Terms of Service

Download PDF Version: 1.1 | Effective date: December 28, 2025

NOTICE: This English translation is provided for informational purposes only. In the event of any discrepancy between the French and English versions, the French version shall prevail.

Preamble

These Terms of Service (hereinafter “Terms”) govern access to and use of the services offered by Heimlane, via its Platform.

Heimlane is a French cybersecurity company whose mission is to provide accessible security.

Article 1 – Definitions

In these Terms, the following terms have the meanings set out below:

“Heimlane” or “We”: means Heimlane SAS, a company registered with the Paris Trade and Companies Register under number 994 567 683, with its registered office at 1 rue de Stockholm, 75008 Paris, France.

“Platform”: means all services, applications and interfaces offered by Heimlane, accessible via the websites heimlane.com, vault.heimlane.io, prism.heimlane.io and their subdomains.

“Services”: means all functionalities offered by the Platform, including Vault (password manager), Realm (access management) and Scout (security assessments).

“User” or “You”: means any natural or legal person who accesses the Platform and/or uses the Services.

“Account”: means the personal space created by the User to access the Platform and/or Services.

“Master Password”: means the unique password chosen by the User to access their Vault and decrypt their data.

“Zone”: means a sharing space within Vault allowing multiple Users to share credentials securely.

“Group”: means a subset of credentials within a Zone, used to organize and control access to shared data.

“Zero-Knowledge Architecture”: means the technical architecture whereby User data is encrypted by the User themselves on their device, so that Heimlane never has access to this data in clear text. Only the User holds the decryption key.

“Encrypted Data”: means all information stored by the User in their Vault, encrypted on their device before transmission to Heimlane servers.

“Secure Sharing”: means the functionality allowing secure sending of files or text to a recipient, with end-to-end encryption and automatic expiration.

Article 2 – Purpose and Acceptance

2.1 Purpose

The purpose of these Terms is to define the conditions under which Heimlane makes its Services available to Users via the Platform, as well as the rights and obligations of the parties.

2.2 Acceptance

Access to and use of the Services are subject to acceptance of and compliance with these Terms. By creating an Account or using the Services, the User acknowledges having read, understood and accepted these Terms without reservation.

If the User does not accept these Terms, they must refrain from using the Services.

The User declares that they are a natural person of legal age (minimum 18 years) with full legal capacity to enter into these Terms, or duly authorized to represent the legal entity on whose behalf they act.

Article 3 – Description of Services

The Platform comprises several modules and products:

3.1 Heimlane Vault – Vault and Password Manager

Vault is a virtual vault and secure password manager product based on zero-knowledge architecture. Main features include:

  • Secure storage of passwords, notes, bank cards and identities
  • Encrypted synchronization across devices (web, mobile, desktop, browser extensions)
  • Secure sharing via Zones (encrypted collaborative spaces)
  • Two-factor authentication (2FA/MFA)
  • Secure Sharing of files and text
  • Strong password generation
  • Data import and export in multiple standard formats

3.2 Heimlane Realm – Access Management

Realm is an access management module for controlling and auditing connections to company systems. Features include secure remote access, session recording and role-based access control.

3.3 Heimlane Scout – Security Assessments

Scout is a module for assessing organizations’ security and compliance levels. Security starts with understanding your situation. Scout enables automated assessment of your security level through simple and relevant questionnaires.

3.4 Evolution of Services

Heimlane reserves the right to evolve the Services, add or remove certain features. The User will be notified within a reasonable time before such changes take effect. Such Service modifications shall not give rise to any compensation to the User.

Article 4 – Provisions Specific to Heimlane Vault

4.1 Zero-Knowledge Architecture

Heimlane Vault is based on a “zero-knowledge” security architecture. This means that:

  • All sensitive data (passwords, notes, cards, identities) is encrypted by the User on their device before being transmitted to Heimlane servers;
  • The encryption key is derived from the User’s Master Password;
  • Heimlane never stores the Master Password and can never access the User’s data in clear text;
  • Decryption occurs exclusively on the User’s device.

Due to this architecture, the User expressly acknowledges and accepts that:

  • Heimlane is technically unable to recover, reset or provide the User’s Master Password;
  • In case of loss or forgetting of the Master Password, the data contained in the Vault will be permanently inaccessible and cannot be recovered by any means;
  • This impossibility of recovery is an intentional security feature and not a defect in the Service.

4.2 Master Password Responsibility

When activating two-factor authentication (2FA), the User receives single-use recovery codes. The User is solely responsible for the use and secure storage of these codes.

The User is solely responsible for:

  • Choosing a sufficiently strong Master Password (minimum 14 characters recommended, with uppercase, lowercase, numbers and special characters);
  • Memorizing and securely storing their Master Password, and bears sole responsibility for it;
  • The confidentiality of their Master Password;
  • All actions performed via their Account.

The User may define a “password hint” when creating their account. This hint is stored in clear text and can be requested via the “forgot password” function. The User undertakes that this hint does not contain the Master Password itself, and is solely responsible for it.

4.3 Data Accessible by Heimlane (Metadata)

Although Heimlane cannot access encrypted data, certain unencrypted information is necessary for the Service to function:

  • User’s email address
  • Account identifier;
  • Fingerprint (checksum/hash) of the Master Password;
  • Number and type of stored items (without their content);
  • Creation and modification dates;
  • Billing information (for paid subscriptions);
  • Connection logs (IP address, date/time, success/failure).

4.4 Shared Vault (Credential Sharing)

Zones allow multiple Users to share credentials securely. The Owner (account used for creating a shared vault) of a shared vault is solely responsible for managing access, invitations and permissions granted to shared vault members. Data shared within a Zone remains encrypted according to the same zero-knowledge architecture principle.

4.5 Account Deletion

The User may delete their account at any time from their Vault settings. Deletion results in the permanent and irreversible erasure of all data associated with the Account in accordance with our Privacy Policy. The User initiating this procedure is solely responsible for it.

The User is invited to export their data before any deletion. Heimlane declines all responsibility for data not exported before Account deletion. No recovery of such deleted data can be performed by Heimlane.

Article 5 – Subscriptions and Pricing

5.1 Subscription Plans

The Services are offered under different subscription plans such as: Free, Premium, Premium+, Family, Teams and Business. The features and limits of each plan are defined and available on the Heimlane website at the time of subscription.

Heimlane reserves the right to modify subscription plans, their features and prices. Price changes do not affect current subscriptions until their renewal.

5.2 Billing and Payment

Subscriptions are billed monthly or annually, at the User’s choice. Prices shown are exclusive of taxes. Applicable VAT is calculated and added at payment according to legal requirements in force.

Payment is made by credit card via our secure payment provider.

5.3 Renewal and Termination

Subscriptions are automatically renewed by tacit renewal at their expiry. The User may terminate their subscription at any time in accordance with Article 12.1 hereof.

Termination does not give rise to any refund of subscription time billed and not used.

5.4 Right of Withdrawal

In accordance with Articles L221-18 et seq. of the French Consumer Code, consumer Users have a period of 14 days from subscription to exercise their right of withdrawal.

However, by accepting immediate execution of the Service at subscription, the User expressly acknowledges waiving their right of withdrawal once the Service is activated.

Article 6 – Intellectual Property

6.1 Heimlane’s Rights

The Platform, the Services, their structure, design, functionality, as well as all content (text, images, logos, trademarks) are the exclusive property of Heimlane or its licensors, and are protected by French and international intellectual property laws.

The Heimlane trademark is registered with the EUIPO (European Union Intellectual Property Office).

6.2 License to Use

Heimlane grants the User a personal, non-exclusive, non-transferable and revocable license to use the Services for the duration of their subscription and in compliance with these Terms. Apart from this license under the conditions specified above, the User acquires no rights to the Platform, the Services or generally to any intellectual property rights belonging to Heimlane or its licensors.

6.3 Ownership of User Data

The User retains full ownership of their data stored in the Service. Heimlane claims no ownership rights over such data.

6.4 Open Source Software

Certain components of client applications are distributed under open source licenses. The relevant source codes are available in accordance with the terms of the applicable licenses.

Article 7 – Personal Data Protection

The processing of personal data by Heimlane is governed by our Privacy Policy, available on the Heimlane website and forming an integral part of these Terms, and can be accessed at this address: https://heimlane.com/legal/privacy/

Article 8 – Limitation of Liability

8.1 Warranty Exclusions

To the extent permitted by applicable law, the Services are provided “as is” and “as available”. Heimlane does not guarantee that the Services will be uninterrupted, secure or error-free. HEIMLANE HAS NO OBLIGATION OR LIABILITY ARISING FROM SERVICES PROVIDED BY THIRD PARTIES. THE SOLE AND EXCLUSIVE REMEDY, WITH RESPECT TO HEIMLANE, FOR ANY PROBLEM OR DISSATISFACTION WITH THIRD-PARTY SERVICES IS TO TERMINATE THE SUBSCRIPTION WITH HEIMLANE. IN NO EVENT SHALL HEIMLANE BE LIABLE FOR (1) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES; (2) ANY LOSS OF USE, DATA, BUSINESS OR PROFITS (DIRECT OR INDIRECT), ARISING FROM THE USE OR INABILITY TO USE THE PLATFORM OR SERVICES; (3) BEYOND THE LIABILITY CAP PROVIDED IN ARTICLE 8.4 HEREOF. IN ANY EVENT, ANY LIABILITY FOR USER’S LOSSES OR DAMAGES IS STRICTLY LIMITED TO REASONABLY FORESEEABLE LOSSES.

8.2 Limitation Specific to Zero-Knowledge Architecture

Under no circumstances shall Heimlane be held liable for:

  • Data loss resulting from the User forgetting or losing their Master Password;
  • Inability to access encrypted data for any reason related to the Master Password;
  • Consequences of Master Password compromise due to User negligence;
  • Fraudulent use of the Account by a third party having obtained access to the User’s credentials.

8.3 Liability Cap

To the extent permitted by law, Heimlane’s total liability, whatever the cause, is limited to the amount actually paid by the User during the twelve (12) months preceding the event giving rise to liability.

8.4 Force Majeure

Heimlane shall not be held liable for failure to perform its obligations in the event of force majeure within the meaning of Article 1218 of the French Civil Code, including:

  • Natural disaster, war, terrorist act, strike;
  • Telecommunications or electricity network failure;
  • Failure of a critical hosting or infrastructure provider (data center, cloud services);
  • Major cyber attack affecting the infrastructure.

Article 9 – Acceptable Use

9.1 Prohibited Uses

The User undertakes not to use the Services to:

  • Store, transmit or share illegal content, including child pornography, content inciting hatred, violence or terrorism;
  • Facilitate criminal or fraudulent activities;
  • Infringe the intellectual property rights of third parties;
  • Attempt to compromise the security of the Platform or other users;
  • Circumvent technical protection or limitation measures;
  • Resell or sublicense access to the Services without authorization. More generally, use them in a manner that does not comply with applicable laws and regulations.

9.2 Fair Use

The Secure Sharing feature is intended for occasional sending of files or text to identified recipients. It does not constitute a file distribution service and may not be used as such. Usage capacity can be viewed by the User at any time in their personal space.

9.3 Consequences of Violations

In case of violation of these Terms, Heimlane reserves the right to immediately suspend or terminate the User’s Account, without notice or compensation, and to take any appropriate legal action.

Article 10 – Availability and Support

10.1 Service Availability

Heimlane strives to ensure optimal availability of the Platform and Services. However, Heimlane may need to temporarily interrupt the Platform and/or Services for maintenance operations, updates or in exceptional circumstances.

Heimlane will inform Users of scheduled interruptions within a reasonable time, except in emergencies. Such interruptions of access to the Platform and/or Services shall not give rise to any compensation to the User.

10.2 Technical Support

Technical support is accessible via the help pages available on the Heimlane website. Users of paid plans benefit from priority support.

Article 11 – Modifications of Terms

Heimlane reserves the right to modify these Terms at any time. Users will be informed of substantial modifications by email and/or notification in the interface, within a reasonable time before they take effect.

Modifications made necessary by security, legal compliance or anti-abuse reasons may take effect immediately.

Continued use of the Services after the new Terms take effect constitutes acceptance thereof. In case of disagreement, the User may terminate their subscription before the modifications take effect in accordance with Article 5.3 hereof.

Article 12 – Termination

12.1 Termination by User

The User may terminate their Account at any time by following the deletion procedure available in the settings. Termination results in the permanent deletion of all data associated with the Account in accordance with our Privacy Policy.

12.2 Termination by Heimlane

Heimlane may terminate a User’s Account:

  • For violation of these Terms, with immediate effect, subject to the provisions of Article 13 hereof;
  • In case of non-payment;
  • In case of discontinuation of Services, with 90 days’ notice.

The User may under no circumstances claim access to the Platform or Services, including for the purpose of exporting their data, and assumes full responsibility for their actions leading to the termination of their Account.

12.3 Data Export

Before any termination, the User is invited to export their data via the export function available in the Vault settings. Heimlane declines all responsibility for data not exported before termination.

The retention periods for data entrusted to us are detailed in our Privacy Policy.

Article 13 – Applicable Law and Jurisdiction

13.1 Applicable Law

These Terms are governed by French law.

In case of translation of these Terms into another language, only the French version shall prevail.

13.2 Mediation

In accordance with Articles L611-1 et seq. of the French Consumer Code, consumer Users may have free recourse to a consumer mediator in case of unresolved dispute with Heimlane.

13.3 Competent Jurisdiction

Failing amicable resolution, any dispute relating to the interpretation or execution of these Terms shall be submitted to the competent courts of Paris, France.

For consumer Users, this clause does not preclude the right to bring proceedings before the courts of their place of residence in accordance with applicable jurisdiction rules.

Article 14 – Miscellaneous Provisions

14.1 Entire Agreement

These Terms, together with the Privacy Policy and any specific conditions applicable to certain Services, constitute the entire agreement between the User and Heimlane.

14.2 Partial Invalidity

If any provision of these Terms were declared null or unenforceable, it would be deemed unwritten without affecting the validity of the other provisions.

14.3 Waiver

Heimlane’s failure to exercise a right provided for in these Terms does not constitute a waiver of that right.

14.4 Assignment

The User may not assign their rights and obligations under these Terms without Heimlane’s prior written consent. Heimlane may freely assign these Terms to any successor or acquirer.

Article 15 – Contact

For any questions regarding these Terms or the Services, the User may contact Heimlane:

Heimlane SAS 1 rue de Stockholm 75008 Paris, France Email: contact@heimlane.com Website: https://heimlane.com

For Further Information

Learn how we collect, use, and protect your personal data.

Read our Privacy Policy