Terms of Service
Effective date: 2 June 2026
Please read these terms carefully before using SealedKeys. By creating an account or using the service, you agree to be bound by these terms. If you do not agree, do not use the service.
1. Who we are
SealedKeys is a trading name of Novastack Solutions Ltd, a private limited company incorporated in England and Wales (company number 16779485), with its registered office at 128 City Road, London, United Kingdom, EC1V 2NX.
References to “SealedKeys”, “we”, “us”, or “our” in these terms mean Novastack Solutions Ltd. References to “you” or “your” mean the individual or organisation using the service.
2. Definitions
- —"Service" means the SealedKeys web application, API, and any related software made available at sealedkeys.com.
- —"Account" means the user account you register to access the Service.
- —"Master Password" means the password you choose at registration, which is used to derive your vault encryption key client-side.
- —"Vault Key" means the AES-256 encryption key derived from your Master Password in your browser. It never leaves your device.
- —"Vault Items" means the passwords, API keys, SSH keys, notes, and other secrets you store in the Service.
- —"Encrypted Data" means the ciphertext of your Vault Items as stored on our servers. We cannot decrypt it.
- —"Organisation" means a team workspace created within the Service.
- —"Pro Plan" means the paid subscription tier, currently priced at £3.49 per user per month.
- —"Free Plan" means the no-charge tier of the Service.
3. Eligibility
You must be at least 18 years old and capable of forming a legally binding contract to use the Service. If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation to these terms.
The Service is intended for business and professional use. It is not designed for storing personal consumer data unrelated to work or professional activities. By registering, you confirm that you are using the Service in the course of a trade, business, craft, or profession (“business customer”). If you are nonetheless a consumer within the meaning of the Consumer Rights Act 2015, certain provisions below are qualified accordingly and your statutory rights are not affected.
4. Account registration
You agree to provide accurate and complete information when creating your Account and to keep it up to date. You are responsible for:
- —Maintaining the security of your Account credentials.
- —All activity that occurs under your Account.
- —Notifying us promptly at security@sealedkeys.com if you suspect unauthorised access.
You may not share your Account credentials with others. Each user within an Organisation must have their own Account.
5. The zero-knowledge model — critical
Important — please read this section carefully.
SealedKeys operates a zero-knowledge architecture. This means we are technically incapable of recovering your Master Password or the contents of your vault. If you lose your Master Password, your Vault Items are permanently inaccessible.
Specifically:
- —Your Master Password is never transmitted to or stored on our servers in any recoverable form.
- —Your Vault Key is derived client-side in your browser and never sent to our servers.
- —We store only ciphertext. We cannot read, recover, or reset your Vault Items.
- —There is no "forgot password" mechanism that can restore access to your encrypted data.
- —Recovery Codes for two-factor authentication are stored as one-way hashes. We cannot retrieve them.
We strongly recommend you store your Master Password and any recovery codes in a physically secure location outside of this Service.
We are not liable for any loss of data resulting from you losing access to your Master Password. This is an inherent and intentional property of the zero-knowledge architecture you have chosen to use.
The inability to recover lost Master Passwords or decrypt Vault Items is a described and intentional feature of the Service. It is not a defect, a failure to provide the Service with reasonable care and skill, or a breach of any obligation under the Consumer Rights Act 2015 or otherwise.
6. Acceptable use
You agree not to use the Service to:
- —Store, transmit, or process any content that is unlawful, fraudulent, or facilitates criminal activity.
- —Attempt to circumvent, reverse-engineer, or interfere with the security of the Service.
- —Access or attempt to access any account or data that does not belong to you.
- —Introduce malware, viruses, or other harmful code.
- —Use the Service in any way that could damage, disable, or impair its availability.
- —Resell or sublicense access to the Service without our written consent.
- —Use automated tools to scrape, crawl, or extract data from the Service.
- —Use the Service for any purpose that violates applicable law or regulation.
