Last updated: 6 May 2026
<p
style="background: rgba(16, 185, 129, 0.06); border: 1px solid rgba(16, 185, 129, 0.25); border-radius: 10px; padding: 14px 18px; font-size: 13px;"
>
This English translation is provided for convenience. The
<a href="/fr/terms/">French version</a> prevails in case of discrepancy.
</p>
<h2>1. Definitions</h2>
<ul>
<li>
<strong>"FerrVault"</strong>: the encrypted secrets management service edited by Bryan
Ferrando — Entrepreneur individuel (FerrLabs), SIREN 104 243 951, accessible at
ferrvault.com.
</li>
<li>
<strong>"Customer"</strong>: any natural person of legal age or legal entity having
subscribed to a FerrVault Subscription.
</li>
<li>
<strong>"Vault"</strong>: a logical container holding a set of Secrets, shared between
authorized members of the Customer.
</li>
<li>
<strong>"Secret"</strong>: any sensitive piece of data (API key, credential, token,
certificate, application password) stored in a Vault, encrypted client-side before
transmission.
</li>
<li>
<strong>"Master password"</strong>: the secret known only to the Customer, from which the
data encryption key (DEK) is derived. FerrLabs holds no copy of it.
</li>
<li>
<strong>"Subscription"</strong>: the pricing plan (Free, Pro, Team or Enterprise)
subscribed to by the Customer.
</li>
</ul>
<h2>2. Acceptance</h2>
<p>
Use of the Service implies unreserved acceptance of these terms. The Customer acknowledges
having read and accepted them prior to any subscription.
</p>
<h2>3. Service description</h2>
<p>FerrVault provides:</p>
<ul>
<li>End-to-end encrypted Secrets storage</li>
<li>Granular sharing of Secrets between organization members</li>
<li>An append-only audit log recording Secret accesses (who, when, from where)</li>
<li>
Kubernetes integration through the FerrVault operator, syncing Secrets into native
Kubernetes <code>Secret</code> resources
</li>
<li>A REST API and CLI to automate rotations and access</li>
</ul>
<h2>4. Pricing and subscription</h2>
<p>
Current pricing is published at
<a href="https://ferrvault.com/pricing">ferrvault.com/pricing</a>. The Service is offered in
four tiers:
</p>
<ul>
<li><strong>Free</strong>: 5 users, 3 vaults, 100 secrets</li>
<li>
<strong>Pro / Team / Enterprise</strong>: increasing volumes of users, vaults, secrets,
and advanced features (SSO, scheduled rotation, fine-grained access controls)
</li>
</ul>
<h2>5. Payment</h2>
<p>
Payments are made through Stripe Inc. (United States, Data Privacy Framework certified), by
credit card or SEPA direct debit. The Customer expressly authorizes monthly automatic debit.
Each invoice is issued on the subscription anniversary date.
</p>
<h2>6. Term, renewal and termination</h2>
<p>
The Subscription is concluded without commitment, and is tacitly renewed each month on the
anniversary date. The Customer can terminate at any time from their account area (termination
takes effect at the end of the current billing period). No pro-rata refund.
</p>
<p>
In accordance with the French law of 16 August 2022, termination is accessible by means at
least as simple as subscription.
</p>
<h2>7. Right of withdrawal (consumers only)</h2>
<p>
In accordance with article L.221-18 of the French Consumer Code, a Customer who is a consumer
has a 14-day period to exercise their right of withdrawal.
<strong
>The Customer expressly waives this right by requesting immediate execution of the
Service</strong
>
upon subscription. This waiver is materialized by the checkbox at payment time.
</p>
<h2>8. Customer obligations</h2>
<p>The Customer warrants that the Secrets stored:</p>
<ul>
<li>Belong to them or that they hold a legitimate right to possess them</li>
<li>
Do not contain third-party personal data without an appropriate legal basis under the GDPR
</li>
<li>Are not used for illegal purposes under French law</li>
<li>
Do not include cryptographic material subject to export restrictions for which the Customer
lacks the required authorizations
</li>
</ul>
<p>
The Customer is solely responsible for the choice, quality and rotation of their Secrets, the
proper management of access permissions within their organization, and the secure custody of
their Master password.
