Terms of Service

NOTICE: This English translation is provided for informational purposes only. In the event of any discrepancy between the French and English versions, the French version shall prevail.

Preamble

These Terms of Service (hereinafter “Terms”) govern:

• access to and use of the services offered by Heimlane;
• the terms for subscribing to free plans;
• the terms for subscribing to paid plans;
• the rights and obligations of Users and Clients.

Heimlane SAS, registered with the Paris Trade and Companies Register under number 994 567 683, with its registered office at 1 rue de Stockholm, 75008 Paris, France (hereinafter “Heimlane”), operates a SaaS cybersecurity platform accessible via the domains heimlane.com, heimlane.fr, vault.heimlane.io, prism.heimlane.io, realm.heimlane.io and any other domain registered and used by Heimlane in the future (hereinafter the “Platform”).

These Terms apply:

• to all Users, regarding access to the Platform and use of the Services, whether free or paid, as well as subscription, renewal and termination of free plans;
• to all Clients, regarding the subscription of a paid plan, financial terms, renewal and termination of the Subscription.

These Terms are made available to all persons prior to subscribing to any plan, whether free or paid.

Acceptance of these Terms is confirmed by ticking a dedicated checkbox when subscribing or registering for a service offered by Heimlane.

This acceptance is required to complete registration, place an order, or gain access to the Platform.

It constitutes full and unconditional acceptance of the Terms in force at the relevant date.

Where the interface does not allow full display of the Terms, they are accessible via hyperlink and acceptance is confirmed electronically.

Article 1 – Definitions

In these Terms, the following terms have the meanings set out below:

“Services”: means all functionalities offered by the Platform, including Vault (password manager), Realm (access management) and Scout (security assessments), as well as any features developed or made available in the future.

“User” or “You”: means any natural or legal person who accesses the Platform and/or uses the Services, whether free or paid.

“Account”: means the personal space created by the User to access the Platform and/or Services.

“Master Password”: means the unique password chosen by the User to access their Vault and decrypt their data.

“Vault”: means the individual space where the User’s encrypted data is stored, accessible exclusively with their credentials and Master Password, secured through cryptographic processes.

“Shared Vault”: means a sharing space within Vault allowing multiple Users to share credentials securely.

“Group”: means a subset of credentials within a Shared Vault, used to organize and control access to shared data.

“Zero-Knowledge Architecture”: means the technical architecture whereby User data is encrypted by the User on their own device, so that Heimlane never has access to this data in clear text. Only the User holds the decryption key.

“Encrypted Data”: means all information stored by the User in their Vault, encrypted on their device before transmission to Heimlane servers.

“Secure Sharing”: means the feature for securely sending files or text to a recipient, with end-to-end encryption and automatic expiration.

“Client”: any User who has subscribed to a paid plan.

“Consumer”: any natural person acting for non-professional purposes.

“Professional”: any natural or legal person acting in the course of their professional activity.

“Subscription”: a fixed-term contract (monthly or annual) automatically renewed unless cancelled.

Article 2 – Access to Services

2.1 Eligibility

The Services, whether free or paid, are accessible to:

• natural persons of legal age with full legal capacity;
• legal entities, through a duly authorized representative.

The User declares and warrants that they meet these conditions when creating their Account and throughout their use of the Services.

The Services are not intended for minors. Heimlane does not knowingly collect data from minors.

2.2 Platform Access

Access to the Platform requires:

• prior creation of an Account: the User undertakes to provide accurate, complete and up-to-date information. They undertake to update their information in case of changes. Heimlane reserves the right to suspend or delete any Account with inaccurate, incomplete or fraudulent information.
• an Internet connection;
• compatible equipment and technical environment (up-to-date browser, compatible mobile app, etc.).

The User is solely responsible for:

• their computer equipment, devices and Internet connection;
• keeping their equipment up to date;
• the security of their technical environment.

All costs related to accessing the Services (equipment, Internet, etc.) are borne exclusively by the User.

2.3 Paid Plans

Access to paid features is reserved for Clients who have subscribed and completed payment.

Heimlane reserves the right to refuse or cancel any subscription in case of:

• payment failure;
• fraud or attempted fraud;
• breach of these Terms.

2.4 Suspension of Access

Heimlane reserves the right to temporarily suspend access to the Services:

• for maintenance or updates;
• if there is a risk to Platform security;
• in case of breach of these Terms.

Except in emergencies or for security reasons, the User will be notified within a reasonable timeframe.

