Keeper Security Terms and Conditions

SaaS Terms of Use

THESE TERMS OF USE ("TERMS" OR "AGREEMENT") GOVERN YOUR RECEIPT, ACCESS TO AND USE OF THE SERVICES (DEFINED BELOW) PROVIDED BY THE APPLICABLE KEEPER ENTITY IN SECTION 1(G) (OR AS SPECIFIED YOUR ORDER FORM) ("KEEPER"). BY PURCHASING THROUGH AN ONLINE ORDERING PLATFORM, DOWNLOADING ANY SOFTWARE OR PROCESS REFERENCING THIS AGREEMENT, YOU AGREE TO BE BOUND BY THESE TERMS OF USE. IF SUCH PURCHASE IS ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY ("CUSTOMER") THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES SO ON BEHALF OF SUCH ENTITY AND REPRESENTS AND WARRANTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY OR IF THE ENTITY DOES NOT AGREE WITH THESE TERMS OF USE, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES. IF YOU HAVE PURCHASED THROUGH A THIRD PARTY THAT HAS INCORPORATED HEREIN BY REFERENCE AS A PART OF ITS AGREEMENT WITH YOU, ANY REFERENCES TO 'KEEPER' HEREUNDER SHALL BE UNDERSTOOD TO MEAN 'YOUR THIRD PARTY RESELLER ACTING FOR OR ON BEHALF OF KEEPER'. YOUR USE OF THE KEEPER WEBSITE OR SUBMISSION OF INFORMATION VIA ANY METHODS MADE AVAILABLE THERE (INCLUDING WEB FORM SUBMISSIONS, AUTOMATED CHAT, LIVE CHAT AND GENERAL EMAIL SUBMISSIONS) SHALL BE GOVERNED BY THE KEEPER WEBSITE TERMS OF USE. CAPITALIZED TERMS HAVE THE MEANINGS SET FORTH HEREIN. YOU AND KEEPER MAY BE COLLECTIVELY REFERRED TO AS THE "PARTIES" OR INDIVIDUALLY AS A "PARTY."

1. Definitions

Capitalized terms used herein and not otherwise defined shall have the meanings set forth in this Section.

1. "Administrative Console" refers to the functionality which includes, without limitation, managing the provisioning and removal of Authorized End Users, enforcing security settings and policies, viewing usage data, access controls, assigning Authorized End Users to groups or subgroups monitoring privileged access and activity reporting.
2. "Affiliate" refers to any entity for so long as it is controlling, controlled by or under common control with a named Party (excluding governmental entities/agencies).
3. "Authorized End Users" or "Users" means individuals who have authorized credentials to access the Software to enter, store, secure, encrypt, backup, share and restore confidential and sensitive information on computers and mobile devices for the purpose of protecting this information. Sensitive information may include, without limitation, website logins, passwords, passkeys, social security numbers, bank account numbers, access codes, pin codes and private notes.
4. "Confidential Information" includes any information that is disclosed by one Party to the other that is identified as confidential at the time of disclosure or that a Party should, in the exercise of reasonable judgment, know is confidential to the other Party.
5. "Customer Data" refers to the any data provided or made available by Customer or its Authorized End Users hereunder for processing by the Services including Authorized End Users' vault records. Customer Data shall be considered Customer Confidential Information.
6. "Intellectual Property" means all rights associated with patents, copyrights and other works of authorship; trademarks; service marks, trade dress, trade names, logos and other source identifiers; trade secrets; software; and all other intellectual property.
7. "Keeper Security" refers to:

   Your Location	Keeper Entity	Keeper Address
   Europa	Keeper Security EMEA Limited	5A King's Terrace, Lower Glanmire Road, Cork T23 DX49, Ireland
   Japón	Keeper Security APAC KK	Prime Terrace KAMIYACHO, 4-1-13 Toranomon, Minato-ku, Tokyo, Japan
   Otros	Keeper Security, Inc.	311 W. Monroe Street, Suite 406, Chicago, IL 60606, United States

8. "Licensed Material(s)" refers to the Software and related documentation or Keeper Confidential Information that may be provided or made available by or on behalf of Keeper under this Agreement.
9. "Order" refers to any ordering document setting forth the fees and other commercial terms of a particular transaction that is effective as of the date the completed document is received by Keeper. This includes as applicable: (i) purchase of Services made via the Keeper Website, (ii) any valid unexpired quote issued by Keeper detailing the services ("Quote") that is executed by Customer, (iii) any other such mutually executed document or (iv) any other mutually agreed mechanism for acceptance of a Quote. For clarity, any purchase order or similar document issued by Customer shall be construed solely as evidence of intent to accept the proposed terms pursuant to Customer's internal business processes.
10. "Services" refers to Keeper's provision of the Software, the Licensed Materials and any support or related services to Customer hereunder as set forth in an Order.
11. "Software" "Software" refers to Keeper's proprietary mobile, desktop and web security software applications and platform including but not limited to Keeper Password Manager, KeeperChat, Keeper SDKs and Keeper Connection Manager.
12. "Subscription Fees" refers to the recurring fees charged by Keeper for use of the Services as set forth in an Order.

2. License Grant

1. License. Keeper hereby grants to Customer a nonexclusive, non-transferable (except as otherwise expressly authorized herein), worldwide, internal only license during the term of this Agreement to use all Services set forth in a valid Order in the performance of its obligations hereunder. Customer agrees to use commercially reasonable efforts to ensure that its employees and users of all Services hereunder comply with the terms and conditions set out in this Agreement. Customer also agrees to refrain from knowingly taking any steps, such as reverse assembly or reverse compilation, to derive a source code equivalent. Unless expressly agreed in writing, all Services furnished to Customer under this Agreement shall be used by Customer only for Customer's internal business purposes, shall not be shared with third parties nor reproduced or copied in whole or in part. Customer support is made available as described in the Keeper Usage Guidelines and Information page. This Agreement shall extend to and shall govern use of the Services by Customer's Affiliates whose acts and omissions shall be attributed to Customer, however any remedies shall remain exercisable by the named entities only.
2. Limitations on Use. Customer shall not use the Services for any unlawful purposes and agrees not to upload, post, email or otherwise transmit any material containing spam, viruses, trojan horses, worms or other harmful/malicious code; any material that is illegal, libelous, abusive or obscene; or any material that violates the privacy or intellectual property rights of others. Customer further agrees not to reverse engineer, modify, hack, perform penetration or load testing, circumvent any security or licensing protocols, attempt to gain access to any unauthorized systems/data, translate, resell, distribute, create derivative works from, exploit, encumber or crack any portion of the Services; nor to interfere with or disrupt the integrity or performance of the Services. Except as expressly authorized herein, Customer shall not copy or reproduce the Services, its components, the documentation or any content.

