Terms of Service

Effective April 5, 2026
Section 00

Acceptance of Terms

By creating an account, accessing the dashboard, using the API, CLI, or SDK, or otherwise using any part of the SikkerKey service (“Service”), you agree to be bound by these Terms of Service (“Terms”). If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.

If you do not agree to these Terms, do not use the Service.

Section 01

Definitions

Throughout these Terms, the following definitions apply:

  • “Service” refers to the SikkerKey platform, including the website at sikkerkey.com, the dashboard, all associated APIs, the CLI, SDKs, and documentation.
  • “Vault” refers to a user’s isolated environment containing projects, secrets, machines, team members, and audit history.
  • “Secret” refers to any encrypted value stored within a project, including both single-value and structured (multi-field) secrets.
  • “Machine” refers to a registered device, server, or application instance that authenticates via Ed25519 cryptographic signatures to access secrets programmatically.
  • “Project” refers to a named grouping of secrets within a vault. Each project has its own randomly generated master encryption key and independent encryption.
  • “Team Member” refers to a user who has been invited to and accepted access to another user’s vault, subject to per-project permissions.
  • “Personal Data” has the meaning given in Regulation (EU) 2016/679 (General Data Protection Regulation).
Section 02

Accounts & Eligibility

You must be at least 18 years of age or the age of legal majority in your jurisdiction to create an account. By registering, you represent that you meet this requirement and that all information provided during registration is accurate and complete.

You are solely responsible for maintaining the confidentiality and security of your account credentials, including your password and machine private keys. You must not share these credentials with third parties. You are liable for all activity that occurs under your account.

SikkerKey is not liable for unauthorized access to your vault resulting from compromised credentials under your control. This includes, but is not limited to, compromised passwords and exposed machine private keys.

If you use the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms. The organization assumes responsibility for all accounts and machines operating under its vault.

Section 03

Encryption Policy

All secrets are encrypted at rest using AES-256-GCM envelope encryption with three layers. Each secret has its own randomly generated data key. The data key is encrypted (wrapped) by a per-project master key. The master key is encrypted by a server encryption key that exists only in server memory during operation. After use, key material is zeroed from memory.

Each project has an independently generated 256-bit master key. Compromising one project’s encryption has no effect on other projects, even within the same vault.

The server encryption key that protects all project master keys is never written to disk, never stored in environment variables, and never logged. A full database dump yields only encrypted blobs that cannot be decrypted without the server encryption key.

SikkerKey cannot decrypt your secrets from a database backup alone. There is no mechanism for SikkerKey staff to access your encrypted data outside of a valid, authenticated request processed by a running server.

Section 04

Machine Authentication

Machines authenticate to SikkerKey using Ed25519 cryptographic signatures on every request. There are no tokens, API keys, sessions, or persistent credentials. Each request includes the machine’s ID, a timestamp, a nonce, and a signature computed from the request method, path, timestamp, nonce, and body hash.

The Ed25519 private key is generated on the machine during bootstrap and never leaves the machine. Only the public key is transmitted to SikkerKey during registration. SikkerKey has no access to machine private keys.

Replay protection is enforced via a timestamp window (±5 minutes) and nonce uniqueness tracking persisted in the database. Nonces survive server restarts.

Newly registered machines start in an unapproved state and cannot authenticate until explicitly approved by the vault owner from the dashboard. Machines can be disabled at any time, immediately revoking their ability to authenticate.

You are responsible for securing your machine private keys. If a private key is compromised, you should immediately disable the affected machine from the dashboard. SikkerKey is not liable for unauthorized access resulting from compromised machine credentials.

Section 05

Access Control & Team Permissions

For a machine to read a secret, five independent conditions must be satisfied simultaneously: valid Ed25519 signature, machine approved and enabled, vault owner account active, machine added to the project, and explicit grant to the specific secret. There are no wildcards, no inheritance, and no implicit grants.

Team members may be invited to a vault by the vault owner. Project membership grants full access to all secrets within that project. Machine permissions (view, add, remove, configure) are granular and must be explicitly granted per project.

When a vault owner’s account is suspended, all access to that vault is immediately blocked, including access by team members and their machines. Team members are not informed of the suspension reason.

Section 06

Data Ownership & Processing

You retain full ownership of all data you store in the Service. SikkerKey does not access, read, inspect, sell, share, or use your encrypted secrets for any purpose other than providing the Service.

