By registering and using TrustKey (https://trustkeyapp.com), you ("the User") agree to be bound by these Terms and Conditions. TrustKey provides an encrypted digital vault and an automated "dead man's switch" service, operated by a self-employed individual (autónomo) established in Spain.
Our Philosophy: Our primary goal is to maximize your privacy. TrustKey administrators have no technical means to read or access the contents of your encrypted vault data, and no manual backdoors or administrative tools exist to do so. We operate on the principle of minimum necessary data access. Please note that, to prevent irreversible data loss, our system includes an automated cryptographic escrow via AWS KMS that enables password recovery — this mechanism can only be triggered by you through a verified automated process and cannot be initiated by TrustKey staff. For full technical details, please refer to our Privacy Policy.
To use TrustKey, you must register using a valid email address and configure two distinct passwords:
Age Requirement: You must be at least 18 years of age (or the age of legal majority in your jurisdiction, whichever is higher) to create a TrustKey account. You expressly guarantee that all individuals you designate as Safety Contacts are also of legal age.
User Responsibility: It is the User's sole responsibility to remember and correctly use both passwords and to keep them secure. TrustKey is not liable for any data loss, distress, or false alarms caused by the User accidentally logging in with the Anti-Extortion password. Additional actions beyond logging in (such as modifying files or settings) require Multi-Factor Authentication (MFA) via a numeric code sent to your registered email address.
TrustKey offers different plans with specific limitations. The maximum file size for any single upload is 2 GB.
Downgrading Plans: If a User chooses to downgrade to a lower tier, they are strictly responsible for deleting sufficient files and/or Safety Contacts to meet the new plan's limits before the downgrade can be processed. TrustKey is not responsible for data locked or inaccessible due to quota restrictions.
Because TrustKey employs End-to-End Encryption (E2EE), we cannot monitor or review the content you upload. The User bears full and sole legal responsibility for all data stored or transmitted through our platform.
Technical License: You retain all intellectual property rights to the content you upload. However, by uploading files and messages, you grant TrustKey a limited, worldwide, royalty-free, non-exclusive licence to host, store, and transmit your encrypted data strictly for the purpose of operating the service and executing the automated emergency transmission to your designated Safety Contacts. This licence terminates upon deletion of your account or the expiry of the 30-day post-activation period, whichever occurs first.
Prohibited Content: It is strictly forbidden to use TrustKey to store, transmit, or share illegal material, including but not limited to child sexual exploitation or abuse material (CSAM), terrorism-related content, stolen data, or content that infringes third-party intellectual property rights.
Cooperation with Authorities: Given the E2EE architecture, TrustKey cannot produce readable, decrypted content in response to any request. However, if an account is found to be associated with illegal activities pursuant to a valid court order issued by a competent Spanish court, TrustKey will cooperate fully with law enforcement by providing any available account metadata and encrypted data blobs (i.e., the encrypted ciphertext, not its readable contents). TrustKey will not attempt to decrypt this data on behalf of any authority.
Sensitive Data Warning: We strongly advise AGAINST writing highly sensitive plain-text data directly in your emergency messages or in the file names of your uploaded documents. While the contents of your files are end-to-end encrypted, file names are stored as plain-text metadata. We recommend using generic file names and providing contextual guidance to your Safety Contacts within the encrypted message body (e.g., "The details are in the blue folder in my desk drawer").
Malware: The User guarantees that all uploaded files are free of viruses, trojans, or any malicious software. The User assumes full responsibility for any damage caused to their Safety Contacts or third parties resulting from downloading or opening infected material.
Express Consent Obligation: The User must obtain express, informed consent from any individual before adding their email address as a Safety Contact on TrustKey. Adding a person without their knowledge or consent may violate applicable privacy laws, and the User bears sole legal responsibility for this.
Initial Notification: Upon being designated as a Safety Contact, the individual will receive an automatic notification email from TrustKey explaining their role and providing an opt-out link.
Opt-Outs and Deletions: Safety Contacts retain the right to opt-out or request deletion of their data at any time. If a Safety Contact opts out, their email address and any associated emergency message references will be permanently deleted from our system. TrustKey is not liable if a message fails to deliver because a Safety Contact opted out, changed their email, or blocked our notifications. The User is entirely responsible for monitoring the status of their Safety Contacts by logging in periodically.
