GoodKey ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service to authenticate and encrypt digital assets, manage cryptographic keys, and facilitate team-based key management. By accessing or using our service, you agree to the practices described herein.

• Credentials:

  Login and authentication data you provide to access the service.

• Cryptographic Keys:

  Digital keys used to encrypt and decrypt data.

• Token Metadata:

  Information such as serial numbers, manufacturer details, model information, usage frequency, and lifecycle status of your tokens.

• Logs and Analytics:

  Data collected about how your organization and its users interact with the service.

• Team:

  A group designated by your organization within GoodKey to collaborate on managing keys and related tasks.

• Team Member:

  An individual who is authorized as part of a team to access and use the GoodKey service.

• Personal Data:

  When you register or contact us, we may collect your name, email address, and other contact details.

• Usage Data:

  We automatically collect information such as your IP address, browser type, operating system, and pages viewed.

• Credentials and Keys:

  To deliver secure key management, you may provide credentials and cryptographic keys; in some cases, GoodKey will have access to these.

• Token Meta Data:

  We collect metadata about your tokens (e.g., serial numbers, make/model, usage frequency, lifecycle status).

• Logs And Analytics:

  We gather logs and analytics regarding how your organization and its users (including team members) utilize keys to help monitor performance, optimize service delivery, and support compliance.

• Providing Services:

  To deliver, maintain, and secure the GoodKey service.

• Customer Support:

  To respond to inquiries and provide technical assistance.

• Service Improvement:

  To analyze usage patterns, token performance, and logs/analytics data for ongoing improvements.

• Notifications:

  To inform you about updates or changes to our services, policies, and security practices.

We use commercially reasonable measures to protect your information.

• Key Storage:

  Where technically possible, keys are stored using Hardware Security Modules (HSMs) that meet FIPS 140-3 standards. Where this is not technically possible, keys are stored in our Key Management System (KMS), which is isolated, encrypted, and access-controlled.

• Attestations:

  Attestations are available to enable you to verify how keys are stored.

• Best Practices:

  Our systems adhere to industry best practices, including least privilege access, service isolation, and tenant isolation.

• No Absolute Security:

  While we take steps to secure your data, no method is completely secure.

We retain personal data, logs, analytics, and metadata as long as necessary to provide our service and comply with legal obligations. Upon account termination or when required by law, data will be deleted or anonymized according to our retention policies.

GoodKey integrates with various third-party services (e.g., GitHub, Google Workspace, Microsoft 365, Slack, Teams) to enhance functionality. Data processed via these integrations is subject to the third party’s own privacy practices.

In the event of a security breach affecting personal or sensitive token data, we will follow our incident response protocols and notify affected users as required by applicable law.

If your data is transferred or stored outside Washington State or the United States, appropriate safeguards will be maintained in accordance with applicable laws.

Our service is not directed to children, and we do not knowingly collect personal data from individuals under the applicable age of consent.

• Access and Correction:

  You may request access to or correction of your personal data.

• Cookie Control:

  Manage your cookie preferences through your browser settings.

• Contact:

  For privacy-related questions or requests, please contact us at [email protected].

We may update this Privacy Policy from time to time. Any changes will be posted here with an updated effective date.

For privacy-related inquiries, please contact us at: Email: [email protected]

GoodKey provides a SaaS platform that enables secure management of cryptographic keys, authentication of digital assets, encryption, and team-based collaboration on key management. By accessing or using the service, you agree to these Terms of Use. For purposes of these Terms, the following definitions apply:

• Credentials:

  Login and authentication data provided by you.

• Cryptographic Keys:

  Digital keys used for encryption and decryption.

• Token Metadata:

  Information about your tokens including serial numbers, make/model, usage frequency, and lifecycle status.

• Team:

  A group within your organization designated to collectively manage keys and certificates using GoodKey.

• Team Member:

  An individual authorized to access and use GoodKey as part of a team.

• Third-Party Services:

  External services (e.g., GitHub, Google Workspace) that integrate with or support GoodKey.

GoodKey offers a SaaS platform that includes key and certificate management, token metadata tracking, automated signing (including CI/CD integrations), and logs/analytics collection to monitor and optimize performance. The service supports both individual and team-based management, allowing organizations to set up teams and assign team members with appropriate access levels. In providing this service, you acknowledge that GoodKey may have access to your credentials and, in some cases, your cryptographic keys.

• Key Storage:

  Where technically possible, keys are stored using Hardware Security Modules (HSMs) that meet FIPS 140-3 standards. Where this is not technically possible, keys are stored in our Key Management System (KMS), which is isolated, encrypted, and access-controlled.

• Attestations:

  Attestations are available to enable you to verify how keys are stored.

• Best Practices:

  We follow industry best practices—including least privilege access, service isolation, and tenant isolation—to safeguard your data.

• Account Security:

  You are responsible for maintaining the confidentiality of your account credentials and all activities conducted under your account.

• Team Administration:

  If you set up teams, you are responsible for managing team member access and ensuring that all team members follow secure practices.

• Secure Integrations:

  You must ensure that any integrations or configurations within your systems are performed securely.

• Backup and Recovery:

  While GoodKey employs robust security measures, you are responsible for maintaining secure backups and key recovery procedures.

• Lawful Use:

  You agree to use the service in accordance with all applicable laws and regulations.

• Termination:

  Either party may terminate the service in accordance with the termination provisions detailed on our website.

• Data Retrieval:

  Upon termination, you are responsible for retrieving your data. GoodKey will, upon request and subject to applicable law, provide assistance in retrieving data for a limited period following termination.

You agree to comply with all applicable export control laws and regulations. The use or transfer of GoodKey’s technology may be subject to such laws, and you must ensure that your use complies with these requirements.

• Disclaimer of Warranties:

  The GoodKey service is provided “as is” without any warranties, express or implied.

• Liability Cap:

  GoodKey’s total liability for any claims, damages, or losses arising out of or related to your use of the service shall not exceed the annual cost of the service as paid by you.

• Risk Assumption:

  You assume all risks associated with your use of the service.

GoodKey shall not be liable for failures or delays due to events beyond its control, including natural disasters, governmental actions, or internet service interruptions.

Any dispute or claim arising out of these Terms or your use of the service shall be resolved exclusively through binding arbitration. By agreeing to these Terms, you waive any right to participate in a class action or representative lawsuit. Arbitration will be conducted under the rules of an agreed organization (e.g., the American Arbitration Association) and held in Washington State unless otherwise agreed by the parties.

You agree to indemnify, defend, and hold harmless GoodKey and its affiliates from any claims, damages, losses, or expenses (including reasonable attorney fees) arising from your use of the service or violation of these Terms.

GoodKey reserves the right to modify these Terms at any time. Changes will be communicated via email to [email protected] and posted on our website. Your continued use of the service constitutes acceptance of the updated terms.

These Terms shall be governed by and construed in accordance with the laws of Washington State, without regard to conflict of law principles.

All legal notices or communications will be sent via email to [email protected].

These Terms constitute the entire agreement between you and GoodKey regarding the use of the service. If any provision is deemed invalid or unenforceable, the remaining provisions shall continue in full force and effect.