Terms of Service

1. Acceptance of Terms

By accessing or using Fern & Echo ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, do not use the Service.

We may update these terms from time to time. We will notify registered users of material changes by email and by a notice on the dashboard prior to the change taking effect. We will always publish the updated terms with a clear effective date and a changelog entry. Continued use of the Service after the effective date constitutes acceptance.

2. Description of Service

Fern & Echo is a zero-knowledge encrypted continuity vault. The Service allows you to store, organise, and share access to your digital account information with trusted individuals — for emergencies, travel, incapacitation, or estate purposes.

All vault entry contents, titles, and MFA configurations are encrypted in your browser before being transmitted to our servers using AES-256-GCM encryption. We store only encrypted ciphertext for these fields and cannot read, access, or recover them. Section names are encrypted client-side before leaving your browser.

A small amount of structural metadata — section types, entry counts, and timestamps — is stored unencrypted to enable the service to function. A full breakdown of what we store and the associated risks is available in our Privacy Policy.

3. Account Registration

You may create an account at any time. You are responsible for:

• Maintaining the security of your account credentials
• All activity that occurs under your account
• Notifying us immediately of any unauthorised access

You must provide accurate information when registering. You may not create accounts on behalf of others without their consent.

You must be at least 18 years of age to use Fern & Echo. By creating an account, you represent that you are 18 or older. We do not knowingly collect personal information from individuals under 18. If we become aware that a user is under 18, we will terminate the account and delete associated data promptly.

4. Vault Password & Data Recovery

Your vault password is the encryption key for all your vault data. It is never transmitted to or stored by Fern & Echo in any recoverable form.

If you lose your vault password, your vault data is permanently and irrecoverably lost. Fern & Echo has no ability to decrypt or recover your vault contents under any circumstances, including legal requests — except during an active Level 2 continuity release window, which requires your explicit prior consent to set up. See Section 6 and our Privacy Policy for details.

You are solely responsible for:

• Remembering or securely storing your vault password
• Creating and storing export backups of your vault data
• Any consequences of losing access to your vault

5. Acceptable Use

You agree not to use the Service to:

• Store or transmit illegal content or content that violates others' rights
• Attempt to gain unauthorised access to our systems or other users' accounts
• Reverse engineer, decompile, or attempt to extract our source code
• Use the Service for any fraudulent or malicious purpose
• Violate any applicable laws or regulations

6. Vault Sharing & Continuity Access

The Service provides two levels of access for trusted individuals:

Level 1 — Operational access (vault sharing)
You may share read-only access to your vault with a trusted person. By sharing your vault, you acknowledge that:

• The recipient will have read-only access to your vault contents
• You can revoke access at any time
• You are responsible for choosing who you share with
• Fern & Echo is not responsible for how share recipients use vault information

Level 2 — Full continuity access
You may designate a continuity contact who can take full control of your vault when needed. This requires a deliberate setup process and includes a configurable waiting period. During that window, a vault key is temporarily held on our servers, then sent to your continuity contact and deleted permanently. This is the only exception to our zero-knowledge architecture and requires your explicit prior consent. See our Privacy Policy for a full technical description of this process.

If you do not set up either level of access before something happens, your vault contents are permanently inaccessible — to your family, your estate, and to us. This is not a limitation. It is how the architecture works.

7. Subscription & Billing

Fern & Echo offers free and paid subscription tiers. Paid subscriptions are billed through Stripe.

• Subscriptions auto-renew unless cancelled before the renewal date
• Refunds are handled on a case-by-case basis — contact us within 14 days of a charge
• Prices may increase over time. Any price change will be announced on our public website before it takes effect. Existing active subscriptions are grandfathered at the price you subscribed at — your price will not increase as long as your subscription remains active. If you cancel and resubscribe, you will be charged the current price at the time of resubscription.
• Downgrading to a free tier restricts your view and export to free tier limits. Data above the limit is retained but not visible until you resubscribe.
• If your subscription lapses, your account converts to the free tier. Your vault data is never deleted — but your own view and exports are restricted to free tier limits until you resubscribe.
• Share recipients and continuity contacts always see the full vault as it was at the time of your last sync, regardless of your current subscription tier. A downgrade does not obscure or restrict what your trusted people can access. This is intentional — the people depending on your vault should not lose access because of a billing change.
• Share blobs are frozen at their last sync state. New syncs by the user after a downgrade are limited to free tier entry counts.

8. Data & Privacy

Our collection and use of personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference.

For a complete breakdown of every category of data we collect, real examples of what it looks like in our database, and the realistic risk of exposure, see the data transparency table in our Privacy Policy.

9. Service Availability

We aim to maintain high availability but do not guarantee uninterrupted access to the Service. We may perform maintenance, updates, or experience outages beyond our control.

We will provide reasonable notice of planned maintenance where possible.

10. Termination

You may delete your account at any time from your account settings. Upon deletion:

• Your account and all associated data will be permanently deleted
• This action is irreversible — your encrypted vault data cannot be recovered
• Any active subscriptions will be cancelled

We reserve the right to suspend or terminate accounts that violate these Terms, engage in fraudulent activity, or pose a security risk to other users.

11. Disclaimer of Warranties

The Service is provided "as is" and "as available" without warranties of any kind, express or implied. Fern & Echo does not warrant that:

• The Service will be error-free or uninterrupted
• Any errors will be corrected
• The Service is free from viruses or other harmful components

Your use of the Service is at your sole risk.

12. Limitation of Liability

To the maximum extent permitted by law, Fern & Echo shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service, including but not limited to:

• Loss of data due to forgotten vault passwords
• Unauthorised access to your account
• Service interruptions or downtime
• Actions taken by individuals you have shared vault access with

13. Contact

For questions about these Terms, please contact us at [email protected].

Changelog