The User sets a primary countdown timer (available options: 14, 30, or 90 days) that resets upon every successful normal login. If this timer expires without a login, the following automated emergency protocol initiates:
Strictly Automated and Pseudonymous Process: TrustKey operates exclusively based on the user-defined countdown timer. Because TrustKey does not collect or verify the real-world identities of its Users (requiring only an email address for registration), it is technically and legally impossible for us to link an account to a specific physical person or legal document. Consequently, TrustKey does not accept, process, or act upon death certificates, medical records, court orders from heirs, or any manual requests from family members to trigger the switch or grant early access. The activation process is strictly automated and cannot be bypassed by TrustKey staff under any circumstances.
Grace Period & Revocation: Safety Contacts have a 30-day window to download the files following activation. However, if the User logs into their TrustKey account at any point during this 30-day period, the emergency activation is immediately and automatically revoked, and all Safety Contact access is instantly terminated. After 30 days of activation without revocation, the User's account and all associated data are permanently and irreversibly deleted.
Upon activation (Day 11), Safety Contacts are provided with a unique, one-time Access Key to decrypt the files designated to them. It is the sole responsibility of the Safety Contact to save and secure this key immediately upon receipt. TrustKey does not store this key in recoverable form and cannot reissue it under any circumstances. TrustKey is fully exempt from any liability if a Safety Contact loses the key, deletes the notification email, or otherwise fails to access the data within the 30-day grace period.
TRUSTKEY IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TRUSTKEY EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
Not a Backup Service: TrustKey is designed strictly as an automated emergency transmission tool and NOT as a primary cloud storage or data backup service. The User is solely responsible for maintaining independent, secure backups of all files stored on TrustKey.
Security and User Error: While we employ strong encryption standards, no system is entirely infallible, particularly against user-side compromises. We are not liable for data breaches, lockouts, or losses resulting from: malware on the User's device, weak or reused passwords, sharing of access credentials, phishing attacks, or the User losing access to the registered email account required for MFA.
Automated Recovery: TrustKey utilizes an automated cryptographic escrow via AWS KMS that can only be triggered by the User through verified automated systems. TrustKey staff cannot and will not manually bypass encryption or retrieve plain-text data upon request. Any total data loss resulting from the User's inability to complete the automated recovery process is the sole responsibility of the User.
Email Delivery and Whitelisting: TrustKey is not liable for failure of email delivery due to spam filters, incorrect email addresses, full inboxes, or third-party service outages. It is the User's strict responsibility to whitelist our email address (mark as safe sender) and to instruct their Safety Contacts to do the same. TrustKey is not liable for accidental activations or delivery failures resulting from external email configurations.
No Legal Validity: The service and the documents transmitted through it do not constitute a legal will, testament, or officially binding directive under the laws of Spain or any other jurisdiction. TrustKey holds no notarial or legal validity. Users requiring formal succession planning are strongly encouraged to consult a qualified legal professional in their country of residence.
By using TrustKey, you agree to receive essential technical and administrative emails. These communications are strictly non-commercial and limited to: login reminders, timer countdown alerts, MFA codes, security/duress alerts, and important service updates (e.g., changes to these Terms, new features, or subscription plan changes). Because these emails are fundamental to the operation of the dead man's switch mechanism, opting out of technical alerts is not possible while the account remains active. If you do not wish to receive these communications, you must delete your account.
All paid plans are billed in advance on a recurring basis via Stripe. The User may cancel their subscription at any time; the cancellation will take effect at the end of the current billing cycle, and no further charges will be made.
Refunds: Due to the digital nature of the service and the infrastructure costs associated with encrypted storage, all payments are non-refundable once the service or storage has been actively used. However, if you are an EEA or UK consumer and have not actively used the service (i.e., have not stored any files or messages and have not set up any Safety Contacts), you may be entitled to withdraw from the contract within 14 days of subscription under EU consumer protection law (Directive 2011/83/EU) and UK Consumer Contracts Regulations 2013. To exercise this right, contact us at [email protected] before the 14-day period expires and before actively using the service.
TrustKey reserves the right to modify or discontinue the service at any time. The service is considered fully rendered by maintaining the continuous readiness and availability of the automated dead man's switch mechanism, regardless of whether a switch is ever triggered during the subscription period. In the event of the definitive and permanent cessation of the platform, Users will be notified at least 30 days in advance via their registered email address so that they may retrieve their encrypted information before the service closes.
These Terms shall be governed by and construed in accordance with the laws of Spain. Any dispute arising from these Terms shall be subject to the exclusive jurisdiction of the courts of [TU CIUDAD, ej. Madrid], Spain.
Notwithstanding the above, if the User qualifies as a consumer under the mandatory laws of their country of habitual residence (for example, under UK consumer law or applicable local law), and those mandatory laws grant the User the right to bring legal proceedings before the courts of their own country of residence, such consumer protection rights shall not be waived or excluded by this clause.