Effective Date: March 28, 2026 — Last Updated: March 28, 2026
By accessing or using any Davy.Locker product, service, software development kit (SDK), website, cloud dashboard, command-line interface, or API (collectively, the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.
If you do not agree with any part of these Terms, you must not use the Service. Your continued use of the Service constitutes ongoing acceptance of these Terms as they may be amended from time to time.
Davy.Locker is a credential security platform designed for AI agents and automated systems. The Service provides:
Davy.Locker employs a zero-knowledge architecture. All encryption and decryption occurs locally on your device or infrastructure. Davy.Locker never receives, stores, transmits, or has access to your plaintext credentials, master password, or derived encryption keys.
The Free tier is a fully functional, self-hosted security runtime available at no cost with no account required. It includes the open-source SDK, encrypted vault, credential injection proxy, response lenses, local audit logging, and support for unlimited agents and credentials. The Free tier is not a trial — it is a permanent offering with no time limit or feature expiration.
The Pro tier provides a cloud dashboard for centralized management, multi-server sync (up to 10 nodes), The Kraken AI security monitoring, auto-rotation (scheduled and triggered), team sharing (up to 5 members), security scoring, alerting (Slack, email, webhooks), grant hygiene reports, and priority support. Pro subscriptions are billed monthly. You may cancel at any time; cancellation takes effect at the end of the current billing period.
Enterprise tier is available at custom pricing and includes everything in Pro plus unlimited nodes and team members, SSO/SAML integration, custom Kraken rules, SOC 2 compliance evidence export, self-hosted or cloud dashboard options, dedicated support with SLA, and a data processing agreement. Enterprise terms are governed by a separate written agreement between you and Davy.Locker.
Paid subscriptions are billed in advance on a monthly recurring basis. All fees are non-refundable except where required by applicable law. Davy.Locker reserves the right to change pricing with 30 days advance written notice. Price changes do not apply to the current billing period.
Your encrypted vault is protected by a master password that you create. Davy.Locker operates on a zero-knowledge model: we do not store, transmit, or have any means to access your master password or the encryption keys derived from it.
Critical: If you lose your master password, Davy.Locker cannot recover it, reset it, or decrypt your vault. You are solely responsible for securely storing and remembering your master password. Loss of your master password results in permanent, irrecoverable loss of access to all credentials stored in your vault.
If you create a Davy.Locker account for Pro or Enterprise features, you are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify Davy.Locker immediately at security@davylocker.dev if you become aware of any unauthorized use of your account.
The Davy.Locker SDK runs within your own infrastructure. You are responsible for the security, maintenance, and proper configuration of the servers, environments, and systems on which you deploy the SDK. Davy.Locker is not responsible for vulnerabilities, breaches, or data loss arising from misconfiguration, unpatched systems, or insecure deployment practices within your infrastructure.
You agree not to use the Service to:
Violation of this Acceptable Use policy may result in immediate suspension or termination of your access to the Service without notice or refund.
The Service, including its software, design, documentation, branding, trademarks (including "Davy.Locker," "The Kraken," and the Davy.Locker logo), and all related intellectual property, are owned by Davy.Locker and protected by applicable intellectual property laws. Nothing in these Terms grants you ownership of any Davy.Locker intellectual property.
Certain components of the Davy.Locker SDK are released under open-source licenses. Your use of those components is governed by their respective license terms (e.g., MIT, Apache 2.0) as specified in each package's repository. These Terms do not restrict rights granted to you under applicable open-source licenses.
You retain full ownership of all credentials, configurations, and data you store in or process through the Service. Davy.Locker does not claim any ownership or license to your data. Due to our zero-knowledge architecture, we cannot access your encrypted data even if we wanted to.
The Kraken is an AI-powered security monitoring feature available in Pro and Enterprise tiers. It provides automated anomaly detection, security recommendations, threat response suggestions, and credential rotation triggers.
Important: The Kraken provides recommendations and automated responses, not guarantees. AI-based security monitoring is probabilistic by nature. The Kraken may produce false positives (flagging benign activity as suspicious) or false negatives (failing to detect certain threats).
Specifically:
Davy.Locker provides security tooling — not insurance.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
These limitations apply even if Davy.Locker has been advised of the possibility of such damages and regardless of the form of action, whether in contract, tort (including negligence), strict liability, or otherwise.
You agree to indemnify, defend, and hold harmless Davy.Locker and its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:
You may stop using the Service at any time. For Pro or Enterprise subscriptions, you may cancel your subscription through the cloud dashboard or by contacting support@davylocker.dev. Cancellation takes effect at the end of the current billing period. No partial refunds are provided for unused time within a billing period.
Davy.Locker may suspend or terminate your access to the Service at any time, with or without cause, and with or without notice, if:
Upon termination, your right to access the Pro or Enterprise cloud services ceases immediately. The open-source SDK installed on your infrastructure remains functional and subject to its open-source license terms. Your locally encrypted vault data remains on your systems and under your control — Davy.Locker has no ability to remotely delete, modify, or access it. Sections of these Terms that by their nature should survive termination (including Limitation of Liability, Indemnification, and Governing Law) shall survive.
Davy.Locker reserves the right to modify these Terms at any time. Material changes will be communicated through one or more of the following: a prominent notice on our website, email notification to registered Pro/Enterprise users, or an in-dashboard alert.
Changes become effective 30 days after posting unless a longer notice period is required by applicable law. Your continued use of the Service after the effective date constitutes acceptance of the updated Terms. If you do not agree with the updated Terms, you must stop using the Service before the effective date.
We encourage you to review these Terms periodically. The "Last Updated" date at the top of this page indicates when the most recent changes were made.
These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions.
Any dispute arising out of or relating to these Terms or the Service shall first be attempted to be resolved through good-faith negotiation between the parties. If negotiation fails to resolve the dispute within 30 days, either party may pursue resolution through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, conducted in the English language. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.
Notwithstanding the foregoing, either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property rights or to prevent irreparable harm.
You agree that any proceedings will be conducted on an individual basis and not as part of a class, consolidated, or representative action.
If you have questions about these Terms, the Service, or your rights, you can reach us at: