Terms of Service

SealedKeys is a trading name of Novastack Solutions Ltd, a private limited company incorporated in England and Wales (company number 16779485), with its registered office at 128 City Road, London, United Kingdom, EC1V 2NX.

References to “SealedKeys”, “we”, “us”, or “our” in these terms mean Novastack Solutions Ltd. References to “you” or “your” mean the individual or organisation using the service.

• —"Service" means the SealedKeys web application, API, and any related software made available at sealedkeys.com.
• —"Account" means the user account you register to access the Service.
• —"Master Password" means the password you choose at registration, which is used to derive your vault encryption key client-side.
• —"Vault Key" means the AES-256 encryption key derived from your Master Password in your browser. It never leaves your device.
• —"Vault Items" means the passwords, API keys, SSH keys, notes, and other secrets you store in the Service.
• —"Encrypted Data" means the ciphertext of your Vault Items as stored on our servers. We cannot decrypt it.
• —"Organisation" means a team workspace created within the Service.
• —"Pro Plan" means the paid subscription tier, currently priced at £3.49 per user per month.
• —"Free Plan" means the no-charge tier of the Service.

You must be at least 18 years old and capable of forming a legally binding contract to use the Service. If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation to these terms.

The Service is intended for business and professional use. It is not designed for storing personal consumer data unrelated to work or professional activities.

You agree to provide accurate and complete information when creating your Account and to keep it up to date. You are responsible for:

• —Maintaining the security of your Account credentials.
• —All activity that occurs under your Account.
• —Notifying us promptly at security@sealedkeys.com if you suspect unauthorised access.

You may not share your Account credentials with others. Each user within an Organisation must have their own Account.

Specifically:

• —Your Master Password is never transmitted to or stored on our servers in any recoverable form.
• —Your Vault Key is derived client-side in your browser and never sent to our servers.
• —We store only ciphertext. We cannot read, recover, or reset your Vault Items.
• —There is no "forgot password" mechanism that can restore access to your encrypted data.
• —Recovery Codes for two-factor authentication are stored as one-way hashes. We cannot retrieve them.

We strongly recommend you store your Master Password and any recovery codes in a physically secure location outside of this Service.

We are not liable for any loss of data resulting from you losing access to your Master Password. This is an inherent and intentional property of the zero-knowledge architecture you have chosen to use.

You agree not to use the Service to:

• —Store, transmit, or process any content that is unlawful, fraudulent, or facilitates criminal activity.
• —Attempt to circumvent, reverse-engineer, or interfere with the security of the Service.
• —Access or attempt to access any account or data that does not belong to you.
• —Introduce malware, viruses, or other harmful code.
• —Use the Service in any way that could damage, disable, or impair its availability.
• —Resell or sublicense access to the Service without our written consent.
• —Use automated tools to scrape, crawl, or extract data from the Service.
• —Use the Service for any purpose that violates applicable law or regulation.

We reserve the right to suspend or terminate Accounts that violate these restrictions without notice.

The Service is offered on a Free Plan and a Pro Plan. Pro Plan pricing is displayed at sealedkeys.com/pricing and may be changed with 30 days’ notice.

Pro Plan subscriptions are billed monthly in advance. Payment is processed by our payment provider (Stripe). By subscribing, you authorise us to charge your payment method on a recurring monthly basis until you cancel.

If a payment fails, we will attempt to retry the charge. After repeated failures, your account may be downgraded to the Free Plan and Pro features suspended.

All prices are exclusive of VAT where applicable. VAT will be charged at the applicable rate for your jurisdiction.

Monthly subscriptions are non-refundable once a billing period has started, except where required by law (for example, if you are a consumer in the UK or EU exercising your statutory right of withdrawal within 14 days of first subscribing, provided you have not yet used the paid features).

If you believe you have been charged in error, contact us at hello@sealedkeys.com within 30 days of the charge.

The Service, including its software, design, trademarks, and documentation, is owned by Novastack Solutions Ltd or our licensors. These terms do not grant you any ownership interest in the Service.