3. Fees and Payment Terms

1. Subscription Fees. Access to the Services is subject to annual Subscription Fees as set forth at the time of purchase (via the Website or in an Order). Unless otherwise agreed, Subscription Fees are billed and collected annually in advance. Since the Software is delivered in full at the time of purchase and we cannot uninstall it from your device(s) all fees are nonrefundable and considered earned on receipt. Customer is responsible for any statutory fees, taxes and charges incurred in connection with Customer's Keeper subscription at the rates in effect when the charges were incurred. Prices, fees and discounts for services are subject to change at the time of the next renewal upon prior written notice.
2. Payment. Payment for the Services may be made by a valid credit card, debit card or charge card (collectively referred to as "Payment Method") as accepted by Keeper via its Website or as otherwise agreed in an Order. Unless otherwise agreed/directed, Customer authorizes Keeper to verify and charge the provided Payment Method for all subscription fees on a recurring basis. If Keeper cannot process a recurring payment, Customer will be notified and access to the account may be suspended until payment is received. Failure to provide a valid Payment Method within seven (7) days of notice may result in suspension or termination of the Agreement by Keeper. Keeper will not take any adverse actions (suspension, termination or imposition of additional fees) for unpaid Fees that are disputed in good faith within thirty (30) days, for so long as the parties are mutually cooperated to resolve such dispute (such fees "Disputed", else "Undisputed"). Late payments for Undisputed fees may accrue interest at a rate of one and one-half percent (1.5%) per month or the maximum amount permitted by law, whichever is lower. Customer shall be responsible for any costs (including attorney fees) reasonably incurred by Keeper related to its efforts to collect any missing or late payments for Undisputed fees.
3. Upgrades, Adding Users. Customer may upgrade or add Users to its account at any time directly via the Administrative Console at then-current rates or via execution of a valid unexpired quote for such additional services. When doing so, Customer will be charged for the prorated amount of Customer's then-current yearly subscription. For example, if Customer adds a User after six (6) months, Customer will only be charged 50% multiplied by the per User annual fee (50% for ½ of the year) for the additional User. The full amount of the new upgraded plan will be charged annually thereafter. A standard annual billing cycle is 365 days.

4. Intellectual Property

The Services and the source code which it contains, is the property of Keeper and is protected from unauthorized copying and dissemination by United States copyright law, trademark law, international conventions and other intellectual property laws. By way of example only, and not as a limitation, "Keeper", "Password Keeper", "Keeper DNA" and the Keeper logos are registered trademarks of Keeper, under the applicable laws of the United States and/or other countries as set forth in more detail on the Keeper Brand Assets & Media page. The absence of a service name or logo from this list does not constitute a waiver of Keeper's trademark or other intellectual property rights concerning that name or logo. Keeper is protected by U.S. patents as detailed on the Keeper Patents page. Any Customer suggestions, requests or improvements to the Services shall become the sole property of Keeper. All right, title and interest in and to the Services and all copyrights, patents, trademarks, service marks or other intellectual property or proprietary rights relating thereto, belong exclusively to Keeper.

5. Term and Termination

This Agreement begins on the date of first use of the Services or purchase via an Order (whichever is first) and remains in effect until all Orders have expired or been terminated as expressly permitted herein (the "Term"). Either Party may terminate this Agreement for convenience upon written notice, effective upon the expiration or termination of all then-active Orders, and either Party may give written notice that an Order will not be renewed or extended. This Agreement (including access to the Services) may be suspended or terminated by either Party if the other Party fails to perform or observe any material term or condition of this Agreement (x) immediately where such failure is not capable of cure, including where such other Party becomes insolvent or involved in a liquidation or termination of business, files a bankruptcy petition, has an involuntary bankruptcy petition filed against it (if not dismissed within thirty days of filing), becomes adjudicated bankrupt, becomes involved in an assignment for the benefit of its creditors, (y) on 10 days written notice where such failure is due to nonpayment of Undisputed fees or (z) on 30 days written notice where the failure continues uncured for such time frame after receipt of written notice. In the event of a Termination due to Keeper's material breach, any prepaid unused fees will be refunded to the Customer. Upon termination or expiration of this Agreement, Customer will pay any outstanding Subscription Fees within thirty (30) days following such termination or expiration.

6. Representations and Warranties

1. General. Each Party represents and warrants that it has the right and authority to enter into this Agreement and that by entering into this Agreement, it will not violate, conflict with or cause a material default under any other contract, agreement, indenture, decree, judgment, undertaking, conveyance, lien or encumbrance to which it is a party or by which it or any of its property is or may become subject or bound. If you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to the terms and conditions of this Agreement and, in such event, "you" and "your" as used in this Agreement shall refer to such entity. Each Party also complies with all applicable laws and for business entities: (i) all applicable laws and regulations governing equal employment, having implemented policies prohibiting discrimination on the basis of protected classes including race, color, gender, sexual orientation, age, religion, gender identity, disability; and (ii) will maintain and adhere to a code of conduct that governs gifts, conflicts of interest, bribery, diversity, whistleblowing, harassment, non-retaliation, forced labor and personal conduct which apply to its company, officers, directors and employees.
2. Compliance. Each Party represents and warrants that no consent, approval or authorization of or designation, declaration or filing with any governmental authority is required in connection with the valid execution, delivery and performance of this Agreement. Each Party shall, at its own expense, comply with all laws, regulations and other legal requirements that apply to the performance of its obligations under this Agreement, including copyright, privacy and communications decency laws.
3. By Keeper Security: Keeper will take appropriate security precautions consistent with industry standards to protect the Software from viruses, malware, disabling code, trojan horses and other harmful code. The Software shall substantially conform in all material respects to and perform substantially in accordance with Keeper's published documentation. Keeper regularly makes fixes, enhancements and upgrades to its Software for Customer benefit. The Service Level Objectives and the Support Service Level Objectives shall apply to and govern the performance of Keeper's obligations hereunder.
4. Customer Use. Customer is solely responsible for the content of any of its or its Affiliates' Authorized End User's user of the Services as well as any of their postings, data or transmissions made using the Services and any other use of the Services using Customer's account or credentials. Customer is responsible for properly configuring and using the Services in a manner that provides security and redundancy of its accounts and Customer Data, including the use of appropriate access controls to prevent unauthorized access to its Keeper accounts and Customer Data, encryption technology for its endpoints to prevent unauthorized access and an appropriate level of backup to prevent loss of Customer Data. Customer represents and warrants that it will: (i) not use the Services in a manner that is prohibited by any law or regulation or to facilitate the violation of any law or regulation, (ii) not violate or tamper with the security of any Keeper computer equipment or program and (iii) provide all notices and obtain all consents necessary for its and its Users use of the Services. Customer will not permit its use of the Services to violate the rights of any individual. Customer represents and warrants that it and its Users are not subject to U.S. sanctions or export restrictions. Customer shall not use, export or transfer the Services in violation of U.S. or other applicable export laws including using or accessing from prohibited regions. In the event of a breach of any obligations in this section 6 by Customer, Keeper may immediately and without notice suspend or terminate Customer access to the Services.
5. Third-Party Websites and Services. The Software permits users to link to third-party websites. These links are provided to you as a convenience and Keeper is not responsible for the content of any linked website. Keeper has no control over the content of such websites and does not endorse or accept any responsibility for the content or use of such website. Keeper does not make any guarantees or warranties of any kind with respect to any third party web sites, applications, services or solutions not provided by Keeper ("Third-Party Services"). Customer is solely responsible for Third-Party Services, including confidentiality and security for all data exchanged therewith. In no event shall Keeper be responsible for any claims or losses relating to the use of Third-Party Services.

7. Indemnification

1. Customer. Customer hereby agrees to defend, indemnify and hold harmless Keeper, its officers, directors and employees against any damages, losses, liabilities, settlements and expenses (including without limitation costs and reasonable attorneys' fees) in connection with any claim or action brought by a nonaffiliated third party that arises from any breach by Customer of law or any third party privacy right.
2. Keeper. Keeper hereby agrees to defend, indemnify and hold harmless Customer, its officers, directors and employees against any damages, losses, liabilities, settlements and expenses (including without limitation costs and reasonable attorneys' fees) in connection with any claim or action brought by a nonaffiliated third party that arises from (i) any breach by Keeper of law and (ii) the infringement of any patent, trademark or copyright of such third party to the extent resulting from Customer's authorized use of the Software. If Customer's use of Keeper's Software is (or in Keeper's reasonable opinion is likely to be) enjoined, Keeper may, at its sole option and expense (a) replace or modify the Software to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Customer a license to continue using the Software or (c) if neither (a) nor (b) is commercially reasonable, terminate this Agreement and Customer's rights hereunder and provide Customer a refund of any prepaid, unused subscription fees for such Software.
3. Indemnification Procedure. The indemnification hereunder shall be provided on the condition that: (i) the claim is not the result of a violation of this Agreement by the indemnified Party, (ii) any claim relating to a violation of a third party's intellectual property rights is not the result of a modification of the Software nor of a combination of the Software with any other intellectual property or components, in either case by or at the direction of Customer, (iii) the indemnified Party shall provide the indemnifying Party with prompt written notice of the claim and (iv) the indemnified Party shall provide reasonable cooperation and full authority to defend or settle the claim (provided that it shall not settle any claim in a manner that assigns any wrongdoing or imposes any liability upon the indemnified Party). The indemnified Party shall be entitled, at its own expense, to participate in any such litigation, negotiations and settlements with counsel of its own choosing. With respect to any claim for which indemnification is provided, it shall be the sole and exclusive remedy.

8. Keeper Security and Data Protection Controls

1. Data Access and Controls. Keeper is a certified cybersecurity company with strict controls about privacy, security and confidentiality. The appropriate processes and controls are in place to protect the security, privacy and confidentiality of Customer Data. As a result of Keeper's operations and internal controls, the collection of Customer Data is limited to general information that allows Keeper to service the Customer's account in the event the Customer needs support services. Keeper utilizes a proprietary Zero-Knowledge Security Architecture. As such, only the Customer has knowledge of and access to its master password and the encryption keys that are used to encrypt and decrypt Customer's vault records. Keeper's Privacy Policy as well as the Data Processing Addendum ("DPA"), are each incorporated herein and shall govern the handling of personal data provided hereunder. For clarity, Keeper is permitted to collect, use, and analyze aggregated anonymized usage, telemetry and operational data relating to use of the Services for purposes of operating, securing, supporting, and improving the Services, provided that such data does not include Customer Data or permit identification of Customer or its Authorized End Users.
2. Security Policies and Disclosure. Consistent with the foregoing paragraph, Keeper maintains strict data security measures, controls and policies in accordance with Keeper's published security disclosures. Keeper shall maintain consistent or improved levels of security policies, procedures and controls during the term of this Agreement.