Article 3 – Description of Services

The Platform comprises several services:

3.1 Heimlane Vault – Vault and Password Manager

Vault is a secure virtual vault and password manager based on zero-knowledge architecture. Key features include:

• Secure storage of passwords, notes, bank cards and identities;
• Encrypted sync across devices (web, mobile, desktop, browser extensions);
• Secure sharing via Shared Vaults (encrypted collaborative spaces);
• Two-factor authentication (2FA/MFA);
• Secure Sharing for files and text;
• Strong password generation;
• Data import and export in multiple standard formats

3.2 Heimlane Realm – Access Management

Realm is an access management service for controlling and auditing connections to company systems. Features include secure remote access, session recording and role-based access control.

3.3 Heimlane Scout – Security Assessments

Scout is a security and compliance assessment service. Security starts with understanding your situation. Scout enables automated assessment of your security posture through simple, relevant questionnaires.

3.4 Changes to Services

Heimlane reserves the right to evolve the Services, add or remove features. The User will be notified of substantial changes within a reasonable timeframe before they take effect. Such changes shall not give rise to any compensation to the User.

Article 4 – Provisions Specific to Heimlane Vault

4.1 Zero-Knowledge Architecture

Heimlane Vault is based on a “zero-knowledge” security architecture. This means that:

• All sensitive data (passwords, notes, cards, identities) is encrypted by the User on their device before being transmitted to Heimlane servers;
• The encryption key is derived from the User’s Master Password;
• Heimlane never stores the Master Password and can never access the User’s data in clear text;
• Decryption occurs exclusively on the User’s device.

Due to this architecture, the User expressly acknowledges and accepts that:

• Heimlane is technically unable to recover, reset or provide the User’s Master Password;
• In case of loss or forgetting of the Master Password, the data in the Vault will be permanently inaccessible and cannot be recovered by any means;
• This impossibility of recovery is an intentional security feature and not a defect in the Service.

4.2 Master Password Responsibility

When activating two-factor authentication (2FA), the User receives single-use recovery codes. The User is solely responsible for the use and secure storage of these codes.

The User is solely responsible for:

• Choosing a sufficiently strong Master Password (minimum 14 characters recommended, with uppercase, lowercase, numbers and special characters);
• Memorizing and securely storing their Master Password;
• The confidentiality of their Master Password;
• All actions performed through their Account.

The User may set a “password hint” when creating their Account. This hint is stored in clear text and can be requested via the “forgot password” function. The User undertakes that this hint does not contain the Master Password itself, and is solely responsible for it.

4.3 Data Accessible by Heimlane (Metadata)

Although Heimlane cannot access encrypted data, certain unencrypted information is necessary for the Service to function:

• User’s email address;
• Account identifier;
• Fingerprint (checksum/hash) of the Master Password;
• Number and type of stored items (without their content);
• Creation and modification dates;
• Billing information (for paid subscriptions);
• Login logs (IP address, date/time, success/failure).

4.4 Shared Vault (Credential Sharing)

Shared Vaults allow multiple Users to share credentials securely. The owner (the Account that created the Shared Vault) is solely responsible for managing access, invitations and permissions. Data shared within a Shared Vault remains encrypted under the same zero-knowledge architecture principle.

4.5 Account Deletion

The User may delete their Account at any time from their Vault settings. Deletion results in the permanent and irreversible erasure of all data associated with the Account in accordance with our Privacy Policy. The User initiating this procedure is solely responsible for it.

The User is advised to export their data before any deletion. Heimlane accepts no responsibility for data not exported before Account deletion. No recovery of deleted data can be performed by Heimlane.

Article 5 – Subscriptions and Pricing

5.1 Subscription Plans

The Services are offered under different subscription plans such as: Free, Premium, Premium+, Family, Teams and Business. The features, limits and pricing of each plan are defined and available on the Heimlane website at the time of subscription.

The Client or User acknowledges having reviewed the chosen plan before subscribing.

Heimlane reserves the right to:

• create new plans;
• modify the content, features or access conditions of existing plans;
• discontinue an existing plan, subject to honoring current commitments.

Any pricing or substantial feature changes will be communicated to Clients and Users within a reasonable timeframe before taking effect.

In case of disagreement, the Client may cancel their Subscription without penalty before the effective date.

For consumer Clients, cancellation takes effect at the end of the already-paid Subscription period, which remains due with no refund.

For professional Clients, cancellation may take effect immediately upon notification, with no refund of amounts already paid for the current period.

Heimlane reserves the right to modify the scope of free plans at any time, without notice.

5.2 Billing and Payment

Subscriptions are billed monthly or annually, at the Client’s choice. Prices shown are in euros, excluding taxes. Applicable VAT is calculated and added at checkout based on the billing country and applicable tax requirements.

The Client is shown the total amount including all taxes before final payment confirmation.

Before confirming payment, the Client may return to previous steps to review, modify or correct their subscription details.

Payment is made by credit card via our secure payment provider.

In case of late or failed payment, the Client’s paid Subscription may be suspended and their Account automatically switched to the free plan. Access to paid features and associated data will be temporarily disabled until full payment is made.

Professional Clients are required to pay by bank transfer, or exceptionally by online payment with Heimlane’s agreement for individual services.

In case of late payment by a professional Client, late payment penalties shall be due automatically from the day following the invoice due date, without reminder, at a rate of three (3) times the statutory interest rate.

In accordance with Article L.441-10 of the French Commercial Code, a fixed recovery fee of forty (40) euros shall also be due by the professional Client, without prejudice to Heimlane’s right to claim additional compensation if actual recovery costs exceed this amount.

5.3 Renewal and Cancellation

The Subscription is for the period chosen at subscription (monthly or annual).

At expiry, it is automatically renewed for an identical period, unless cancelled by the Client before the renewal date in accordance with Article 12.1 hereof.

Consumer Clients are notified, by appropriate means and within the legally required timeframe, of the option not to renew their Subscription.

The Client may cancel their Subscription at any time from their personal space. Cancellation takes effect at the end of the current Subscription period. Amounts paid for the current period are non-refundable, including in case of non-use.

Alternatively, the Client may choose to cancel with immediate effect by selecting the relevant option during the cancellation process. In this case, no refund, total or partial, of the current Subscription period may be claimed.

Users on a free plan may cancel at any time from their Account, with immediate effect.

Upon cancellation of a Subscription, whether at the end of the current period or immediately, the Client’s Account is not deleted. It is automatically downgraded to the free plan. The User’s data stored in their Vault is retained and remains accessible within the limits of the free plan features.

Access to paid features is disabled, including but not limited to Secure Sharing and file storage, advanced security features and any other feature associated with the previously paid plan.

Heimlane reserves the right to delete, after a reasonable period and after notifying the User, data specifically tied to paid features when their retention is no longer included under the Free plan.

5.4 Right of Withdrawal (Consumers)

In accordance with the French Consumer Code, the consumer Client has fourteen (14) days from the date of the contract to exercise their right of withdrawal.

The Client acknowledges that they may request immediate execution of the Service before the withdrawal period expires.

By confirming their order and ticking the relevant box, the Client expressly requests immediate execution of the Service and acknowledges that the right of withdrawal will no longer apply once the Service has been fully performed before the end of the withdrawal period.

A confirmation of this request and waiver will be sent to the Client on a durable medium.

Article 6 – Intellectual Property

6.1 Heimlane’s Rights

The Platform, the Services, their structure, design, features, and all content (text, images, logos, trademarks) are the exclusive property of Heimlane or its licensors, and are protected by French and international intellectual property laws.

The Heimlane trademark is registered with the EUIPO (European Union Intellectual Property Office) under number 019234254.

Any reproduction, adaptation, extraction, decompilation, distribution or use of the above without Heimlane’s prior written consent is strictly prohibited, subject to exceptions provided by law.

6.2 License to Use

Heimlane grants the User and Client a personal, non-exclusive, non-transferable and revocable license to use the Services for the duration of their Subscription and in compliance with these Terms.

This right is limited to use consistent with the intended purpose of the Services and the features actually subscribed to.

Apart from this license, the User acquires no rights to the Platform, the Services or any intellectual property rights belonging to Heimlane or its licensors.

6.3 Ownership of User Data

The User retains full ownership of their data stored on the Platform. Heimlane claims no ownership rights over such data.

6.4 Open Source Software

Certain components of client applications are distributed under open source licenses. Use of these components is governed by the applicable open source license terms, which prevail within the limits of applicable regulations.

Relevant source code is made available in accordance with legal obligations and applicable license terms, including attribution and source code access where required.

Heimlane provides no specific warranty regarding open source software or libraries integrated into the Services, to the extent permitted by mandatory law.

Article 7 – Personal Data Protection

The processing of personal data by Heimlane as data controller is governed by our Privacy Policy. Data subjects benefit from several rights in respect of such processing.

For more information, please refer to our Privacy Policy, available on the Heimlane website and forming an integral part of these Terms.

Article 8 – Limitation of Liability

8.1 Warranty Exclusions

To the extent permitted by applicable law, the Services are provided “as is” and “as available”.