We reserve the right to suspend or terminate Accounts that violate these restrictions without notice.
7. Subscription plans and billing
The Service is offered on a Free Plan and a Pro Plan. Pro Plan pricing is displayed at sealedkeys.com/pricing and may be changed with 30 days’ notice.
Pro Plan subscriptions may be billed monthly or annually in advance depending on the option selected at checkout. Payment is processed by Stripe. By subscribing, you authorise us to charge your payment method on a recurring basis (monthly or annual) until you cancel.
If a payment fails, we will attempt to retry the charge. After repeated failures, your account may be downgraded to the Free Plan and Pro features suspended.
All prices are exclusive of VAT where applicable. VAT will be charged at the applicable rate for your jurisdiction.
8. Refunds
Annual subscriptions: We offer a 30-day money-back guarantee on annual Pro subscriptions. If you are not satisfied within 30 days of your annual subscription start date, contact us at hello@sealedkeys.com for a full refund. After 30 days, annual subscriptions are non-refundable for the remainder of the billing year.
Monthly subscriptions: Monthly fees are non-refundable once a billing period has started, except where required by law.
Statutory cancellation right: If you are a consumer, you have a 14-day right of withdrawal from the date of first subscribing under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, provided you have not yet accessed or used the paid features of the Service. You lose this right once you have begun using the paid features.
If you believe you have been charged in error, contact us at hello@sealedkeys.com within 30 days of the charge.
9. Intellectual property
The Service, including its software, design, trademarks, and documentation, is owned by Novastack Solutions Ltd or our licensors. These terms do not grant you any ownership interest in the Service.
You retain all rights to the data you store in the Service. By using the Service, you grant us a limited, non-exclusive licence to store and transmit your Encrypted Data solely for the purpose of providing the Service to you.
You may not copy, modify, distribute, or create derivative works of the Service without our written consent.
10. Privacy and data protection
Our Privacy Policy (available at sealedkeys.com/privacy) explains how we collect, use, and protect your personal data. It forms part of these terms.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Novastack Solutions Ltd is the data controller.
Because of our zero-knowledge architecture, we do not have access to the contents of your Vault Items. The only personal data we hold is your email address, name (if provided), hashed password, and metadata such as vault item names, timestamps, and audit logs.
11. Security
We implement appropriate technical and organisational measures to protect the Service and your data. However, no security measure is perfect and we cannot guarantee the absolute security of the Service.
You are responsible for:
- —Choosing a strong Master Password and keeping it secure.
- —Enabling two-factor authentication on your Account.
- —Keeping your device and browser up to date.
- —Logging out of shared or public devices.
- —Reporting suspected security incidents to security@sealedkeys.com promptly.
Our responsible disclosure policy is published at sealedkeys.com/disclosure. We welcome reports from security researchers.
12. Availability and service levels
We aim to make the Service available at all times but do not guarantee uninterrupted or error-free operation. We may suspend the Service for maintenance, updates, or security reasons with or without notice.
No service level agreement (SLA) is provided under the Free Plan. Pro Plan SLA terms, if any, will be published separately.
Security testing notice: A manual OWASP web-application security assessment covering 42 test cases was completed in May 2026 with zero exploitable findings. The full report is available at sealedkeys.com/pentest-report-2026-05-19.pdf. The Service remains under active development; we recommend enabling MFA and rotating credentials periodically as a matter of good practice.
13. Third-party services
The Service may integrate with or depend on third-party services (including payment processors, email providers, and infrastructure providers). We are not responsible for the availability or conduct of third-party services.
Your use of any third-party service is subject to that service’s own terms and privacy policy.
14. Disclaimers
The Service is provided “as is” and “as available”. To the fullest extent permitted by law, we exclude all implied warranties, representations, and conditions, including but not limited to implied warranties of merchantability, fitness for a particular purpose, satisfactory quality, and non-infringement.