9. Confidential Information

1. Restrictions on Use and Disclosure. Each Party agrees: (a) to protect and safeguard the other Party's Confidential Information against unauthorized use, publication or disclosure with the same degree of care that it uses to protect the confidentiality of its own Confidential Information and, in any event, not less than reasonable care; (b) to restrict access to the other Party's Confidential Information to those of its and its Affiliates officers, directors, employees, agents, attorneys, accountants, investment advisors and contractors who have a strict need to know such information for the purpose of this Agreement and are bound by confidentiality obligations that afford the Confidential Information a substantially similar level of protection as is afforded by this Agreement; and (c) not to use or permit others to use, the other Party's Confidential Information except as is reasonably necessary to perform its obligations or exercise its rights under this Agreement. Each Party will destroy all Confidential Information of the other Party upon the termination or expiration of this Agreement or upon the request of the other Party; provided, however, neither Party will be required to destroy information or materials that it must retain during or after termination or expiration of this Agreement in order to comply with any legal or regulatory obligation or properly perform in accordance with this Agreement. Except as expressly permitted in writing, neither party shall make any Confidential Information received hereunder available to any artificial intelligence tools (including generative AI or large language models), except solely for the receiving party's internal use in a secure, access-controlled environment that does not result in AI model training or in the unauthorized retention, disclosure or use of such information.
2. Exceptions. The foregoing restrictions do not apply to information that: (a) is already known to the receiving Party without restriction on use or disclosure at the time of communication to the receiving Party; (b) is or becomes publicly known through no wrongful act or inaction of the receiving Party; (c) has been rightfully received from a third party authorized to make such communication, without restriction on use or disclosure; or (d) has been independently developed by the receiving Party without use of the Confidential Information of the other Party. If and to the extent required by applicable law, including regulatory requirements, discovery request, subpoena, court order or governmental action, the receiving Party may disclose or produce Confidential Information but will give reasonable prior notice (and where prior notice is not permitted by applicable law, notice will be given as soon as the receiving Party is legally permitted) to the disclosing Party to permit the disclosing Party to intervene and to request protective orders or confidential treatment therefor or other appropriate remedy regarding such disclosure. Disclosure of any Confidential Information pursuant to any legal requirement will not be deemed to render it non-confidential and the receiving Party's obligations with respect to Confidential Information of the disclosing Party will not be changed or lessened by virtue of any such disclosure. Notwithstanding the foregoing, each party may disclose Confidential Information without prior notice in connection with a routine regulatory examination not specifically directed at the other party or its data/services. Notwithstanding any provisions herein, if Customer is a government entity, Customer will comply with all laws applicable to it with respect to disclosure of public information.
3. Remedies. Each Party understands and acknowledges that any disclosure or misappropriation of any of the disclosing Party's Confidential Information in violation of this Agreement may cause the disclosing Party irreparable harm, the amount of which may be difficult to ascertain and, therefore, agrees that the disclosing Party will have the right to apply to a court of competent jurisdiction for an order restraining any such further disclosure or misappropriation and for such other relief as the disclosing Party will deem appropriate. Such right of the disclosing Party will be in addition to the remedies otherwise available to the disclosing Party at law or in equity.

10. Disclaimer and Limitation of Liability.

10.1 EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES ARE PROVIDED "AS IS" AND KEEPER DOES NOT WARRANT THAT IT WILL BE UNINTERRUPTED OR ERROR FREE NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM ITS USE. EXCEPT AS EXPRESSLY SET FORTH HEREIN, KEEPER DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, AVAILABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. KEEPER IS UNDER NO CIRCUMSTANCES RESPONSIBLE FOR THE UNIQUE VALUE OF ANY DATA STORED IN ITS SOLUTION.

10.2 TO THE MAXIMUM EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT OR OTHERWISE, SHALL EITHER PARTY OR ANY OF ITS UNDERLYING SERVICE PROVIDERS, BUSINESS PARTNERS, INFORMATION PROVIDERS, ACCOUNT PROVIDERS, LICENSORS, OFFICERS, DIRECTORS, EMPLOYEES, DISTRIBUTORS OR AGENTS; BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, COVER, RELIANCE OR CONSEQUENTIAL DAMAGES, EVEN IF EITHER PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES.

10.3 IN THE EVENT THAT, NOTWITHSTANDING THE FOREGOING, EITHER PARTY IS FOUND LIABLE TO THE OTHER PARTY FOR DAMAGES FROM ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE), THE MAXIMUM AGGREGATE LIABILITY OF EACH PARTY TO THE OTHER ARISING IN CONNECTION WITH THIS AGREEMENT SHALL BE LIMITED: (a) TO TWO TIMES THE AMOUNT PAID IN THE TWELVE (12) MONTHS PRIOR TO THE ACCRUAL OF THE APPLICABLE CLAIM IN CONNECTION WITH SUCH PARTY'S INDEMNIFICATION OBLIGATIONS; OR (b) TO THE AMOUNT PAID FOR THE SERVICES IN THE TWELVE (12) MONTHS PRIOR TO THE ACCRUAL OF THE APPLICABLE CLAIM IN ALL OTHER CASES.

10.4 THE LIMITATIONS IN THIS SECTION 10 WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY, BUT SHALL IN NO EVENT APPLY TO A PARTY'S OBLIGATIONS TO PAY FOR FEES INCURRED HEREUNDER; A PARTY'S VIOLATION OR MISAPPROPRIATION OF THE OTHER PARTY'S INTELLECTUAL PROPERTY; A PARTY'S FRAUD, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT; OR ANY OTHER LIABILITY THAT CANNOT BE LIMITED BY LAW. NOTHING IN THIS AGREEMENT IS INTENDED TO EXCLUDE OR LIMIT ANY RIGHTS OR REMEDIES THAT MAY NOT BE WAIVED UNDER APPLICABLE LAW.

11. Export Controls

1. Keeper's software utilizes strong encryption using a 256-bit AES cipher and is approved for export by the U.S. Department of Commerce Bureau of Industry and Security under license #5D992. Customer warrants that it is not a "Restricted Person." For purposes of this Agreement, you are a "Restricted Person" if you or any officer, director or controlling shareholder of the entity on behalf of which you are using the Services is (1) a nation of or an entity existing under the laws of Cuba, Iran, Sudan, Syria or any other country with which U.S. persons are prohibited from engaging in transactions, as may be determined from time to time by the U.S. Treasury Department; (2) designated as a Specially Designated National or institution of primary money laundering concern by the U.S. Treasury Department; (3) listed on the Denied Persons List or Terrorists List or Entity List by the U.S. Commerce Department; (4) engaged in nuclear, missile, chemical or biological weapons activities to which U.S. persons may not contribute without a U.S. Government license; or (5) owned, controlled or acting on behalf of a Restricted Person.
2. If Customer becomes a Restricted Person during the Term of this Agreement, Customer shall promptly notify Keeper and Keeper shall have the right to terminate any further obligations to Customer, effective immediately and with no further liability to Customer, but without prejudice to Customer outstanding accrued obligations to Keeper.
3. Customer shall not utilize the Services to conduct or facilitate any transaction with any Restricted Person, except as may be expressly authorized in advance in writing by the U.S. Government. Customer may not remove or export from the United States or allow the export or re-export of the Services in violation of any restriction, laws or regulations of the United States or any other applicable country.

