Terms of Service
Last updated: July 13, 2026
1. The service in one paragraph
#) and never touches us. This means we literally cannot read your data — a promise we make good on by publishing the encryption source at /source.2. Acceptable use
You agree not to use Sealed to:
- Distribute illegal content (CSAM, malware, stolen credentials for reuse)
- Coordinate criminal activity, harassment, or targeted threats
- Circumvent lawful government orders, court subpoenas, or sanctions
- Attempt to break our infrastructure, DoS our endpoints, or reverse the encryption (though good-faith security research is welcome — see section 8)
Zero-knowledge doesn’t mean zero-consequence. If we receive a lawful preservation or takedown order, we can and will suspend accounts and delete metadata.
3. Accounts
An account is optional. Anonymous use is fully supported. If you create one, you agree that the email address you provide is yours to use, and that you’re at least 13 years old.
We authenticate you via a magic-link email or Google sign-in. Because we don’t store passwords, we can’t “send you your password” — losing access to your email means losing access to the account.
4. Payments
Free plan is free forever. Pro and Business plans are billed monthly via Stripe. You can cancel any time from your dashboard — no phone calls, no retention hoops.
Refunds are handled case-by-case within 30 days of the charge. Email hello@usesealed.com.
5. Data retention
Secrets self-destruct on view or expiry, whichever comes first. Our maximum retention window is 30 days for any single secret. Metadata about secrets you’ve created (id, timestamps, labels) persists in your dashboard until you delete your account.
Canary tokens are the exception — they intentionally never burn. Trigger logs (viewer IP hash, country, user agent) are kept for 90 days for your forensic use, then pruned.
6. Warranty disclaimer
7. Limitation of liability
8. Security researchers
Good-faith security research is not just permitted — it’s requested. If you find a vulnerability, please email security@usesealed.com with reproduction steps. We commit to acknowledging within 72 h and won’t pursue legal action against researchers who:
- Test against test accounts, not other users’ data
- Don’t exfiltrate more than needed to demonstrate the issue
- Give us a reasonable window to fix before public disclosure