You retain all rights to the data you store in the Service. By using the Service, you grant us a limited, non-exclusive licence to store and transmit your Encrypted Data solely for the purpose of providing the Service to you.

You may not copy, modify, distribute, or create derivative works of the Service without our written consent.

Our Privacy Policy (available at sealedkeys.com/privacy) explains how we collect, use, and protect your personal data. It forms part of these terms.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Novastack Solutions Ltd is the data controller.

Because of our zero-knowledge architecture, we do not have access to the contents of your Vault Items. The only personal data we hold is your email address, name (if provided), hashed password, and metadata such as vault item names, timestamps, and audit logs.

We implement appropriate technical and organisational measures to protect the Service and your data. However, no security measure is perfect and we cannot guarantee the absolute security of the Service.

You are responsible for:

• —Choosing a strong Master Password and keeping it secure.
• —Enabling two-factor authentication on your Account.
• —Keeping your device and browser up to date.
• —Logging out of shared or public devices.
• —Reporting suspected security incidents to security@sealedkeys.com promptly.

Our responsible disclosure policy is published at sealedkeys.com/disclosure. We welcome reports from security researchers.

We aim to make the Service available at all times but do not guarantee uninterrupted or error-free operation. We may suspend the Service for maintenance, updates, or security reasons with or without notice.

No service level agreement (SLA) is provided under the Free Plan. Pro Plan SLA terms, if any, will be published separately.

Security testing notice: A manual OWASP web-application security assessment covering 42 test cases was completed in May 2026 with zero exploitable findings. The full report is available at sealedkeys.com/pentest-report-2026-05-19.pdf. The Service remains under active development; we recommend enabling MFA and rotating credentials periodically as a matter of good practice.

The Service may integrate with or depend on third-party services (including payment processors, email providers, and infrastructure providers). We are not responsible for the availability or conduct of third-party services.

Your use of any third-party service is subject to that service’s own terms and privacy policy.

The Service is provided “as is” and “as available” without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.

We do not warrant that the Service will meet your specific requirements, that it will be uninterrupted, timely, secure, or error-free, or that any defects will be corrected.

Nothing in these terms excludes our liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited under applicable law.

To the fullest extent permitted by law, Novastack Solutions Ltd shall not be liable for:

• —Any indirect, incidental, special, consequential, or punitive damages.
• —Loss of profits, revenue, data, business, or goodwill.
• —Loss of Vault Items resulting from loss of your Master Password.
• —Any damage caused by third-party access to your Account resulting from your failure to secure your credentials.
• —Service interruptions or data loss beyond our reasonable control.

Our total aggregate liability to you for any claims arising under or in connection with these terms shall not exceed the greater of: (a) the total fees you paid to us in the 12 months preceding the claim, or (b) £100.

These limitations apply regardless of the legal theory on which the claim is based, whether in contract, tort (including negligence), or otherwise.

You agree to indemnify and hold harmless Novastack Solutions Ltd and its officers, directors, and employees from any claims, damages, losses, or expenses (including reasonable legal fees) arising from: (a) your use of the Service in violation of these terms; (b) your violation of any applicable law; or (c) any content you store in the Service.

You may delete your Account at any time from the Settings page or by contacting us at hello@sealedkeys.com. Upon deletion, your Encrypted Data will be permanently erased from our servers within 30 days. Because we cannot decrypt your data, we cannot provide it to you in unencrypted form — export your vault before deleting your Account.

We may suspend or terminate your Account immediately if you breach these terms, fail to pay applicable fees, or if we are required to do so by law.

On termination, all licences granted to you under these terms cease immediately. Sections 5, 9, 14, 15, 16, and 19 survive termination.

We may update these terms from time to time. If we make material changes, we will notify you by email (to the address on your Account) or by a prominent notice in the Service at least 14 days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the new terms. If you do not agree to the new terms, you must stop using the Service and delete your Account before the changes take effect.

These terms are governed by the laws of England and Wales. Any disputes arising from or in connection with these terms shall be subject to the exclusive jurisdiction of the courts of England and Wales.

If you are a consumer in the European Union, you may also have the right to bring proceedings in the courts of your country of residence.

If you have questions about these terms, please contact us: