Legal
Here you will find the terms which you agree to when downloading KeyKong, our privacy policy and security operations for your convenience.
Here you will find the terms which you agree to when downloading KeyKong, our privacy policy and security operations for your convenience.
The following text outlines the terms of use of the KeyKong applications and website. You can also review our privacy policy, which outlines our practices towards handling any personal information that you may provide to us.
This is a legal document. If you use KeyKong, you agree to the terms.
The contract below outlines KeyKong’s terms of service (“the Agreement”). By downloading, installing and using KeyKong products and services (“the Services”) you agree and acknowledge that you have read and accepted this Agreement in its entirety, and agree to be bound by its terms. These terms of service apply to all users of the Services, including users with paid accounts.
KeyKong reserves the right, at its sole discretion, to modify or replace the terms of this Agreement at any time. If the alterations constitute a material change, KeyKong will notify you by posting an announcement on the KeyKong website. What constitutes a material change will be determined at KeyKong’s sole discretion. You shall be responsible for reviewing and becoming familiar with any such modifications. Using our Services following notification of a material change to this Agreement shall constitute your acceptance of the Agreement as modified.
The “Service” means (a) password managing, secure document storing, administrative and related systems and technologies, as well as the website https://keykong.io (the “Site”), and (b) all software (including the Software, as defined below), applications, data, text, images, and other content made available by or on behalf of KeyKong. Any modifications to the Service are also subject to these Terms. KeyKong reserves the right to modify or discontinue the Service or any feature or functionality thereof at any time without notice. All rights, title, and interest in and to the Service will remain with and belong exclusively to KeyKong.
We are humans too, so sometimes things break. We do our best.
KeyKong is providing this service on an “as is, as available” basis without representation or warranty of any kind. KeyKong does not guarantee as to the continuous availability of the service or of any specific feature(s) of the service. KeyKong may impose usage or service limits, suspend service, or block certain kinds of usage at our sole discretion. The accuracy and timeliness of data received is not guaranteed; delays or omissions may occur.
The speed and quality of the Service may vary and the Service is subject to unavailability, including emergencies, third party service failures, transmission, equipment or network problems or limitations, interference, signal strength, and maintenance and repair, and may be interrupted, refused, limited or curtailed. KeyKong is not responsible for any failures to maintain the confidentiality, security, accuracy or quality of your data, messages or pages whether or not related to interruptions or performance issues with the Service.
Some parts of the Service are billed on a subscription basis (“Subscription(s)”). You will be billed in advance on a recurring and periodic basis (“Billing Cycle”). Billing cycles are set on a regular basis, typically monthly or yearly. At the end of each Billing Cycle, your Subscription will automatically renew under the same conditions unless you cancel it or KeyKong cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting KeyKong customer support team.
A valid payment method, including credit card, is required to process the payment for your Subscription. You shall provide KeyKong or its third-party payment processor, with accurate and complete billing information including full name, address, state, zip code, and valid payment method information. By submitting such payment information, you automatically authorize KeyKong to charge all Subscription fees incurred through your account to any such payment instruments. All amounts paid are non-refundable. You further agree to be responsible for all taxes associated with the Service, along with any transaction fees and currency conversions added by your financial institution and intermediaries.
KeyKong may, at its sole discretion, offer a Subscription with a free trial for a limited period of time (“Free Trial”).
On the last day of the Free Trial period, your account will be automatically frozen, unless you upgrade to a subscription. You may be required to enter your billing information in order to upgrade and then you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected.
At any time and without notice, KeyKong reserves the right to (i) modify the terms and conditions of the Free Trial offer, or (ii) cancel such Free Trial offer.
When you create an account with us, you must provide us information that is accurate, complete, and current at all times. Failure to do so constitutes a breach of the Terms (either the Terms of Service and Privacy Policy). You are responsible for safeguarding the password that you use to access the Service and for any activities or actions under your password, whether your password is with our Service or a third party service.
You agree not to disclose your password to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.
You may not use as a username the name of another person or entity or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than you without appropriate authorization, or a name that is otherwise offensive, vulgar or obscene.
A computer or other equipment enabled to access the Internet (“Device”) is required to utilize the Service. You are solely responsible for ensuring that your Device is sufficient and compatible for use with the Service.