12. General Provisions

1. Relationship Created. The relationship between Keeper and Customer established by this Agreement is solely that of independent contractor. Nothing contained in this Agreement shall be construed as creating a joint venture, partnership or employment relationship between the Parties, nor shall either Party have the right, power or authority to create any obligation or duty, express or implied, on behalf of the other.
2. No Third-Party Beneficiaries. This Agreement is an agreement between the Parties and confers no rights upon either Party's employees, agents, contractors, partners or customers or upon any other person or entity.
3. ARBITRATION. EXCEPT FOR DISPUTES, CLAIMS OR CONTROVERSIES ARISING OUT OF OR RELATING TO OWNERSHIP, VALIDITY OR INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, ANY DISPUTE, CONTROVERSY OR CLAIM ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL BE RESOLVED BY BINDING ARBITRATION ADMINISTERED BY THE AMERICAN ARBITRATION ASSOCIATION ("AAA") IN ACCORDANCE WITH ITS COMMERCIAL ARBITRATION RULES THEN IN EFFECT. THE ARBITRATION SHALL BE GOVERNED BY THE FEDERAL ARBITRATION ACT. THE ARBITRATOR SHALL HAVE THE EXCLUSIVE AUTHORITY TO RESOLVE ALL ISSUES RELATING TO THIS PROVISION. THE ARBITRATION SHALL TAKE PLACE IN WILMINGTON DELAWARE BEFORE A SINGLE ARBITRATOR. JUDGMENT ON THE AWARD RENDERED BY THE ARBITRATOR MAY BE ENTERED IN ANY COURT HAVING JURISDICTION THEREOF. NOTWITHSTANDING THE FOREGOING, IF APPLICABLE LAW DOES NOT PERMIT THE RESOLUTION OF DISPUTES BY BINDING ARBITRATION OR RESTRICTS THE ENFORCEABILITY OF THIS ARBITRATION PROVISION WITH RESPECT TO A PARTICULAR CUSTOMER, SUCH DISPUTES SHALL BE RESOLVED EXCLUSIVELY IN ACCORDANCE WITH SECTION 12.G TO THE EXTENT THIS PROVISION IS UNENFORCEABLE.
4. Assignment. This Agreement may not be assigned, sublicensed or transferred, in whole or in part, by either Party except with the other Party's prior written consent, which consent shall not be unreasonably withheld, conditioned or delayed; except, however, Keeper may assign this Agreement in its entirety, without Customer's consent, to its affiliate or in connection with a merger, acquisition, corporate reorganization or sale of all or substantially all of its assets.
5. Headings. The headings in this Agreement are for reference only and will not affect the interpretation of this Agreement.
6. Force Majeure. In the event that Keeper is unable to perform any of its obligations under this Agreement because of natural disaster, terrorism, fire, explosion, power blackout, earthquake, flood, the elements, strike, embargo, labor disputes, acts of civil or military authority, war, acts of god, acts or omissions of carriers or suppliers, acts of regulatory or governmental agencies, actions or decrees of governmental bodies or communication line failure not the fault of Keeper or other causes beyond Keeper's reasonable control (a "Force Majeure Event") Keeper shall give notice to Customer and shall take commercially reasonable efforts to resume performance. Upon receipt of such notice, all obligations under this Agreement shall be immediately suspended. If the period of nonperformance exceeds thirty (30) days from the receipt of notice of the Force Majeure Event, Keeper may by giving written notice immediately terminate this Agreement as provided herein.
7. Governing Law, Jurisdiction and Venue. With regard to any claims not resolved under 12.c, this Agreement shall be exclusively: brought before the courts of and construed (without regard to conflict of law provisions) pursuant to the law of that of the applicable Keeper Entity as specified in the following table:

   Keeper Entity	Governing Law & Venue
   Keeper Security, Inc.	Delaware, United States
   Keeper Security EMEA Limited	Ireland
   Keeper Security APAC KK	Tokio (Japón)

   The U.N. Convention on Contracts for the International Sales of Goods is hereby expressly excluded.
8. Governmental agencies. In the event that the Customer is a governmental entity or agency, any provision of this Agreement that conflicts with or is inconsistent with, any applicable law, regulation or mandatory policy governing such entity shall be deemed null, void and of no effect to the extent of such conflict. All remaining provisions of this Agreement shall remain valid and enforceable. Customer shall promptly notify Keeper in the event the Keeper seeks to rely on or enforce a provision that is rendered unenforceable under this Section.
9. Entire Agreement & Survival. This Agreement, including any amendments and attachments hereto that are incorporated herein, constitute the entire Agreement between the Parties shall replace and supersede any prior agreements governing this subject matter. In the event of a conflict, the order of priority shall be (i) any Order, (ii) the DPA, (iii) this Agreement and (v) any referenced policies. The termination or expiration of this Agreement shall not relieve either party of any obligations incurred prior thereto, nor shall it affect any provisions of this Agreement that expressly or by implication are intended to survive termination or expiration, including those relating to confidentiality, indemnification, limitation of liability and governing law. Any ambiguities in this Agreement shall be interpreted in a manner consistent with its commercial purpose and not strictly for or against either Party.
10. Amendment. No modification, termination or waiver of any provisions of this Agreement shall be binding upon a Party unless in writing and signed by an authorized officer of the relevant Party(ies). No provision of any purchase order or other document issued by Customer, which purports to alter, vary, modify or add to the provisions of this Agreement or the applicable Order, shall be binding upon Keeper or effective for any purpose, unless accepted by Keeper in writing. It is further expressly understood and agreed that, there being no expectations to the contrary between the Parties, no usage of trade or other regular practice or method of dealing either within the computer software industry, Keeper's industry or between the Parties shall be used to modify, interpret, supplement or alter in any manner the express terms of this Agreement or any part thereof. Notwithstanding the foregoing, Keeper may modify or replace this Agreement, with any such changes taking effect at a subsequent purchase or renewal, provided they do not materially diminish Customer rights.
11. Severability. If any provision or provisions of this Agreement shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.
12. Waiver. No delay or failure of Keeper or Customer in exercising any right herein and no partial or single exercise thereof shall be deemed of itself to constitute a waiver of such right or any other rights herein. Any waiver by Keeper or Customer of any breach of any provision of this Agreement shall not operate or be construed as a waiver of any subsequent or other breach.
13. Publicity. Neither Party shall make any other public use of the other Party's name, logos or trademarks, without the other Party's written consent.
14. Notices & Language. Legal notices related to this Agreement shall be sent: (i) for Keeper to contracts@keepersecurity.com; and (ii) for Customer, to the admin designated during implementation or as otherwise directed by Customer in writing. This Agreement may be translated into other languages for convenience only. In the event of any inconsistency or conflict between the translated version and the English language version, the English language version shall exclusively govern and control.
15. Evaluation Usage. Notwithstanding anything to the contrary in the Agreement: (a) Should a trial or free download of any product or component be available, Customer's use thereof ("Evaluation") is entirely optional and at Customer's sole discretion; (b) the Evaluation is provided without commitment of support and may be modified, suspended or discontinued at any time without prior notice from Keeper; (c) the Evaluation may experience reduced performance, reliability or availability compared to the generally available Services; (d) the Evaluation has not undergone the same security reviews, safeguards or compliance audits as the Services; and (e) KEEPER DISCLAIMS ALL LIABILITY OF ANY KIND ARISING FROM OR RELATING TO CUSTOMER'S EVALUATION, WHICH IS PROVIDED "AS IS" AND AT CUSTOMER'S OWN RISK.