Heimlane does not guarantee that the Services will be uninterrupted, perfectly secure or error-free. The User acknowledges that digital services may involve technical uncertainties.

HEIMLANE HAS NO OBLIGATION OR LIABILITY ARISING FROM THIRD-PARTY SERVICES NECESSARY FOR THE OPERATION OF THE SERVICES, EXCEPT IN CASE OF PROVEN FAULT IN THEIR SELECTION OR INTEGRATION.

THE SOLE AND EXCLUSIVE REMEDY FOR ANY PROBLEM OR DISSATISFACTION WITH THIRD-PARTY SERVICES IS TO TERMINATE THE SUBSCRIPTION WITH HEIMLANE.

IN NO EVENT SHALL HEIMLANE BE LIABLE FOR (1) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES; (2) ANY LOSS OF USE, DATA, BUSINESS OR PROFITS (DIRECT OR INDIRECT) ARISING FROM THE USE OR INABILITY TO USE THE PLATFORM OR SERVICES; (3) BEYOND THE LIABILITY CAP PROVIDED IN ARTICLE 8.4 HEREOF.

IN ANY EVENT, ANY LIABILITY FOR USER’S LOSSES OR DAMAGES IS STRICTLY LIMITED TO REASONABLY FORESEEABLE LOSSES.

8.2 Zero-Knowledge Specific Limitation

Under no circumstances shall Heimlane be held liable for:

• Data loss resulting from the User forgetting or losing their Master Password;
• Inability to access encrypted data for any reason related to the Master Password;
• Consequences of Master Password compromise due to User negligence;
• Damages from the compromise of equipment, software or technical environments used to access the Services.
• Fraudulent use of the Account by a third party who gained access to the User’s credentials.

8.3 Liability Cap

To the extent permitted by law, Heimlane’s total liability, whatever the cause, is limited to the amount actually paid by the User during the twelve (12) months preceding the event giving rise to liability.

This limitation does not apply in case of gross negligence or willful misconduct by Heimlane, or where the law prohibits such exclusion or limitation.

8.4 Force Majeure

Heimlane shall not be held liable for failure to perform its obligations in case of force majeure within the meaning of Article 1218 of the French Civil Code, including:

• Natural disaster, war, terrorist act, strike;
• Telecommunications or electricity network failure;
• Failure of a critical provider, including hosting, cloud infrastructure (data centers, cloud services) or technical services essential to the Platform;
• Major cyber attack, ransomware or other security event affecting the infrastructure;
• Service interruption resulting from administrative or judicial authority decisions;
• Pandemic, epidemic or exceptional health situation;
• Any other event beyond Heimlane’s reasonable control making performance impossible or excessively difficult.

In the event of force majeure, Heimlane will endeavor to inform Users and Clients within a reasonable timeframe and to implement measures to continue the Services where possible. If continuation is impossible, either party may terminate these Terms.

Article 9 – Acceptable Use

9.1 Prohibited Uses

The User undertakes not to use the Services to:

• Store, transmit or share illegal content, including child exploitation material, content inciting hatred, violence or terrorism;
• Facilitate criminal or fraudulent activities;
• Infringe the intellectual property rights of third parties;
• Attempt to compromise the security of the Platform or other Users;
• Circumvent technical protection or limitation measures;
• Any unauthorized automated use, including scraping, deliberate overloading or exploitation exceeding usage quotas;
• Any attempt to decompile, disassemble, reverse engineer or extract components of the Platform;
• Resell or sublicense access to the Services without authorization.

More generally, to use them in a manner that does not comply with their intended purpose, these Terms, or applicable laws and regulations.

9.2 Fair Use

The Secure Sharing feature is intended for occasional sending of files or text to identified recipients. It does not constitute a file distribution, permanent hosting or storage service.

The User undertakes to use this feature within the quotas and usage limits applicable to their plan.

Heimlane reserves the right to implement technical measures to prevent or limit manifestly abnormal or abusive use of the Services.

Usage capacity can be viewed by the User at any time in their personal Vault.

9.3 Consequences of Violations

In case of breach of these Terms, Heimlane reserves the right to temporarily suspend or terminate the User’s Account, with prior notification where possible, except where required by Platform security, fraud prevention or a serious breach of these Terms.

Suspension or termination may be immediate in case of manifestly illegal conduct, threat to Service security or serious breach of contractual obligations.

Termination for cause does not give rise to any refund of amounts already paid for the current Subscription period, subject to mandatory legal provisions.

Heimlane reserves the right to take any appropriate technical or legal action to stop the identified violation.