KeyKong may not be used to misrepresent or to act on behalf of others. All messages you transmit through our Services shall identify You as the sender. You may not:
- Alter the attribution of origin in electronic mail messages or posting
- Use the Service for anything other than lawful purposes
- Use the Services for commercial gain
- Use KeyKong to mask their identity for illegal or malicious purposes
- Distribute copyright-protected material through our servers
- Take any action that results in an unreasonable load on KeyKong infrastructure
- Use any 3rd party software to interfere with or attempt to interfere with the Services
You shall at all times abide by all applicable local, state, national and foreign laws, treaties and regulations in connection with your use of the Services, including those related to data privacy, international communications and the transmission of technical or personal data. If KeyKong is contacted with a complaint regarding or arising from your use of the Services, KeyKong may deem your service usage in violation of this Agreement and terminate your account without notice.
The Service and all contents, including but not limited to text, images, graphics or code are the property of KeyKong and are protected by copyright, trademarks, database and other intellectual property rights. You may display and copy, download or print portions of the material from the different areas of the Service only for your own non-commercial use. Any other use is strictly prohibited and may violate copyright, trademark and other laws. These Terms do not grant you a license to use any trademark of KeyKong or its affiliates. You further agree not to use, change or delete any proprietary notices from materials downloaded from the Service.
"Your Data" means any data and content which you upload, store, retrieve, or otherwise make available through the Service. You retain all of the rights to Your Data. You agree to grant KeyKong a license to store, retrieve, backup, restore, and otherwise copy Your Data so that we may provide you with the Service.
The Service may contain links to third-party websites or services that are not owned or controlled by KeyKong.
KeyKong has no control over and assumes no responsibility for, the content, privacy policies, or practices of any third party websites or services. You further acknowledge and agree that KeyKong shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such websites or services.
We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit.
You are entitled to cease using our Services at any time and for any reason without notice to us, but you will continue to be charged for Services until you cancel your account by logging in or contacting us.
You agree that KeyKong, in its sole discretion, for any or no reason, and without penalty, may terminate or suspend your use of the Service at any time. KeyKong may also in its sole discretion and at any time discontinue the Services in their entirety, or any part thereof, with or without notice.
All provisions of the Terms shall survive termination, including without limitation: ownership provisions, warranty disclaimers, indemnity and limitations of liability. Upon termination, your right to use the Service will immediately cease.
While all amounts paid are non-refundable, certain refund requests for subscriptions may be considered by KeyKong on a case-by-case basis and granted at the sole discretion of KeyKong.
KeyKong its directors, employees, partners, agents, suppliers, or affiliates, shall not be liable for (A) any loss or damage, indirect, incidental, special, consequential or punitive damages, including without limitation, economic loss, loss or damage to electronic media or data, goodwill, or other intangible losses, or (B) for any amount in the aggregate in excess of the fees actually paid by you in the six (6) months preceding the event giving rise to your claim, resulting from (i) your access to or use of the Service; (ii) your inability to access or use the Service; (iii) any conduct or content of any third-party on or related to the Service; (iv) any content obtained from or through the Service; and (v) the unauthorized access to, use of or alteration of your transmissions or content, whether based on warranty, contract, tort (including negligence) or any other claim in law, whether or not we have been informed of the possibility of such damage, and even if a remedy set forth herein is found to have failed of its essential purpose.
KeyKong makes no representation, warranty, or guarantee as to the reliability, timeliness, quality, suitability, availability, accuracy or completeness of the Services. KeyKong does not represent or warrant that (a) the use of the Services will be secure, timely, uninterrupted or error-free or operate in combination with any other hardware, software, system or data, (b) the Service will meet your requirements or expectations (c) errors or defects will be corrected, or (d) the Services are free of viruses or other harmful components. The Service is provided by KeyKong on an “as is” “as available” basis without warranties of any kind, either expressed or implied, including without limitation, any implied warranty of merchantability, fitness for a particular purpose, or non-infringement of third-party rights, are hereby disclaimed to the maximum extent permitted by law. You expressly agree that use of the Services is at your sole risk.
These Terms shall be governed by and interpreted and enforced in accordance with, the laws in Brazil.
If any provision of these Terms is held to be invalid or unenforceable by a court of competent jurisdiction, then any remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements, oral or otherwise, regarding the Service.
All disputes and questions whatsoever which shall arise between KeyKong and you in connection with this Service Agreement,
or the construction or application thereof or any provision contained in this Service Agreement or as to any act,
deed or omission of any party or as to any other matter in any way relating to this Service Agreement, shall be resolved
by arbitration. Such arbitration shall be conducted by a single arbitrator.
The District Court of Rio de Janeiro
/ RJ is hereby elected as competent to resolve disputes arising from this contract, excluding any other, however
privileged it may or may become.