SikkerKey is not a zero-knowledge system. During request processing, the server holds master keys, data keys, and plaintext secrets in memory. The server encryption key remains in memory while the server is running. The security model protects against database compromise, disk compromise, and log compromise — not against a compromise of the running server process.

Section 07

Data Collection & Privacy

By using the Service, you acknowledge that SikkerKey collects and processes the following data:

  • Registration information — email address, username, hashed password (Argon2id), and the IP address used during registration.
  • Session data — IP addresses, User-Agent strings, and geolocation (country and city via MaxMind GeoIP) for each active session.
  • Login history — IP address, geolocation, success or failure, and failure reason for every login attempt.
  • Machine metadata — machine name, Ed25519 public key, registration IP, last-seen IP and timestamp.
  • Audit logs — every action performed in your vault is logged with user or machine ID, action type, severity, source IP, detail text, and timestamp.
  • OAuth data — if you link a GitHub account, we store your GitHub user ID, email, display name, and avatar URL.
  • Support tickets — ticket content, messages, and file attachments (encrypted at rest).

Data is processed under the lawful basis of performance of contract (Article 6(1)(b) GDPR) for account registration and provision of the Service, and legitimate interest (Article 6(1)(f) GDPR) for security monitoring, abuse prevention, and service improvement.

SikkerKey complies with the General Data Protection Regulation (GDPR) and applicable Danish data protection law. Payment processing is handled by Stripe; no payment card data is stored on SikkerKey systems.

You may exercise your rights under GDPR (access, rectification, erasure, portability, objection) by contacting us at the address provided in the Contact section.

Section 08

Data Retention

Data retention periods vary by category:

  • Account data — retained for the lifetime of the account and deleted upon account deletion.
  • Audit logs — retained based on your subscription plan: 7 days (Free), 90 days (Pro), unlimited (Enterprise). Pruned automatically on an hourly schedule.
  • Deleted secrets — soft-deleted secrets remain in trash for 30 days, after which they are permanently and irreversibly deleted. This process is logged.
  • Sessions — expire after 24 hours, or 30 days if “remember me” is enabled. Expired sessions are cleaned up automatically.
  • Verification and reset tokens — email verification codes expire after 10 minutes. Password reset tokens expire after 1 hour. Both are single-use.
  • Replay protection nonces — expired nonces (older than 6 minutes) are pruned every 60 seconds.
  • Login event history — retained for the lifetime of the account.

Upon account deletion, all personal data, encrypted secrets, projects, machine registrations, team relationships, and audit history are permanently deleted within 30 days, subject to legal obligations requiring continued retention.

Section 09

Subscriptions & Billing

Paid plans are billed in advance on a monthly or annual basis via Stripe. All fees are non-refundable except where required by applicable law. Failed payments may result in account downgrade or suspension following a reasonable grace period.

Pricing changes will be communicated with at least 30 days’ notice via email or dashboard notification. Price changes do not apply retroactively to the current billing period.

Subscription plan limits (maximum machines, projects, secrets, team members, secret versions, and audit retention) are enforced at the time of resource creation. Downgrading to a plan with lower limits does not automatically delete existing resources that exceed the new limits, but you will not be able to create new resources beyond the new plan’s limits.

SikkerKey stores your Stripe customer ID and subscription metadata locally. All payment card details, invoices, and billing addresses are managed by Stripe and are not stored on SikkerKey systems.

Section 10

Acceptable Use

The Service is provided for the secure storage and management of application secrets, credentials, and configuration values. You agree not to:

  • Store, transmit, or process content that violates any applicable local, national, or international law.
  • Attempt to access vaults, projects, secrets, or machines belonging to other users.
  • Reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service.
  • Interfere with the operation, availability, or integrity of the Service, including denial-of-service attacks or deliberate resource exhaustion.
  • Circumvent, disable, or interfere with rate limits, quotas, access controls, or any other security or authentication measures.
  • Create multiple accounts to circumvent plan limits or abuse free-tier allocations.
  • Resell, redistribute, or sublicense access to the Service without prior written authorization from SikkerKey.
  • Use the Service to store or distribute malware, exploit kits, phishing infrastructure, or other tools designed to harm third parties.
  • Submit false or misleading information during registration or support interactions.

Violation of this section may result in immediate suspension or termination of your account without prior notice.