Article 10 – Availability and Support

10.1 Service Availability

Heimlane strives to ensure optimal availability of the Platform and Services. However, Heimlane may need to temporarily interrupt the Platform and/or Services for maintenance, updates or in exceptional circumstances.

Heimlane will inform Users of scheduled interruptions within a reasonable timeframe, except in emergencies.

Such interruptions shall not give rise to any compensation to the User.

10.2 Technical Support

Technical support is accessible via the help pages on the Heimlane website. Users on paid plans benefit from priority support.

Article 11 – Changes to Terms

Heimlane reserves the right to modify these Terms at any time. Users will be informed of substantial changes by email and/or in-app notification, within a reasonable timeframe before they take effect.

Changes required by security, legal compliance or anti-abuse reasons may take effect immediately.

Where substantial changes are likely to affect contractual terms, the Client or User may cancel their Subscription without charge before the effective date.

Continued use of the Services after the new Terms take effect constitutes acceptance. In case of disagreement, the User may cancel their Subscription before the changes take effect in accordance with Article 12.1 hereof.

Article 12 – Termination

12.1 Cancellation by User

The Client may cancel their Subscription at any time from their personal space, in accordance with Article 5.3 hereof. Cancellation results in the automatic downgrade of the Account to the Free plan under the conditions described in Article 5.3.

Amounts paid for the current period are non-refundable, including in case of non-use.

12.2 Account Deletion by User

The User, whether on a free or paid plan, may at any time request permanent deletion of their Account via the dedicated procedure in their Vault settings.

Account deletion results in the permanent and irreversible erasure of all data associated with the Account, in accordance with Article 4.5 hereof and our Privacy Policy. No recovery of such data can be performed by Heimlane.

The User is advised to export their data before any Account deletion, in accordance with Article 12.4 hereof.

12.3 Termination by Heimlane

Heimlane may terminate a User’s Account:

• For serious or repeated breach of these Terms, with immediate effect where Platform security or Service integrity so requires, subject to Article 13 hereof;
• In case of late or failed payment not resolved within a reasonable period after formal notice, unless otherwise applicable to professional Clients;
• In case of discontinuation of the Services, with ninety (90) days’ notice.

In case of termination, the User or Client has, except in case of termination for serious fault or illegal conduct, a reasonable period to export their encrypted and personal data stored on the Platform.

Upon expiry of this period or in case of termination for serious fault or illegal conduct, the User may under no circumstances claim access to the Platform or Services, including for data export purposes.

Termination does not give rise to any refund of amounts already paid for the current Subscription period, subject to mandatory legal provisions.

12.4 Data Export

Before any termination, the User is advised to export their data via the export function in the Vault settings. The User is informed, at the time of termination, of the period available to export their data. Heimlane accepts no responsibility for data not exported before termination.

Retention periods for data entrusted to us are detailed in our Privacy Policy.

Article 13 – Applicable Law and Jurisdiction

13.1 Applicable Law

These Terms are governed by French law.

In case of translation of these Terms into another language, only the French version shall prevail.

13.2 Mediation

In accordance with the French Consumer Code, after having contacted us and in the absence of a satisfactory response, You may use, free of charge, a consumer mediation procedure with:

CM2C 49 rue de Ponthieu 75 008 PARIS Tel: 01 89 47 00 14 Website: https://www.cm2c.net/declarer-un-litige.php Email: litiges@cm2c.net

13.3 Competent Jurisdiction

Failing amicable resolution, any dispute relating to these Terms shall be submitted to the competent courts of Paris, France.

For consumer Users, this clause does not preclude the right to bring proceedings before the courts of their place of residence.

Article 14 – Miscellaneous

14.1 Entire Agreement

These Terms, together with the Privacy Policy and any specific conditions applicable to certain Services, constitute the entire agreement between the User and Heimlane.

14.2 Severability

If any provision of these Terms is declared null or unenforceable, it shall be deemed unwritten without affecting the validity of the remaining provisions.

14.3 Waiver

Heimlane’s failure to exercise a right under these Terms does not constitute a waiver of that right.

14.4 Assignment

The User may not assign their rights and obligations under these Terms without Heimlane’s prior written consent. Heimlane may freely assign these Terms to any successor or acquirer. Users will be notified in writing within a reasonable period before such assignment.

Article 15 – Contact

For any questions regarding these Terms or the Services, the User may contact Heimlane:

Heimlane SAS 1 rue de Stockholm 75008 Paris, France

Email: contact@heimlane.com

Website: https://heimlane.com