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material
we will make reasonable efforts to provide at least 30 days’ notice prior to any new terms taking effect. What constitutes
a material change will be determined at our sole discretion.
By continuing to access or use our Service after
those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms,
in whole or in part, please stop using the website and the Service.
The Change Log section below is not a part
of these Terms, nor is the Terms of Service archive or any content linked therefrom.
If you have any questions about these Terms, you can contact our support team or write us by mail at:
Av. Passos 120, 15° Andar
Centro - Rio de Janeiro, CEP 20051-040
RJ - Brasil
Thanks for reading
Change Log
2018-04-08:
We clarified what happens if we part ways.
Here at KeyKong, we believe that the less information we know about you, the better. After all, it is impossible to lose, misuse, or abuse information we don’t have.
This Privacy Policy describes how KeyKong handles your personal information when you use our KeyKong services (“Services”).
By using our Services, you agree to let us collect, use, disclose and otherwise manage your personal information as we describe in this Privacy Policy.
KeyKong is a global company with headquarters in Brazil. By using our Services, you authorize KeyKong to use your information according to BRAZILIAN’s laws, regardless of which country you are located in.
If you have any questions or comments about this Privacy Policy, please contact us at [email protected]
As a provider of online privacy and security services, we ultimately strive to collect the minimal amount of Personal Information required to operate our Services. This often means difficult trade-offs between the information we collect and the performance of our Services.
We believe in an open dialogue because this Privacy Policy is an evolving document. We welcome your thoughts and feedback on how we're doing.
"Personal Information" means any information that can be used to identify you individually. It includes information about you that you provide while using our Services.
The Personal Information we collect includes your Account Data, certain payment information and, in some circumstances may include Operational Data, as described below. We may also collect Personal Information you provide to us if you communicate with us, for example, to request support.
We collect, use and disclose your Personal Information as necessary in order to provide you with the Services and for the other purposes identified below.
KeyKong was carefully engineered so that you and only you can access the information stored in KeyKong. All items, such as passwords, credit cards, notes and any other types of data, stored by you in KeyKong are end to end encrypted. No KeyKong staff, including our support team and engineers, can view or access the items you add.
Your encrypted data will be stored on our servers so that you can sync between devices. Even though your data will be stored on our servers, it will only be accessible to you when you unlock it with your Key Password.
KeyKong does not own the data in your KeyKong, this is your information and you can add to it, delete it and modify it anytime you choose.
When you create or update your KeyKong user account, we collect and store the following “Account Data”. The Account Data is listed below in its entirety and is used by us for the purposes described:
Email address Signing up for, providing support for and using your account. General communications, purchase receipts and occasional product news. Confirmation that your email address is valid.
KeyKong also collects and stores “Operational Data” required to operate our Services. This is data that we collect and store when you connect to our Services. Operational Data is listed below in its entirety and is used by us for the following purposes:
OS Version
User support, troubleshooting, and product planning
KeyKong App Version
User support and troubleshooting
Feature activation
Customer satisfaction, support and product planning
Achievements
Customer satisfaction, support and product planning
Total number of items in KeyKong
Customer satisfaction, support and product planning
Making a purchase with a credit card on any of the Services will result in Personal Information being exchanged with payment processors.
KeyKong processes credit card payment information securely through Fastspring, a third party payment processor, whose use of your Personal Information is governed by their privacy policy.
Fastspring may store Personal Information associated with your financial transactions in European Economic Area (“EEA”) or the United States of America, in which case such information will be subject to the laws of the jurisdiction in which it is held.
When you pay with credit card, KeyKong collects and stores the following information, which is used for the purposes described:
KeyKong does not store, but can securely log in and view, the following information through our third party payment processor Fastspring:
KeyKong never stores your complete credit card number. To protect the security of your payment information, we adopt all available security and multi-factor authentication measures available from our payment processors.
KeyKong operates exclusively with PCI compliant payment processors. Only our payment processors have the ability to collect, use and access your full credit card information and other financial information. They can use this information solely for the purpose of charging and invoicing you for our (paid) Services and as otherwise required by law.
Except as described below or as required or permitted by law, KeyKong will NOT disclose your Personal Information to any other third parties under any circumstance without your consent.
KeyKong may disclose your Personal Information to third-party service providers (e.g., payment processors as described above) to the extent necessary in order to provide you with the Services; in such case, we use contractual or other means to ensure that there is a comparable level of protection for any Personal Information that is processed for us by third parties.
