Initiating a chargeback for services rendered may be treated as a breach of these Terms. If you believe a charge was made in error, open a billing support ticket and we will work with you to resolve it directly.

SikkerKey stores your Stripe customer ID and subscription metadata locally. All payment card details, invoices, and billing addresses are managed by Stripe and are not stored on SikkerKey systems.

Section 10

Acceptable Use

The Service is provided for the secure storage and management of application secrets, credentials, and configuration values. You agree not to:

  • Store, transmit, or process content that violates any applicable local, national, or international law.
  • Attempt to access vaults, projects, secrets, or machines belonging to other users.
  • Reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service.
  • Interfere with the operation, availability, or integrity of the Service, including denial-of-service attacks or deliberate resource exhaustion.
  • Circumvent, disable, or interfere with rate limits, quotas, access controls, or any other security or authentication measures.
  • Create multiple accounts to circumvent plan limits or abuse free-tier allocations.
  • Resell, redistribute, or sublicense access to the Service without prior written authorization from SikkerKey.
  • Use the Service to store or distribute malware, exploit kits, phishing infrastructure, or other tools designed to harm third parties.
  • Submit false or misleading information during registration or support interactions.

Violation of this section may result in immediate suspension or termination of your account without prior notice.

Section 11

Intellectual Property

The Service, including its architecture, APIs, CLI, SDKs, documentation, scoring algorithms, user interface design, and all associated intellectual property, is owned by SikkerKey. No transfer of ownership is implied by your use of the Service.

You are granted a limited, non-exclusive, non-transferable, revocable license to use the Service, APIs, CLI, and SDKs for your internal operations in accordance with your subscription plan. This license does not extend to redistribution, resale, or the creation of competing services based on SikkerKey’s design or architecture.

The open-source SDKs (Kotlin, Go, Python, Node.js, .NET, and PHP) are licensed under their respective open-source licenses as published in their repositories. These licenses govern your use of the SDK source code independently of these Terms.

Section 12

Service Availability

SikkerKey targets 99.9% uptime for the API and dashboard. Scheduled maintenance windows will be communicated in advance via email or dashboard notification.

SikkerKey does not guarantee uninterrupted or error-free operation of the Service. Scheduled and unscheduled downtime may occur. No service level agreement (SLA) is provided unless separately agreed upon in writing as part of an Enterprise plan.

SikkerKey is not liable for downtime or service degradation caused by factors beyond our reasonable control, including infrastructure provider outages, network failures, DNS propagation issues, or force majeure events.

Section 13

Disclaimers & Warranty

The Service is provided on an “as is” and “as available” basis. SikkerKey makes no warranties, express or implied, regarding the Service’s fitness for a particular purpose, merchantability, uninterrupted availability, or error-free operation.

SikkerKey does not warrant that the encryption mechanisms will be free from vulnerabilities in perpetuity. Cryptographic standards evolve, and while we use industry-standard algorithms (AES-256-GCM, Argon2id, Ed25519), no encryption system can guarantee absolute security indefinitely.

SikkerKey shall not be liable for damages arising from decisions or actions taken based on the availability or unavailability of secrets stored in the Service, including deployment failures, service outages, or configuration errors resulting from inaccessible credentials.

Section 14

Limitation of Liability

To the maximum extent permitted by applicable law, SikkerKey’s total aggregate liability for any claims arising from or related to these Terms or the Service shall not exceed the amount paid by you to SikkerKey in the 12 months preceding the claim, or EUR 100, whichever is greater.

SikkerKey is not liable for indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, lost data, business interruption, cost of procurement of substitute services, or any damages arising from the loss of encryption keys, regardless of the theory of liability.

Section 15

Indemnification

You agree to indemnify, defend, and hold harmless SikkerKey, its officers, directors, employees, and agents from and against any claims, damages, losses, costs, or expenses (including reasonable legal fees) arising from your use of the Service, your violation of these Terms, or your infringement of any third-party rights.

Section 16

Suspension & Termination

SikkerKey reserves the right to suspend or terminate your account at any time, with or without notice, for conduct that violates these Terms or is otherwise harmful to the Service, other users, or third parties.

Upon suspension, all machine authentication for your vault is immediately blocked. Organization members lose access to your vault’s projects and secrets. The dashboard displays the suspension reason and duration (if temporary) or permanent status.

Upon termination, your right to access the Service ceases immediately. All machine registrations are revoked. Encrypted data is permanently deleted within 30 days of termination, subject to legal obligations requiring continued retention.

You may delete your account at any time from the dashboard. Account deletion is irreversible and triggers the same data deletion process described above.

Section 17

Governing Law & Jurisdiction

These Terms are governed by and construed in accordance with the laws of the Kingdom of Denmark, without regard to conflict of law principles.

Any disputes arising from or in connection with these Terms shall be submitted to the exclusive jurisdiction of the courts of Denmark.

For users located within the European Union, this does not affect your rights under mandatory consumer protection laws of your country of residence.

SikkerKey complies with the General Data Protection Regulation (EU) 2016/679 and the Danish Data Protection Act (Databeskyttelsesloven). Where these Terms conflict with mandatory provisions of applicable law, the mandatory provisions shall prevail.

Section 18

Changes to Terms

SikkerKey reserves the right to modify these Terms at any time. Material changes will be communicated via email to the address associated with your account or through a prominent notification in the dashboard at least 30 days before they take effect.

Continued use of the Service after the effective date of any modification constitutes acceptance of the updated Terms. If you do not agree to the updated Terms, you must discontinue use and delete your account.

Section 19

Contact

For questions regarding these Terms, data protection requests, or legal inquiries, contact:

SikkerKey
Email: [email protected]
Web: sikkerkey.com