Partner Terms

THESE PARTNER TERMS OF USE ("PARTNER TERMS" OR "AGREEMENT") GOVERN YOUR RECEIPT, ACCESS TO AND USE OF THE SERVICES (DEFINED BELOW) PROVIDED BY THE FOLLOWING APPLICABLE KEEPER ENTITY: (A) KEEPER SECURITY EMEA LIMITED, IF YOU ARE LOCATED IN THE UK, EEA OR SWITZERLAND, (B) KEEPER SECURITY APAC KK, IF YOU ARE LOCATED IN JAPAN OR ELSE (C) KEEPER SECURITY, INC (SUCH ENTITY "KEEPER"). BY ACCESSING, UTILIZING OR TRANSACTING THROUGH THE KEEPER PARTNER PORTAL LOCATED AT PARTNERS.KEEPER.IO (THE "PORTAL") OR BY AGREEING TO ANY OTHER PARTNER TERMS REFERENCING THIS AGREEMENT (INCLUDING BY CLICKING A BOX INDICATING ACCEPTANCE), YOU AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF SUCH ACCESS IS ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY ("PARTNER") THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES SO ON BEHALF OF SUCH ENTITY AND THE INDIVIDUAL REPRESENTS AND WARRANTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY OR IF THE ENTITY DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES. CAPITALIZED TERMS HAVE THE MEANINGS SET FORTH HEREIN. THE PARTIES AGREE AS FOLLOWS:

Política de Privacidad

Introduction

For convenience, this policy may be translated into your local language depending on your resident country when visiting the website. Where there is any ambiguity or conflict of terms, the English version will take precedence.

Keeper Security, Inc. ("Keeper") is committed to protecting your privacy. This Privacy Policy explains how we collect, use and protect personal information when you use our services, visit our website, receive marketing communications or participate in our partner programs. It also describes the choices available to you and how you can exercise your privacy rights.

Table of Contents

In this Privacy Policy, "you" refers to any individual whose personal data is processed by Keeper, including business and non business users, website visitors or business program partners. Some parts of this Policy apply broadly to everyone, while others are more specific to certain groups and we have noted this where relevant.

Keeper's Role in Data Protection

Keeper acts as a controller or processor of personal data depending on how you use our services.

For business and enterprise customers, Keeper acts primarily as a processor when processing data on behalf of the organization that licenses and administers Keeper accounts for its users. Keeper acts as an independent controller where it determines the purpose and means of processing for certain categories of data such as account registration, billing, technical and service usage analytics, customer support communications, website interactions and partner program information.

For individual and family users, Keeper acts as controller as we determine how your personal data is used to provide the service. This applies to account registration details (such as name, email and phone number), subscription and billing information, technical and service usage analytics, customer support communications and website interaction data.

In all circumstances, Keeper does not control or access any encrypted data you store in your Keeper vault. Your vault contents remain fully encrypted on your device and are inaccessible to Keeper or its staff under our zero knowledge security model.

As used in this Privacy Policy, "personal data" or "personal information" has the meaning provided in the EU General Data Protection Regulation of 2018 (the "GDPR") and includes any information which, either alone or when combined with other information we hold, identifies an individual, such as name, mailing address, email address, IP address and telephone number.

Información que recopilamos

For all users, we collect different types of information depending on how you interact with Keeper.

1. When You Use the Services:

Account Registration:
Keeper collects limited personal information from all users who register with our services including a username or email address and phone number for the purpose of account verification and authentication.

Payment Information:
If a user decides to subscribe to our service, we may collect credit card information which is tokenised and used for payment processing, but not stored. We use this registration information to authenticate users and provide access to Services.

Technical Usage Information:
As with any cloud-based services, when you download and use our product we automatically collect information on the type of device you use, operating system version, a randomly-generated device identifier, system performance information and IP address. We also use the email addresses used in the registration information to communicate with our users.

Record Sharing:
If you choose to allow other people to access a Keeper vault record, we will ask you for that person's email address. We will automatically send this person a one-time email inviting them to visit the site and application. Keeper stores this information to send a one-time email. If the assigned person or your prospect chooses to decline, s/he may contact us at privacy@keepersecurity.com to request that we remove this information from our database.

2. When You Visit Our Website or Receive Marketing:

End-users of Keeper business customers will not receive consumer marketing email communications from us but may receive important communications related to changes to services, maintenance notifications and security-related events. Keeper consumer end-users periodically may receive email communications from us regarding changes to our services, maintenance notifications, promotional materials and important security-related events. You will be permitted at any time to "opt-out" of the receipt of email communications related to marketing and promotional material. The "opt-out" page can be viewed here: https://www.keepersecurity.com/unsubscribe.html. In the event you opt-out from receiving marketing and promotional material, we may, as necessary, email you in connection with a purchase confirmation, customer support matter or security issue related to your account.

Cookies & Other Technologies:
Keeper and our marketing partners use cookies and other tracking technologies to collect information about your interactions with our websites and products for essential, functional, analytical and advertising purposes. For more information, please see our Cookie Policy, which includes information on how to control or opt out of these cookies and tracking technologies.

3. When You Participate in Partner Programs:

(For partners, distributors, resellers, managed service providers)
Keeper works with partners such as Resellers, Managed Service Providers (MSPs), Distributors and Referral partners. During the course of these programs, we may collect personal information such as name and email when registering a new transaction, making a referral and to manage the partner program.