We do not warrant that the Service will be uninterrupted, error-free, or free from security vulnerabilities, or that any defects will be corrected.
Consumer Rights Act 2015 (consumers only): Where you are a consumer, section 49 of the Consumer Rights Act 2015 implies a term that the Service will be provided with reasonable care and skill. Nothing in these terms excludes that implied term. However, “reasonable care and skill” does not require us to achieve outcomes that are architecturally impossible under the zero-knowledge model (such as recovering a lost Master Password), or to guarantee uninterrupted availability of a cloud-hosted service.
Nothing in these terms excludes or limits our liability for: (a) death or personal injury caused by our negligence; (b) fraud or fraudulent misrepresentation; (c) any liability that cannot be excluded or limited under applicable law.
15. Limitation of liability
Business customers: To the fullest extent permitted by law, Novastack Solutions Ltd shall not be liable to business customers for:
- —Any indirect, incidental, special, consequential, or punitive damages.
- —Loss of profits, revenue, contracts, data, business opportunity, or goodwill.
- —Loss of Vault Items resulting from loss of your Master Password.
- —Any damage caused by third-party access to your Account resulting from your failure to secure your credentials.
- —Service interruptions or data loss beyond our reasonable control.
- —Any failure of the Service to meet requirements you did not bring to our attention before subscribing.
For business customers, our total aggregate liability for all claims arising under or in connection with these terms shall not exceed the greater of: (a) the total fees you paid to us in the three months immediately preceding the event giving rise to the claim, or (b) £100.
Consumers: Where you are a consumer, we do not exclude or limit our liability to you where it would be unlawful to do so. Subject to that, and to the fullest extent permitted by the Consumer Rights Act 2015 and other applicable law, our total aggregate liability to consumer customers for all claims shall not exceed the greater of: (a) the total fees you paid to us in the 12 months preceding the event giving rise to the claim, or (b) £100. We remain liable for breach of the implied term under section 49 CRA 2015 (reasonable care and skill), but our liability for any single incident or series of related incidents is capped as stated above.
These limitations apply regardless of the legal theory on which the claim is based, whether in contract, tort (including negligence), statute, or otherwise, and even if we have been advised of the possibility of such damages.
16. Indemnification
You agree to indemnify and hold harmless Novastack Solutions Ltd and its officers, directors, and employees from any claims, damages, losses, or expenses (including reasonable legal fees) arising from: (a) your use of the Service in violation of these terms; (b) your violation of any applicable law; or (c) any content you store in the Service.
17. Termination
You may delete your Account at any time from the Settings page or by contacting us at hello@sealedkeys.com. Upon deletion, your Encrypted Data will be permanently erased from our servers within 30 days. Because we cannot decrypt your data, we cannot provide it to you in unencrypted form — export your vault before deleting your Account.
We may suspend or terminate your Account immediately if you breach these terms, fail to pay applicable fees, or if we are required to do so by law.
On termination, all licences granted to you under these terms cease immediately. Sections 5, 9, 14, 15, 16, and 19 survive termination.
18. Changes to these terms
We may update these terms from time to time. If we make material changes, we will notify you by email (to the address on your Account) or by a prominent notice in the Service at least 14 days before the changes take effect.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the new terms. If you do not agree to the new terms, you must stop using the Service and delete your Account before the changes take effect.
19. Governing law
These terms are governed by the laws of England and Wales. Any disputes arising from or in connection with these terms shall be subject to the exclusive jurisdiction of the courts of England and Wales.
If you are a consumer in the European Union, you may also have the right to bring proceedings in the courts of your country of residence.
20. Contact us
If you have questions about these terms, please contact us:
Novastack Solutions Ltd
128 City Road, London, United Kingdom, EC1V 2NX
Company number: 16779485
Email: hello@sealedkeys.com
These terms were last updated on 2 June 2026. We recommend seeking independent legal advice if you have questions about your rights or obligations.