</p>
<h2>9. Backup and unrecoverability</h2>
<p>The Customer understands and accepts that:</p>
<ul>
<li>
Secrets stored in FerrVault are encrypted client-side with a key derived from the
Customer's master password.
<strong>FerrLabs holds no copy of this password and cannot technically decrypt the secrets.</strong>
</li>
<li>
In case of loss of the master password, <strong>secrets are permanently unrecoverable</strong>.
The Customer is solely responsible for the safekeeping of their password and recovery codes.
</li>
<li>
FerrLabs recommends that the Customer periodically export their secrets (decrypted
client-side) for independent backup purposes.
</li>
<li>
In case of secret deletion, encrypted backups are purged within 30 days. Beyond that, the
data is unrecoverable.
</li>
<li>
Security probes (audit log) trace metadata accesses to secrets (who, when, from where) —
not their content, which remains unreadable server-side.
</li>
</ul>
<h2>10. Anti-abuse policy</h2>
<p>
FerrVault is designed for the storage of professional secrets (API keys, credentials, tokens,
certificates). The Customer undertakes not to use it to store third-party personal data
without a legal basis, illegal content, or to circumvent legal restrictions (arms export,
international sanctions, etc.).
</p>
<h2>11. Suspension and termination for cause</h2>
<p>FerrLabs may suspend or terminate the Subscription, without notice or refund, in case of:</p>
<ul>
<li>Use manifestly contrary to the Anti-abuse policy</li>
<li>Payment default of more than 15 days</li>
<li>Serious breach of these terms</li>
<li>Attempted attack on the infrastructure (abuse, brute-force, fraud)</li>
</ul>
<h2>12. Personal data</h2>
<p>
The Customer's data is processed in accordance with the privacy policy published at
<a href="/privacy/">ferrvault.com/privacy</a>. FerrLabs is the data controller for the
Customer account data and Vault metadata. Since Secret content is encrypted client-side,
FerrLabs has no technical capacity to process it in clear text.
</p>
<p>
When the Customer stores personal data subject to the GDPR within their Vaults, the Customer
is the data controller and FerrLabs is the processor within the meaning of GDPR art. 28; a
Data Processing Addendum (DPA) is available on request.
</p>
<h2>13. Intellectual property</h2>
<ul>
<li>
The FerrVault source code, the "FerrLabs" and "FerrVault" trademarks, the Kubernetes
operator and all associated graphical elements remain the exclusive property of Bryan
Ferrando — Entrepreneur individuel.
</li>
<li>
Stored Secrets remain the exclusive property of the Customer. The Customer grants FerrLabs
a strictly technical, non-exclusive, worldwide, royalty-free license, limited to the
storage, encrypted replication and delivery of the encrypted content for the purposes of
the Service. FerrLabs has no usage right over the plaintext content, which it cannot
technically obtain.
</li>
</ul>
<h2>14. Limitation of liability</h2>
<p>
FerrLabs is bound by an obligation of means. FerrLabs's liability is limited to direct
foreseeable damages and shall not exceed, in any event, the amounts paid by the Customer over
the past 12 months. FerrLabs is not liable for indirect damages (loss of revenue, loss of
Secrets resulting from the Customer's loss of their Master password, reputational harm).
</p>
<p>
FerrLabs is not liable in case of force majeure (infrastructure subcontractor outage, DDoS
attack, network unavailability).
</p>
<h2>15. Modification of terms</h2>
<p>
FerrLabs reserves the right to modify these terms. Any modification is notified to the
Customer by email at least 30 days before its entry into force. Failing express opposition by
termination within this period, the new terms are deemed accepted.
</p>
<h2>16. Applicable law and jurisdiction</h2>
<p>
These terms are governed by French law. For any dispute with a professional Customer,
exclusive jurisdiction of the courts of Lille.
</p>
<p>
For any dispute with a consumer Customer, in accordance with article L.612-1 of the French
Consumer Code, the Customer may have free recourse to a consumer mediator. Designated
mediator: <span class="placeholder">[À COMPLÉTER]</span>.
</p>
<h2>17. Final provisions</h2>
<p>
The possible nullity of a stipulation does not entail the nullity of the whole. FerrLabs's
failure to exercise a right cannot be interpreted as a waiver.
</p>