In the event KeyKong is required to comply with law enforcement where subpoenas, warrants or other legal documents have been provided, valid under Brazilian jurisdiction, we will disclose Personal Information only to the extent legally required.
If our organization structure changes (i.e., we undergo a restructuring or are acquired), we may need to migrate your Personal Information to a third party related to a business transaction, but, we will ensure that such a third party has entered into an agreement under which the use of your Personal Information is only related to purposes necessary for the transaction and the third party agrees to protect your Personal Information by appropriate security safeguards.
Additionally, we cannot disclose information about the passwords, credit cards or other data our users store in their KeyKong, as KeyKong does NOT have access to this information.
Any Personal Information you provide to KeyKong will be administered according to the following principles:
KeyKong is responsible for the Personal Information under our control and has designated one or more individuals to oversee KeyKong’s privacy compliance. Should you have any questions, concerns or complaints about how your Personal Information is handled or questions about our Privacy Policy, feel free to contact us at [email protected]
KeyKong will explain the purposes for which your Personal Information is collected before or when we collect it. If your Personal Information is to be used for a purpose not previously identified (i.e., a purpose other than those identified above), we will identify that purpose prior to use and, unless the new purpose is required by law, obtain your consent before using the information for that purpose.
Unless otherwise required by law, we will obtain your consent whenever we collect, use or disclose your Personal Information, or make changes to the Account Data we store. Your consent may be express or implied, depending on the circumstances. In certain circumstances, your consent may be implied by your actions. For example, by providing us Personal Information to sign up for our Services, it is implied that we can collect, use and disclose such information as we outlined in this Privacy Policy.
The form of consent sought by KeyKong may vary depending on the nature of the information. In determining the appropriate form of consent, KeyKong will take into account the sensitivity of the information and your reasonable expectations. Implied consent will generally be appropriate where information is less sensitive. You have the right to withdraw your consent to the collection, use or disclosure of your Personal Information. To exercise your right to withdraw consent, or ask questions about your Personal Information, please contact [email protected]
We take great care to not collect Personal Information indiscriminately and limit collection to the minimum necessary information required to operate our Services. By limiting the collection of Personal Information, we help to protect the privacy and security of your Personal Information.
We will not use or disclose your Personal Information for any purpose that you have not consented to, except as required by law. KeyKong will NOT sell or trade Personal Information for commercial purposes.
We store your Personal Information only as long as is necessary for the purposes for which it is collected or as required by law. We erase or destroy the records containing Personal Information when they are no longer required; this will be done in ways that will protect your continued privacy.
It is your responsibility to inform KeyKong of any relevant changes in your Personal Information by updating your account information.
KeyKong uses strong safeguards to protect the privacy of all our records, including your Personal Information. We implement physical, business and technical security measures that are designed to prevent and protect against loss or theft as well as unauthorized access, disclosure, copying, use or modification to or of your Personal Information.
Only KeyKong’s employees or service providers with a business need to know or whose duties require access to Personal Information are granted access to our customers’ Personal Information as outlined in sections 1.3, 1.4 and 1.5. All such employees are required as a condition of employment to respect the confidentiality of our customers’ Personal Information. No staff will ever be able to access, view or modify your KeyKong data as outlined in section 1.2. We use contractual or other means to ensure that there is a comparable level of protection for any Personal Information that is processed for us by third parties.
Your KeyKong data is secured by a Key Password that you select. YOU ARE RESPONSIBLE FOR PROTECTING YOUR KEY PASSWORD. If you forget your Key Password, KeyKong can reset your account, but in doing so the backup of your data on our servers will be deleted.
So that you can be confident that we are handling your Personal Information appropriately, we take extraordinary measures to document our policies and provide openness and transparency around the Personal Information we collect, why we collect it and how we use, disclose and otherwise handle it. To find out more information about our policies and practices with respect to the management of your Personal Information, contact us at [email protected]
If at any time you have a question about our records containing your Personal Information, we will do our best to answer it. Subject to limited exceptions as mandated by law, you have the right to be told what Personal Information we maintain about you, how it has been or is being used and to whom it has been or may have been disclosed, as well as the right to access that information.
When you send us a written request, we’ll confirm your ownership of the account and then we will provide you with any information we have regarding our storage, use, and disclosure of your Personal Information.
You can request access to your Personal Information, or challenge its accuracy and completeness and request amendments, as appropriate, by contacting us at [email protected]
We may need to change our Privacy Policy from time-to-time and all updates will be posted online at https://keykong.io. Your continued use of our Services after the effective date of such changes constitutes your acceptance of such changes. We will post an effective date at the top of the page for your convenience.
