Legal

Terms of Service

Effective date: May 13, 2026 · Fern & Echo

Plain English summary: Fern & Echo is a client-side encrypted vault. We store your data but cannot read it. You are responsible for your vault password — if you lose it, your data is gone. We provide the service as-is. By using Fern & Echo, you agree to these terms.

⚠ Critical: Your vault password is never stored or recoverable by Fern & Echo. If you lose your vault password, your encrypted data cannot be decrypted by anyone — including us. There is no password reset for vault contents.

1. Acceptance of Terms

By accessing or using Fern & Echo ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, do not use the Service.

We may update these terms from time to time. Continued use of the Service after changes constitutes acceptance of the updated terms. We will notify registered users of material changes by email.

2. Description of Service

Fern & Echo is a zero-knowledge encrypted credential vault. The Service allows you to store, organise, and share access to your digital account information with trusted individuals.

All vault entry contents, titles, and MFA configurations are encrypted in your browser before being transmitted to our servers using AES-256-GCM encryption. We store only encrypted ciphertext for these fields and cannot read, access, or recover them.

A small amount of structural metadata — section names, entry counts, and timestamps — is stored unencrypted to enable the service to function. A full breakdown of what we store and the associated risks is available in our Privacy Policy.

3. Account Registration

Fern & Echo is currently invite-only. Accounts are personally created — there are no open signups. You are responsible for:

Maintaining the security of your account credentials
All activity that occurs under your account
Notifying us immediately of any unauthorised access

You must provide accurate information when registering. You may not create accounts on behalf of others without their consent.

You must be at least 18 years of age to use Fern & Echo. By creating an account, you represent that you are 18 or older. We do not knowingly collect personal information from individuals under 18. If we become aware that a user is under 18, we will terminate the account and delete associated data promptly.

4. Vault Password & Data Recovery

Your vault password is the encryption key for all your vault data. It is never transmitted to or stored by Fern & Echo in any recoverable form.

If you lose your vault password, your vault data is permanently and irrecoverably lost. Fern & Echo has no ability to decrypt or recover your vault contents under any circumstances, including legal requests.

You are solely responsible for:

Remembering or securely storing your vault password
Creating and storing export backups of your vault data
Any consequences of losing access to your vault

5. Acceptable Use

You agree not to use the Service to:

Store or transmit illegal content or content that violates others' rights
Attempt to gain unauthorised access to our systems or other users' accounts
Reverse engineer, decompile, or attempt to extract our source code
Use the Service for any fraudulent or malicious purpose
Violate any applicable laws or regulations

6. Vault Sharing

The Service allows you to share read-only access to your vault with designated individuals. By sharing your vault, you acknowledge that:

The recipient will have read-only access to your vault contents
You can revoke access at any time
You are responsible for choosing who you share with
Fern & Echo is not responsible for how shared recipients use vault information

7. Subscription & Billing

Fern & Echo offers free and paid subscription tiers. Paid subscriptions are billed through Stripe.

Subscriptions auto-renew unless cancelled before the renewal date
Refunds are handled on a case-by-case basis — contact us within 14 days of a charge
Prices will never decrease without explicit public communication explaining why
Downgrading to a free tier restricts your view and export to free tier limits. Data above the limit is retained but not visible until you resubscribe.
If a subscription lapses, your account converts to the free tier. Your vault data is never deleted unless you explicitly request it.
Executor and share recipient access always reflects the full vault at the time of last sync, regardless of the owner's current subscription tier.
Share blobs are frozen at their last sync state. New syncs after downgrade are limited to free tier entry counts.
Prices will never decrease without explicit public communication explaining why. Price increases for existing subscribers will be communicated at least 30 days in advance.

8. Data & Privacy

Our collection and use of personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference.

For a complete breakdown of every category of data we collect, real examples of what it looks like in our database, and the realistic risk of exposure, see the data transparency table in our Privacy Policy.

9. Service Availability

We aim to maintain high availability but do not guarantee uninterrupted access to the Service. We may perform maintenance, updates, or experience outages beyond our control.

We will provide reasonable notice of planned maintenance where possible.

10. Termination

You may delete your account at any time from your account settings. Upon deletion:

Your account and all associated data will be permanently deleted
This action is irreversible — your encrypted vault data cannot be recovered
Any active subscriptions will be cancelled

We reserve the right to suspend or terminate accounts that violate these Terms, engage in fraudulent activity, or pose a security risk to other users.

11. Disclaimer of Warranties

The Service is provided "as is" and "as available" without warranties of any kind, express or implied. Fern & Echo does not warrant that:

The Service will be error-free or uninterrupted
Any errors will be corrected
The Service is free from viruses or other harmful components

Your use of the Service is at your sole risk.

12. Limitation of Liability

To the maximum extent permitted by law, Fern & Echo shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service, including but not limited to:

Loss of data due to forgotten vault passwords
Unauthorised access to your account
Service interruptions or downtime
Actions taken by individuals you have shared vault access with

13. Contact

For questions about these Terms, please contact us at [email protected].

Changelog

Date	Change
2026-05-13	Initial terms published.

Previous versions are available on request.
Fern & Echo · Privacy Policy · Terms of Service