Envault
HomeTerms of Service

Terms of Service

Last updated: 24 February 2026

1. Agreement to Terms

By accessing or using Envault ("Service"), you agree to be bound by these Terms of Service ("Terms"). If you disagree with any part of the terms, then you may not access the Service. These Terms apply to all visitors, users, and others who access or use the Service.

2. Accounts

When you create an account with us, you must provide us information that is accurate, complete, and current at all times. Failure to do so constitutes a breach of the Terms, which may result in immediate termination of your account on our Service.

You are responsible for safeguarding any authentication credentials used to access the Service, whether passwords, passkeys, OAuth tokens, or API keys. This includes credentials for third-party services. You agree not to disclose your credentials to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.

Envault supports multiple authentication methods including traditional passwords, WebAuthn passkeys, and OAuth providers (Gmail, GitHub). Your choice of authentication method does not affect your responsibility to maintain account security. If you link multiple OAuth providers, you agree that any linked provider can be used to access your account.

3. Intellectual Property

The Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of Envault and its licensors. The Service is protected by copyright, trademark, and other laws of both the United States and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of Envault.

4. User Responsibilities & Encryption

Envault provides tools for encrypting and managing environment variables. However, security is a shared responsibility.

  • You are responsible for managing your encryption keys and recovery phrases.
  • If you lose your encryption key, we cannot recover your data, as we do not store your private keys in plain text.
  • You agree not to use the Service to store illegal or malicious content.
  • You are responsible for maintaining the confidentiality of your account credentials and API keys.
  • You must promptly notify us of any unauthorized access to your account or suspected security breaches.

5. Authentication Methods

Envault offers multiple authentication methods for your security and convenience. By using any authentication method, you agree to the following terms:

  • WebAuthn Passkeys: Passkey authentication is the most secure method and eliminates phishing risks. You are responsible for storing recovery codes securely if provided.
  • OAuth Providers: When using OAuth (Gmail, GitHub, etc.), you authorize Envault to receive your email and profile information from the provider. You acknowledge that Envault does not control second-factor authentication settings at the OAuth provider.
  • Account Linking: You can link multiple authentication methods to your account. Any linked method can be used to access your account. Linking a new provider does not require removing existing methods, but you remain responsible for all linked accounts.
  • Session Management: You are responsible for logging out on shared devices. Envault may terminate sessions for security reasons without notice.

6. Environment Management

Envault enables you to organize secrets across multiple environments (development, staging, production) with workspace-aware scoping. By using environment management features, you agree to:

  • Environment Creation: You are responsible for properly configuring environments and ensuring that sensitive production data is not accidentally mixed with development environments.
  • Environment-Level Permissions: Permissions set at the environment level override project-level permissions. Team members may have access to some environments but not others within a project.
  • Default Environment: When initializing a project via CLI, you must select or create a default environment. Operations without an explicit environment flag will use this default.
  • Workspace Context: The CLI may remember your current environment context to improve workflow efficiency. You are responsible for verifying the correct environment is active before executing operations.
  • Environment Deletion: Deleting an environment is permanent and cannot be undone. All secrets within that environment will be deleted. Owners must provide explicit confirmation before deletion.

7. CLI Usage Terms

Envault provides a Command Line Interface (CLI) tool for managing secrets directly from your terminal. By using the CLI, you agree to the following terms:

  • The CLI may collect anonymous usage statistics to improve the service, which can be disabled in your account settings.
  • You are responsible for securing your local environment when using the CLI, including protecting your authentication tokens.
  • CLI operations that modify secrets require appropriate project permissions (Owner, Editor roles).
  • Bulk operations via CLI should be used responsibly to avoid overwhelming the service.
  • You agree not to use the CLI for automated scraping or unauthorized data extraction.

8. Team Collaboration

Envault enables secure team collaboration through project sharing and role-based access control. When participating in team features:

  • Project owners have ultimate control over project membership and can revoke access at any time.
  • You are responsible for the actions of team members you invite to projects you own.
  • Role assignments (Owner, Editor, Viewer) determine what actions team members can perform. Environment-level permissions may further restrict access to specific environments.
  • You agree to use team features only for legitimate collaboration purposes.
  • Disputes over project ownership or access should be resolved through direct communication with project owners.
  • When team members leave your organization, you are responsible for removing their access to projects.

9. Key Management & Security

Envault uses a hierarchical encryption system with master keys and data keys. Your responsibilities include:

  • Master keys are used only for encrypting/decrypting data keys and must be stored securely.
  • Data keys are rotated periodically for enhanced security; this process is automated but may require your attention.
  • If you suspect key compromise, you must immediately rotate keys and update all affected secrets.
  • Key rotation operations may temporarily impact service availability.
  • You acknowledge that improper key management could result in permanent data loss.

10. Notifications & Communications

Envault provides notification features for team collaboration, security alerts, and service updates. By using these features:

  • You consent to receiving notifications about project activities, access requests, and security events.
  • You can manage notification preferences in your account settings.
  • Security-related notifications cannot be disabled and are essential for account protection.
  • You agree that we may send service announcements and updates via email or in-app notifications.
  • Notification data is processed in accordance with our Privacy Policy.

12. Termination

We may terminate or suspend your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms. Upon termination, your right to use the Service will immediately cease. If you wish to terminate your account, you may simply discontinue using the Service.

13. Limitation of Liability

In no event shall Envault, nor its directors, employees, partners, agents, suppliers, or affiliates, be liable for any indirect, incidental, special, consequential or punitive damages, including without limitation, loss of profits, data, use, goodwill, or other intangible losses, resulting from (i) your access to or use of or inability to access or use the Service; (ii) any conduct or content of any third party on the Service; (iii) any content obtained from the Service; and (iv) unauthorized access, use or alteration of your transmissions or content, whether based on warranty, contract, tort (including negligence) or any other legal theory, whether or not we have been informed of the possibility of such damage, and even if a remedy set forth herein is found to have failed of its essential purpose.

14. Disclaimer

Your use of the Service is at your sole risk. The Service is provided on an "AS IS" and "AS AVAILABLE" basis. The Service is provided without warranties of any kind, whether express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement or course of performance.

15. Governing Law

These Terms shall be governed and construed in accordance with the laws of India, without regard to its conflict of law provisions. Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect.

16. Changes

We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion. By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Service.

17. Contact Us

If you have any questions about these Terms, please contact us at dashdinanath056@gmail.com.