Legal

Terms of Use

Last updated: March 12, 2026

1. Acceptance of Terms

By accessing or using the envnest platform, including the web application, CLI tool, and API (collectively, the "Service"), you agree to be bound by these Terms of Use ("Terms"). If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

2. Description of Service

envnest provides a secrets management platform that allows users to store, sync, and inject encrypted environment variables and secrets across teams and environments. The Service includes:

  • A command-line interface (CLI) tool for managing secrets locally and in CI/CD pipelines
  • A web application for managing secrets, organizations, members, and settings
  • An API used by the CLI and integrations
  • Secret sharing features for distributing secrets via time-limited or access-controlled links
  • Integrations with third-party platforms (GitHub, GitLab, Vercel)
  • Optional AI-powered features for diff analysis, risk assessment, and secret organization (Team and Business plans)
  • Encryption with support for bring-your-own KMS (Business plan)

3. Accounts and Registration

You must create an account to use the Service. You may register using an email and password or by authenticating through a third-party provider (Google or GitHub). When you use a third-party provider, your use of that provider is subject to its own terms and privacy policy. We are not responsible for the practices of these providers.

You are responsible for maintaining the confidentiality of your account credentials, including CLI session tokens, service account tokens, and API keys. You agree to notify us immediately of any unauthorized use of your account.

You are responsible for all activity that occurs under your account, including actions taken by team members and service accounts within your organization.

4. Acceptable Use

You agree not to:

  • Use the Service for any unlawful purpose or in violation of any applicable law
  • Store content that is illegal, harmful, or violates third-party rights
  • Attempt to gain unauthorized access to the Service, other accounts, or underlying infrastructure
  • Interfere with or disrupt the integrity or performance of the Service
  • Reverse engineer, decompile, or disassemble the Service, except where permitted by law
  • Use the Service to build a competing product or service
  • Exceed rate limits or use the Service in a manner that degrades performance for other users
  • Use secret sharing features to distribute malware, exploits, or content that violates applicable law
  • Attempt to circumvent prompt injection guardrails or exploit AI features to access data outside your authorized scope
  • Use the Service to store or transmit secrets in a way that violates your own users' data rights

5. Your Data

You retain ownership of all secrets, environment variables, and other data you store in the Service ("Your Data"). You grantenvnest a limited license to process Your Data solely for the purpose of providing the Service, including encrypting, storing, decrypting, and transmitting it as you direct.

envnest does not use Your Data for purposes unrelated to service delivery. We do not sell Your Data or use it for advertising.

AI features exception: When you explicitly invoke AI-powered features (AI diff analysis, secret grouping recommendations, or the AI assistant), limited metadata about your secrets — specifically secret key names and, in diff scenarios, change status — is transmitted to a third-party AI provider to generate a response. Secret values are not transmitted to the AI provider. By using AI features, you consent to this limited data transmission. AI features are only available on Team and Business plans.

6. Encryption and Security

The Service encrypts secrets at rest using industry-standard encryption with unique per-secret data encryption keys, wrapped via envelope encryption. envnest is not a zero-knowledge system. The server performs encryption and decryption using key encryption keys managed through our key management system.

Business plan customers may configure bring-your-own KMS, giving you additional control over the key encryption keys used to protect your secrets. IP whitelisting is also available on Business plans to restrict access by IP address or CIDR range.

While we implement reasonable security measures, no system is completely secure. You acknowledge that you use the Service at your own risk and are responsible for maintaining your own backups where appropriate.

7. Secret Sharing

The Service allows you to create shareable links for secrets and encrypted files. Share links may be configured with a password, expiry time, maximum view count, and optional restriction to members of your organization. Public share links are accessible to anyone who obtains the link URL. You are solely responsible for managing the access controls and lifecycle of share links you create. We are not responsible for unauthorized access resulting from your sharing of link URLs.

8. Integrations

The Service supports integrations with third-party platforms, currently including GitHub, GitLab, and Vercel. When you configure an integration, you authorize envnest to transmit secrets to that platform on your behalf, using credentials you provide. Your use of integrations is subject to the third party's terms and privacy policies. We are not responsible for the availability, security, or practices of third-party services.

We store OAuth tokens for integrations in encrypted form. You may disconnect an integration at any time, which revokes stored tokens. Secrets previously pushed to a third-party platform are not automatically deleted from that platform when you disconnect an integration.

9. Change Requests

Business plan organizations may configure a change request workflow requiring peer review and approval before secrets in protected environments are modified. By enabling this feature, you agree that the change request system governs who may approve or reject proposed changes within your organization. envnest enforces the policy but is not responsible for internal organizational decisions made through the change request process.

10. CLI Tool

The envnest CLI authenticates using access tokens issued to your account or to service accounts. Each CLI request transmits a device UUID, application version, and OS metadata. You are responsible for securing CLI credentials stored on your local machine or in CI/CD environments. CLI session tokens should be treated with the same confidentiality as passwords.

11. Plans and Payment

The Service is offered under multiple plans (Free, Team, Business), each with different feature limits. Paid plans are billed per seat per month via Stripe. You agree to pay all fees associated with your selected plan. We may change pricing with 30 days' notice.

If you exceed your plan's limits (projects, environments, users), we may restrict functionality until you upgrade or reduce usage. We will not delete your data due to a plan limit without prior notice.

AI-powered features (diff analysis, secret grouping recommendations, AI assistant) are available on Team and Business plans only. Free plan users do not have access to AI features.

12. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted access. We may perform scheduled maintenance with reasonable notice. We are not liable for downtime, data loss, or service interruptions caused by factors outside our control, including third-party provider outages (AI providers, payment processors, OAuth providers, integration platforms).

13. Termination

You may close your account at any time. We may suspend or terminate your access if you violate these Terms or if required by law. Upon termination, your right to use the Service ceases. We will retain Your Data for 30 days after termination to allow for export, after which it will be permanently deleted.

14. Limitation of Liability

To the maximum extent permitted by law, envnest and its officers, employees, and affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or business opportunities, arising from your use of the Service.

Our total liability for any claim arising from these Terms or the Service shall not exceed the amount you paid us in the 12 months preceding the claim.

15. Disclaimer of Warranties

The Service is provided "as is" and "as available" without warranties of any kind, whether express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement.

16. Indemnification

You agree to indemnify and hold harmless envnest from any claims, damages, or expenses arising from your use of the Service, your violation of these Terms, your violation of any third-party rights, or any unauthorized access resulting from credentials or share links you have distributed.

17. Changes to Terms

We may update these Terms from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated Terms.

18. Governing Law

These Terms are governed by and construed in accordance with the laws of the jurisdiction in which envnest is incorporated, without regard to conflict of law principles.

19. Contact

If you have questions about these Terms, contact us at [email protected].