Terms of Service

Service - the SecurSSH software, web console, desktop applications and associated cloud infrastructure.

Customer - the legal entity or individual entering into a subscription with SecurSSH.

User - a natural person authorised by the Customer to access the Service.

Vault - an end-to-end encrypted container of credentials, hosts and related data, decryptable only with a User-derived key.

Subscription - the recurring contractual relationship between the Customer and SecurSSH covering Free, Pro, Team or Enterprise plans.

SecurSSH is a brand operated by WATIZI, a French SAS with €1,000 share capital, registered at Bordeaux Trade Register under 102 877 412, with office at 29 B Chemin de la Tuilière, 33610 Cestas, France.

Creating an account requires a valid email address, which the User must verify. The User is responsible for choosing a strong master password; SecurSSH never receives, stores or transmits the master password.

Because vault content is encrypted client-side with a key derived from the master password, SecurSSH cannot recover a forgotten master password. Vault recovery options (such as recovery codes) are documented in the product and must be configured proactively by the User.

The User is responsible for safeguarding their credentials and notifying SecurSSH of any suspected compromise.

SecurSSH offers four plans: Free (0 EUR), Pro (9 EUR per month), Team (12 EUR per User per month) and Enterprise (custom pricing under contract).

Pro and Team subscriptions are billed through Stripe by credit card. Enterprise subscriptions may be billed by wire transfer, purchase order or other means agreed in the master service agreement (MSA).

Adding a User to a Team plan triggers automatic proration on the next invoice. Removing a User credits the unused portion against the following billing period.

Customers may cancel at any time from the billing portal. Cancellation stops the next renewal; no refund is issued for the current paid period unless required by applicable law.

The Customer and its Users agree not to: (a) store, share or distribute credentials obtained illegally or without authorisation; (b) attempt to bypass role-based access controls protecting other Customers' data; (c) probe, scan, or scrape the Service beyond ordinary product use; (d) use the Service to coordinate attacks, host malware command-and-control, or violate applicable law.

SecurSSH may suspend access without notice in case of severe breach, fraud, or activity that endangers the Service or other Customers.

SecurSSH retains all intellectual property rights in the software, brand, logos and documentation. The Customer is granted a non-exclusive, non-transferable, revocable licence to use the Service for the duration of the Subscription.

The Customer retains ownership of all data it stores in its Vaults, including credentials, host records, snippets and audit metadata. SecurSSH is granted only the technical permissions necessary to operate the Service on the Customer's behalf.

Vault content is encrypted client-side using AES-GCM with a key derived through PBKDF2 with 100,000 iterations from the User's master password. The SecurSSH server stores ciphertext only and is structurally unable to decrypt vault content.

SecurSSH does not maintain support backdoors or master-key escrow. Staff cannot read credentials, including in response to internal requests. Lawful disclosure obligations are addressed in the Privacy Policy.

A 99.9% monthly availability commitment applies exclusively to Enterprise subscriptions under contract, with associated service credits as defined in the MSA. Free, Pro and Team plans are provided on a best-effort basis without a contractual SLA.

Scheduled maintenance windows are announced in advance through the in-product status page and email. SecurSSH may perform unannounced maintenance in case of security incidents.

The Customer may terminate the Subscription at any time. SecurSSH may terminate the Subscription with reasonable notice in case of material breach of these Terms, fraud, repeated non-payment, or activity creating legal or operational risk.

Following termination, Customer data is retained for a 30-day grace period, during which the Customer may reactivate the account or export data. After 30 days, all data is permanently deleted from production systems, with backup rotation completing the deletion within the timeframe documented in the Privacy Policy.

To the maximum extent permitted by applicable law, SecurSSH's aggregate liability arising from or related to the Service shall not exceed the total amount paid by the Customer for the Subscription during the twelve (12) months preceding the event giving rise to the claim.

SecurSSH is not liable for indirect, incidental or consequential damages, including loss of profit, loss of data unrelated to a breach by SecurSSH, or business interruption. Nothing in these Terms limits liability that cannot be limited under applicable law (including, where relevant, gross negligence and wilful misconduct).

These Terms are governed by the laws applicable to SecurSSH's registered seat within the European Union. Any dispute arising in connection with the Terms or the Service shall be submitted to the exclusive jurisdiction of the competent courts of SecurSSH's registered seat, without prejudice to mandatory consumer protection rules where applicable.

SecurSSH may update these Terms to reflect product changes, regulatory developments or operational needs. Material changes are notified at least thirty (30) days before they take effect, by email to active Customers and through an in-product banner. Continued use of the Service after the effective date constitutes acceptance of the updated Terms.

Questions related to these Terms can be addressed to legal@securssh.com.

Postal address: European Union — address available on request at legal@securssh.com.