Vulnerability scans on KeyKong are automatically conducted. All changes are peer-reviewed and vulnerability lists are actively monitored for CVE and other vulnerability disclosures with actions taken. We have penetration tests made annually, with all findings mitigated fixed as quickly as possible.
Issues that come to our attention through penetration tests, or other means, are fixed on the next versions.
KeyKong's services are hosted on Amazon Web Services’ (“AWS”) EC2 platform.
AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). We undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
All user data is stored in the US regions of AWS. KeyKong’s production environment is hosted on an AWS EC2 platform. Our backups are stored in AWS EC2 and S3.
KeyKong has separated distinct production, staging, and development environments. Production data is not replicated outside of these restricted environments.
Only KeyKong's authorized member teams (who follow a strict security process) can access these environments.
Our DDoS protection and Web Application Firewall are provided by Cloudflare. Also our servers runs a IDS for real time monitoring and alerting.
Logging in using a username or email and password requires a strong password (minimum of 10 characters, special characters, numbers and capital letters). Repeated failed login attempts trigger a captcha lock before the user can retry. Passwords are stored in a hashed form and will never be sent via email.
Password complexity and session length requirements cannot be customized within KeyKong.
All data is considered highly sensitive. Only authorized and trained members of KeyKong's team have direct access to production systems and encrypted data. The ones that have direct access are only permitted to view it for troubleshooting purposes. These members undergo criminal background checks and are approved by the VP of Engineering. This access is reviewed quarterly and on role changes.
Only a select customer data (in very limited cases) is shared with third parties service providers on a strictly need-to-know basis (a user's email address for an email delivery provider, for example).
We never replicate customer data onto employee workstations. That’s why KeyKong relies on AWS for physical security compliance. The physical servers are located in AWS’ secure data centers. More details from Amazon’s documentation:
AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
KeyKong uses Transport Layer Security (“TLS” an industry standard) and creates a secure connection with 128bit Advanced Encryption Standard (“AES”). We ensure that all connections are made securely over https.
On termination of a KeyKong contract or at the request of the customer, the data belonging to the user will be completely removed from the database.
Deployment to the production environment is based on a mandatory review. We run Automated unit tests and vulnerability scans on each deployment process, we can also demand penetration tests for more considerative changes. Everything is tested in a staging environment prior to deployment. Patches to the application are deployed usually several times per week. All system changes are reviewed and patches are deployed as relevant to their level of security and stability.
All API calls and application logs stay for at least 30 days without sensitive information, and available only to authorized employees as required by their role. Anonymous analytical information is collected along with usage events (e.g., a password was created) with no user-generated content (site names, password content).
KeyKong executes backups regularly. All backups are encrypted and stored in multiple locations.
A live delayed replica of KeyKong’s database is constantly being taken. Also, a full backup snapshot of the database is taken every 24 hours.
KeyKong's system was designed to keep running even if the underlying infrastructure experiences an outage. For each critical KeyKong service, there is a secondary service running simultaneously with mirrored data in a different availability zone.
In case that two Amazon EC2 availability zones have service interruptions, KeyKong has been designed to recover with limited service interruption and a maximum of 1 hour of data loss.
In the event that KeyKong's entire AWS EC2 is suffering from a major outage, KeyKong will restore servers using automated solutions. In this case, data would be recovered from backups asap, with no more than of 24 hours of data loss.
Any workstations running Windows or OS X (for members of the operations team with high-level access) used for ssh terminal access to the production environment must be running an anti-virus software with daily updates and monitoring.
KeyKong's linux servers run an Intrusion Detection System (IDS) which includes scanning for rootkit signatures and File Integrity Monitoring alerting on any changes to the configuration and operating system files.
All employees sign a Confidential Information and Inventions Agreement. In the event that a security policy is breached by an employee, KeyKong will take the appropriate response, which may include contract termination.
Employees are required to enforce 2FA when available and use strong and secure passwords.
When necessary to perform a planned maintenance on KeyKong services we will make efforts to announce procedures that could potentially impact users via an announcement at least 30 minutes prior to the event.
We are constantly working to make outages as short as possible. Also, we frequently evaluate our maintenance schedule to ensure that we keep impacts as low as possible.
On unforeseen events, we may have to perform unplanned maintenance on KeyKong. Maintenance might cause some or all of the KeyKong services to be unavailable for a period of time. Any unplanned or emergency maintenance will be announced with as much advance notice as reasonably possible. As with planned maintenance, we do our best to minimize disruption caused by service outages.