How We Use Information and Legal Basis

1. For All Users:

To provide our services:
We use your information to create and manage your account. We use your information to deliver core features and enable support and troubleshooting. We also use contact and billing information to process payments for our services.

To improve our services:
We may provide limited contact, payment and usage information to companies that provide services to help us with our business activities such as our live chat customer support or analytics provider. These companies are authorised to use such information only as necessary to provide these services to us.

To assist and communicate with you:
We use your contact details to send service related notifications, respond to questions and provide support. Where you opt in and provide consent, we may also send product updates and other promotional information by email, phone or mail. We may use automated technology, such as chat tools, to help record your request, suggest content and facilitate our responses to you.

To market our products and services:
We may use information about how you use our sites and services, such as products or features used, events attended or promotions you've engaged with and browsing activity to optimize the delivery of our advertisements and measure the effectiveness of our marketing initiatives. Our Cookie Policy further explains how we use cookies and similar tracking technology to help us market our products to you.

To comply with legal obligations:
To meet and comply with legal requirements and to respond to lawful requests.

Corporate Transactions:
If Keeper is involved in a merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

2. For Website Visitors:

Analytics and Diagnostic:
Keeper collects and logs aggregate user statistics and website traffic. Such information includes website traffic statistics, date and time of visits, browser type used to access the service, frequency of visits and to which pages, etc. We use this information to improve the services delivered to our customers, to track and diagnose performance problems and administer the website. We will also use information shared by you when getting in touch with us through the website for the purposes of communicating with you.

3. For Partners and Resellers:

To administer partner programs:
To manage relationships with resellers, MSPs, distributors, referral and technology partners and to handle deal registrations or referrals.

4. Legal Basis:

If you are located in the European Economic Area, United Kingdom or Switzerland, our legal bases for collecting and using personal data as described in this Privacy Policy depends on the personal data and the specific context in which we collect it. In some cases, we may rely on multiple legal bases to process your data. Our legal bases to process your personal data include:

• Performance of contract with you, such as to provide and maintain our services for your use. It is necessary for us to process your contact information, secure data, service data and diagnostic data to provide, improve and secure our services for you.
• In furtherance of our legitimate interests, we process your contact information, service data and diagnostic Data, to develop and train new technology, to analyze and improve our existing services and to customize content used for our marketing purposes. Where we are using your information because we or our customers (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use and in some cases, this may mean no longer using the services. See our notice to business users here.
• With your consent, such as when you tell us we may use your location or non-essential cookies and similar technologies. When we process your information based on your consent you may revoke your consent at any time, in some cases this may not affect any processing that has already taken place.
• To comply with a legal obligation, including to prosecute, exercise or defend a lawsuit, arbitration or similar legal proceeding or to respond to lawful requests by public authorities (including national security or law enforcement requests).

See the 'Your Privacy Rights' section for information on how to exercise your rights.

How We Share Information

1. Vendors and Service Providers:

Keeper transmits limited personal information on vendor-sourced software, under strict confidentiality and security protocols, to provide essential business services including customer support and account security, account management, analytics, payment processing and live chat. Keeper has data protection agreements with its vendors which limit the use of customer information to essential business functions.

2. Access Limitations and Legal Disclosures

Keeper does not have access to or knowledge of an account holder's master password, encryption keys or access to their Keeper vault, including images, videos and files that are uploaded.

Accordingly, any account disclosure required by law, under a subpoena, would be limited to general account information such as the account holder's name and account term. Keeper may disclose aggregated user statistics (for example, 50% of Keeper customers use the service daily) in order to describe our services to prospective partners, affiliates and other third parties for lawful purposes.

Keeper will never disclose such data on an individual or identifiable basis to third parties except when we must comply with laws that require such disclosure to law enforcement authorities or other government third party officials such as subpoenas or we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others and to investigate fraud.

Other than as disclosed in this Privacy Policy, at no time will Keeper disclose identifiable personal information to any third parties without your express, written consent.

Seguridad

Keeper is a Zero Knowledge service provider. All vault data is encrypted and decrypted at the device level and Keeper never has access to your Master Password or vault contents. We implement multiple layers of encryption and strict technical and organizational measures to protect your personal data against unauthorized access, disclosure or loss.

Keeper hosts its infrastructure with Amazon Web Services (AWS) in secure, monitored environments. Keeper's security practices and controls are independently audited and certified, including SOC 2 and ISO 27001 and certain services are available in FedRAMP High-authorized environments for U.S. government and public sector customers.

For more detailed information about Keeper's security model, please visit: https://keepersecurity.com/security. For details about Keeper's encryption model, please visit https://docs.keeper.io/enterprise-guide/keeper-encryption-model

International Data Transfers

As a global organization, we may need to transfer your personal data to Keeper affiliates, contractors, service providers and third parties in various countries and jurisdictions around the world. Keeper employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law:

1. EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF")

As set forth by the U.S. Department of Commerce Keeper is certified under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF and relies on these certifications as its primary transfer mechanisms for transfers of personal data from the EU, UK and Switzerland to the U.S. Keeper adheres to the DPF principles for onward transfers of personal data to third parties and remains liable for damages caused by third parties under the DPF unless Keeper did not cause the event giving rise to damage. The U.S. Federal Trade Commission has jurisdiction over Keeper's compliance with the DPF.

When using the DPF frameworks, Keeper commits to refer unresolved complaints concerning our handling of personal data to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you. To learn more about the Data Privacy Framework ("DPF") program and to view our certification, please visithttps://www.dataprivacyframework.gov/

2. Standard Contractual Clauses

Where neither the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, Swiss-EU DPF apply, we rely instead on other data transfer mechanisms to transfer personal data outside the EEA, the UK and Switzerland, such as Standard Contractual Clauses and the UK's International Data Transfer Agreement.

3. Brazilian Standard Contractual Clauses

Keeper uses the Brazilian Standard Contractual Clauses as the legal mechanism for transferring personal data from Brazil.

If you are a Brazilian data subject, you have rights afforded to you by the Lei Geral de Proteção de Dados Pessoais ("LGPD"), specifically those outlined in Article 18. You may exercise your rights by contacting our DPO at privacy@keepersecurity.com

Your Privacy Rights

You are entitled to make requests with regard to the processing of your personal data and we will comply with your request promptly, but in any event within 30 days of your request (45 days for requests under the CCPA). We may need to retain certain information for recordkeeping purposes or to complete transactions that you began prior to requesting such change or deletion and to meet legal obligations.

