CipherDuck

Terms of Service

Last updated: 02/11/2025

1. Introduction and Acceptance

  • These Terms of Service (“Terms”) govern your access to and use of CipherDuck’s services, websites, and applications (the “Service”). By creating an account, accessing, or using the Service, you agree to these Terms and our Privacy Notice.
  • If you use the Service on behalf of an organisation, you represent that you have authority to bind that organisation. “You” includes the organisation and its users acting under your account.

2. Eligibility; Professional Use

  • The Service is intended for B2B, public sector, and law/law‑enforcement organisations. You must be at least 18 years old and legally capable of entering into contracts.
  • You are responsible for ensuring that your users are authorised and trained to use the Service in accordance with applicable law and your internal policies.

3. Description of Service

  • CipherDuck provides tools to create, transmit, and manage end‑to‑end encrypted messages and files, with features such as time‑limited access, burn‑after‑read, “rooms,” and optional audit/chain‑of‑custody logs.
  • End‑to‑end encryption means content is encrypted on client devices and cannot be decrypted by CipherDuck. Limited operational metadata (e.g., timestamps, routing information) may be processed to deliver the Service, as described in the Privacy Notice.

4. Accounts, Security, and Access

  • Keep credentials confidential. Use strong authentication (e.g., passkeys, hardware security keys) where available. You are responsible for activity under your accounts.
  • Notify CipherDuck promptly of suspected unauthorised access. We may suspend access to protect users or the Service.
  • We may refuse or terminate accounts where legal, security, or compliance risks exist.

5. Acceptable Use

You agree not to use the Service to:

  • Violate law or regulation; infringe privacy or intellectual property; transmit illegal content.
  • Harass, threaten, or harm persons; engage in fraud, misrepresentation, or unauthorised surveillance.
  • Interfere with Service integrity (e.g., bypass security, inject malware, overload systems, reverse engineer beyond licensed/open interfaces).

CipherDuck may remove content or suspend/terminate accounts that violate these Terms or create risk.

6. Compliance; EU/Finland Law; Export/Sanctions

  • You are responsible for complying with applicable laws (including EU/Finland data protection, criminal law, employment, and sector‑specific rules). You must not use the Service for high‑risk or life‑critical activities.
  • You remain responsible for any export controls or sanctions applicable to your use. CipherDuck does not implement sanctions screening in the Service. Do not use the Service if you are subject to sanctions or in embargoed jurisdictions.

7. Subscriptions, Billing, and Taxes

  • Some features require a paid subscription. Fees and plan details are presented at purchase. By subscribing, you authorise our payment processor (e.g., Stripe) to charge your payment method. CipherDuck does not store card details.
  • Subscriptions renew automatically unless cancelled. You can cancel any time; cancellation stops future charges. Refunds are only provided where required by law or our published refund policy.
  • Prices exclude taxes unless stated; you are responsible for applicable VAT and other taxes.

8. Privacy and Data Protection (GDPR)

  • We process limited personal data to provide the Service: email address, Stripe Customer ID, Organisation ID, and timestamps (e.g., account creation, mailbox checks). Our third‑party providers (Firebase and Stripe) may process IP addresses and related technical data for security, fraud prevention, and auditing.
  • CipherDuck does not implement user behaviour analytics or telemetry. Details are in our Privacy Notice.
  • For organisational customers, a Data Processing Agreement (DPA) is available. You are responsible for providing required notices to your users and honouring data subject rights. We may support requests via manual processes.

9. Intellectual Property; Your Content

  • CipherDuck owns the Service, software, documentation, and branding, subject to open‑source components under their licences.
  • You retain rights to your content. You grant CipherDuck a limited licence to process and transmit your content solely to provide the Service. You are responsible for the legality of your content and its use.

10. Availability; Support; No SLA

  • The Service is provided on a best‑effort basis. We do not guarantee uninterrupted availability, specific performance levels, or mission‑critical reliability. Planned maintenance and unplanned outages may occur.
  • Support channels and response expectations are described on our website or your plan. No formal SLA applies unless agreed in a separate written contract.

11. Disclaimers

  • The Service is provided “as is” and “as available.” To the maximum extent permitted by applicable law, CipherDuck disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, and non‑infringement.
  • The Service is not designed for high‑risk use (e.g., emergency response, life‑critical systems, real‑time command‑and‑control). Do not rely on the Service where failure could cause significant financial loss, injury, or death.
  • You are responsible for maintaining independent backups and continuity plans.

12. Limitation of Liability

  • To the maximum extent permitted by law, CipherDuck is not liable for indirect, incidental, special, consequential, punitive, or exemplary damages, nor for loss of profits, revenues, goodwill, data, or business interruption.
  • CipherDuck’s aggregate liability arising out of or relating to the Service is limited to the total fees you paid to CipherDuck for the Service in the twelve (12) months preceding the event giving rise to the claim.
  • Nothing in these Terms excludes or limits liability where it cannot be excluded or limited under applicable law (e.g., liability for intentional misconduct).

13. Indemnification

You will defend, indemnify, and hold harmless CipherDuck and its affiliates, officers, directors, and employees from and against claims, losses, liabilities, damages, costs, and expenses (including reasonable attorneys’ fees) arising out of your content, your use of the Service, or your breach of these Terms or applicable law.

14. Termination and Suspension

  • You may stop using the Service at any time. CipherDuck may suspend or terminate access immediately for violations of these Terms, legal requirements, security risks, or misuse.
  • Upon termination, your right to use the Service ends. We may retain limited records as required by law or for legitimate business purposes, in line with the Privacy Notice.

15. Governing Law and Venue (EU/Finland)

  • These Terms and any non‑contractual obligations arising out of them are governed by the laws of Finland, excluding its conflict‑of‑laws rules.
  • The exclusive venue for disputes is the District Court of [Helsinki] (Helsingin käräjäoikeus), unless mandatory law provides otherwise. Consumers are not intended users of the Service.

16. Dispute Resolution

Before filing a claim, the parties will attempt to resolve disputes in good faith within thirty (30) days after written notice. If not resolved, disputes proceed in the venue above. No class or representative actions unless required by mandatory law.

17. Changes to the Service or Terms

We may modify the Service or these Terms. Material changes will be notified (e.g., email or in‑app). Changes take effect on the stated effective date. Your continued use after changes constitutes acceptance.

18. Contact

Questions regarding these Terms, please, contact us through our contact page.

    About Our Cookies

    We use essential cookies to make our site work. These are used for security and to keep you logged in. We do not use analytics or advertising cookies. For more information, please see our Privacy Policy.