Privacy PolicyTerms of Use
  • Introduction and Definitions
  • Description of the Service
  • Security Measures
  • User Responsibilities
  • Termination and Data Retrieval
  • Export Control
  • No Warranty; Limitation of Liability
  • Force Majeure
  • Arbitration Agreement
  • Indemnification
  • Modifications and Amendments
  • Governing Law
  • Notices and Contact Information
  • Entire Agreement and Severability

GoodKey Terms of Use

Effective Date: 14 of March 2025

Introduction and Definitions

GoodKey provides a SaaS platform that enables secure management of cryptographic keys, authentication of digital assets, encryption, and team-based collaboration on key management. By accessing or using the service, you agree to these Terms of Use. For purposes of these Terms, the following definitions apply:

  • Credentials:

    Login and authentication data provided by you.

  • Cryptographic Keys:

    Digital keys used for encryption and decryption.

  • Token Metadata:

    Information about your tokens including serial numbers, make/model, usage frequency, and lifecycle status.

  • Team:

    A group within your organization designated to collectively manage keys and certificates using GoodKey.

  • Team Member:

    An individual authorized to access and use GoodKey as part of a team.

  • Third-Party Services:

    External services (e.g., GitHub, Google Workspace) that integrate with or support GoodKey.

Description of the Service

GoodKey offers a SaaS platform that includes key and certificate management, token metadata tracking, automated signing (including CI/CD integrations), and logs/analytics collection to monitor and optimize performance. The service supports both individual and team-based management, allowing organizations to set up teams and assign team members with appropriate access levels. In providing this service, you acknowledge that GoodKey may have access to your credentials and, in some cases, your cryptographic keys.

Security Measures

  • Key Storage:

    Where technically possible, keys are stored using Hardware Security Modules (HSMs) that meet FIPS 140-3 standards. Where this is not technically possible, keys are stored in our Key Management System (KMS), which is isolated, encrypted, and access-controlled.

  • Attestations:

    Attestations are available to enable you to verify how keys are stored.

  • Best Practices:

    We follow industry best practices—including least privilege access, service isolation, and tenant isolation—to safeguard your data.

User Responsibilities

  • Account Security:

    You are responsible for maintaining the confidentiality of your account credentials and all activities conducted under your account.

  • Team Administration:

    If you set up teams, you are responsible for managing team member access and ensuring that all team members follow secure practices.

  • Secure Integrations:

    You must ensure that any integrations or configurations within your systems are performed securely.

  • Backup and Recovery:

    While GoodKey employs robust security measures, you are responsible for maintaining secure backups and key recovery procedures.

  • Lawful Use:

    You agree to use the service in accordance with all applicable laws and regulations.

Termination and Data Retrieval

  • Termination:

    Either party may terminate the service in accordance with the termination provisions detailed on our website.

  • Data Retrieval:

    Upon termination, you are responsible for retrieving your data. GoodKey will, upon request and subject to applicable law, provide assistance in retrieving data for a limited period following termination.

Export Control

You agree to comply with all applicable export control laws and regulations. The use or transfer of GoodKey’s technology may be subject to such laws, and you must ensure that your use complies with these requirements.

No Warranty; Limitation of Liability

  • Disclaimer of Warranties:

    The GoodKey service is provided “as is” without any warranties, express or implied.

  • Liability Cap:

    GoodKey’s total liability for any claims, damages, or losses arising out of or related to your use of the service shall not exceed the annual cost of the service as paid by you.

  • Risk Assumption:

    You assume all risks associated with your use of the service.

Force Majeure

GoodKey shall not be liable for failures or delays due to events beyond its control, including natural disasters, governmental actions, or internet service interruptions.

Arbitration Agreement

Any dispute or claim arising out of these Terms or your use of the service shall be resolved exclusively through binding arbitration. By agreeing to these Terms, you waive any right to participate in a class action or representative lawsuit. Arbitration will be conducted under the rules of an agreed organization (e.g., the American Arbitration Association) and held in Washington State unless otherwise agreed by the parties.

Indemnification

You agree to indemnify, defend, and hold harmless GoodKey and its affiliates from any claims, damages, losses, or expenses (including reasonable attorney fees) arising from your use of the service or violation of these Terms.

Modifications and Amendments

GoodKey reserves the right to modify these Terms at any time. Changes will be communicated via email to [email protected] and posted on our website. Your continued use of the service constitutes acceptance of the updated terms.

Governing Law

These Terms shall be governed by and construed in accordance with the laws of Washington State, without regard to conflict of law principles.

Notices and Contact Information

All legal notices or communications will be sent via email to [email protected].

Entire Agreement and Severability

These Terms constitute the entire agreement between you and GoodKey regarding the use of the service. If any provision is deemed invalid or unenforceable, the remaining provisions shall continue in full force and effect.