Section 11

Intellectual Property

The Service, including its architecture, APIs, CLI, SDKs, documentation, scoring algorithms, user interface design, and all associated intellectual property, is owned by SikkerKey. No transfer of ownership is implied by your use of the Service.

You are granted a limited, non-exclusive, non-transferable, revocable license to use the Service, APIs, CLI, and SDKs for your internal operations in accordance with your subscription plan. This license does not extend to redistribution, resale, or the creation of competing services based on SikkerKey’s design or architecture.

The open-source SDKs (Kotlin and Go) are licensed under their respective open-source licenses as published in their repositories. These licenses govern your use of the SDK source code independently of these Terms.

Section 12

Service Availability

SikkerKey targets 99.9% uptime for the API and dashboard. Scheduled maintenance windows will be communicated in advance via email or dashboard notification.

SikkerKey does not guarantee uninterrupted or error-free operation of the Service. Scheduled and unscheduled downtime may occur. No service level agreement (SLA) is provided unless separately agreed upon in writing as part of an Enterprise plan.

SikkerKey is not liable for downtime or service degradation caused by factors beyond our reasonable control, including infrastructure provider outages, network failures, DNS propagation issues, or force majeure events.

Section 13

Disclaimers & Warranty

The Service is provided on an “as is” and “as available” basis. SikkerKey makes no warranties, express or implied, regarding the Service’s fitness for a particular purpose, merchantability, uninterrupted availability, or error-free operation.

SikkerKey does not warrant that the encryption mechanisms will be free from vulnerabilities in perpetuity. Cryptographic standards evolve, and while we use industry-standard algorithms (AES-256-GCM, Argon2id, Ed25519), no encryption system can guarantee absolute security indefinitely.

SikkerKey shall not be liable for damages arising from decisions or actions taken based on the availability or unavailability of secrets stored in the Service, including deployment failures, service outages, or configuration errors resulting from inaccessible credentials.

Section 14

Limitation of Liability

To the maximum extent permitted by applicable law, SikkerKey’s total aggregate liability for any claims arising from or related to these Terms or the Service shall not exceed the amount paid by you to SikkerKey in the 12 months preceding the claim, or EUR 100, whichever is greater.

SikkerKey is not liable for indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, lost data, business interruption, cost of procurement of substitute services, or any damages arising from the loss of encryption keys, regardless of the theory of liability.

Section 15

Indemnification

You agree to indemnify, defend, and hold harmless SikkerKey, its officers, directors, employees, and agents from and against any claims, damages, losses, costs, or expenses (including reasonable legal fees) arising from your use of the Service, your violation of these Terms, or your infringement of any third-party rights.

Section 16

Suspension & Termination

SikkerKey reserves the right to suspend or terminate your account at any time, with or without notice, for conduct that violates these Terms or is otherwise harmful to the Service, other users, or third parties.

Upon suspension, all machine authentication for your vault is immediately blocked. Team members lose access to your vault’s projects and secrets. The dashboard displays the suspension reason and duration (if temporary) or permanent status.

Upon termination, your right to access the Service ceases immediately. All machine registrations are revoked. Encrypted data is permanently deleted within 30 days of termination, subject to legal obligations requiring continued retention.

You may delete your account at any time from the dashboard. Account deletion is irreversible and triggers the same data deletion process described above.

Section 17

Governing Law & Jurisdiction

These Terms are governed by and construed in accordance with the laws of the Kingdom of Denmark, without regard to conflict of law principles.

Any disputes arising from or in connection with these Terms shall be submitted to the exclusive jurisdiction of the courts of Denmark.

For users located within the European Union, this does not affect your rights under mandatory consumer protection laws of your country of residence.

SikkerKey complies with the General Data Protection Regulation (EU) 2016/679 and the Danish Data Protection Act (Databeskyttelsesloven). Where these Terms conflict with mandatory provisions of applicable law, the mandatory provisions shall prevail.

Section 18

Changes to Terms

SikkerKey reserves the right to modify these Terms at any time. Material changes will be communicated via email to the address associated with your account or through a prominent notification in the dashboard at least 30 days before they take effect.

Continued use of the Service after the effective date of any modification constitutes acceptance of the updated Terms. If you do not agree to the updated Terms, you must discontinue use and delete your account.

Section 19

Contact

For questions regarding these Terms, data protection requests, or legal inquiries, contact:

SikkerKey
Email: [email protected]
Web: sikkerkey.com