1. Access Your Data

You have the right to your information. You can export or download your Keeper information while logged in to your account at any time but please note we can't decrypt your information for you. Your export will be limited to the information you saved in your Keeper account.

You can ask us to confirm if we are processing your personal information and provide you with details about our processing by contacting us at privacy@keepersecurity.com.

2. Correct Your Information

You can update your data from within your settings and modify it from your account. You may also contact us about correcting or updating your profile information at privacy@keepersecurity.com. In your request, please make clear what personal data is concerned and the change required. Keeper cannot modify your vault data.

3. Deletion

Account cancellation: Deleting your Keeper account will also cancel any active subscription and end access to all associated services. You can find out more about managing subscriptions and deleting your account here.

You can also submit a deletion request by contacting us at deleteme@keepersecurity.com.

4. Retention

Keeper will retain information for as long as an account is active or as needed to provide the services. Retention periods may be determined by the purpose of processing, contractual requirements, legal obligations and the need to resolve disputes or enforce agreements.

5. Object to Certain Uses

You can object to any processing of your personal information that is done on the basis of our legitimate interests, unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process your information for the establishment, exercise or defense of a legal claim. In some cases, if you object to our use, it may mean no longer using the services. To exercise this right, contact us using the methods provided in the Contact Us section of this Privacy Notice.

6. Limit How We Use Information.

You can ask us to restrict the processing of your personal information under certain circumstances (e.g., when you wish to contest the accuracy of your data). You can also ask us to freeze your account at any time by contacting us as described in the Contact Us section of this Privacy Policy. When your account is frozen, you will not be able to provide ongoing or future data to us that is associated with your account.

7. Additional Rights (CCPA, LGPD, etc.)

In addition to the rights listed above, California residents have rights under the California Consumer Privacy Act (CCPA) and Brazilian residents under the Lei Geral de Proteção de Dados (LGPD). These include the right to access, correct, delete and opt out of certain data uses. Keeper does not sell or share personal information, while some a. Requests can be made to privacy@keepersecurity.com. Keeper does not sell or share personal information as those terms are defined under applicable U.S. state privacy laws.

8. Complaints

If you have concerns about how Keeper handles your personal data, you can contact us at privacy@keepersecurity.com. You also have the right to lodge a complaint with a data protection authority or regulator in your country, state or region of residence. For individuals in the EU, the relevant supervisory authority is the Data Protection Commission in Ireland and for individuals in the UK, the Information Commissioner's Office (ICO).

Información Adicional

Keeper offers features such as KeeperFill® and the Keeper Browser Extension, which allow you to securely autofill login credentials on websites and applications. These features operate under Keeper's Zero Knowledge architecture, meaning Keeper cannot access, track or view vault contents, browsing history or Master Passwords. Your Master Password is known only to you and is never stored or accessible to Keeper staff or contractors. Keeper does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

In addition, you may choose to engage with Keeper through community or marketing activities such as submitting a testimonial, participating in our blog or following third party links from Keeper's websites. Any information you provide in these contexts (such as your name, company or comments) is used only for that purpose and we will obtain your consent before publishing testimonials or similar content.

Please note that third party platforms (e.g. blog providers, video hosts or linked websites) are subject to their own privacy policies, which Keeper does not control. For active business customers, Keeper may display your company badge or logo on our website.

Keeper's services are not intended for children and it does not intentionally collect personal data from children under eighteen years of age.

Contacte con nosotros

We reserve the right to change this Policy and will notify you of such changes via email or our website. If we make any material changes we will notify you by email or by means of a notice on this Site prior to the change becoming effective. If you have questions or concerns regarding this Privacy Policy, you may contact our Data Protection Officer at privacy@keepersecurity.com.

Mail:
Privacy Office
Keeper Security, Inc.
311 W. Monroe Street
Suite 406
Chicago IL 60606

Notice to End Users / Business Managed Accounts

Keeper is a processor of personal data processed on behalf of our business customers. If you use Keeper services with an account provided by your employer or an organization that you are affiliated with, that organization is the controller of your information and the administrator of your account. We refer to personal data processed in connection with our services offered to businesses as "Customer Data." We only process Customer Data to fulfill our contractual obligations, or as otherwise instructed by our business customers. If you have questions about the processing of your information or would like to exercise your data protection rights, please contact your account administrator. Please note, the Keeper Privacy Policy does not apply to business products or services.

As an end user of a business product, your information is subject to the privacy notices provided to you by your organization. We recommend that you review your internal privacy policies prior to creating an account with us.

Your account administrator manages your Keeper account and any information associated with your account. This means that your account administrator can access and process your data, including insights derived from how you use and interact with the services and any privacy controls associated with your account. Your account administrator controls which services you may access using your account and can manage access to particular features and services at their discretion.

If you have created a free family or individual account provided by your account administrator, your personal account is covered by the Keeper Terms and Privacy Notice and cannot be accessed or processed by your account administrator. If you lose access to the organization that you are affiliated with (for example, if you change your employment), you may lose access to Keeper business products, including your employee vaults and the information contained within. Your individual or family Keeper account and data associated will remain yours, subject to the Keeper Terms.

At our discretion, we may make changes to this Policy and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Policy. We maintain the right to send you an email or in app notification informing you of substantive changes. Previous versions will be made available here.

Service Level Objectives

1. Service Levels

Keeper Security shall at all times during the Term of this Agreement provide the Services to meet or exceed the Service Level Performance Measure for each Service Level Performance Criterion, as defined herein below. Customer's sole and exclusive remedy for a breach of the Service Level Objectives shall be termination of the Agreement without further obligation.

2. Performance Monitoring

Keeper Security shall implement all measurement and monitoring tools and procedures necessary to measure, monitor and report on Keeper Security's performance of the provision of the Services against the applicable Service Levels at a level of detail sufficient to verify compliance with the Service Levels. Keeper's Service Level Performance Measure status and recent history may be found at https://statuspage.keeper.io/.

3. Service Levels

The Service will be available 99.9% of the time as measured on a monthly basis ("Uptime Availability") excluding "Emergency Maintenance" (unscheduled maintenance activities that are necessary to address or prevent critical issues affecting the availability, security or functionality of the service) and Force Majeure Events. Uptime Availability only applies to events isolated to the availability of Keeper Services API and not to events tied to individual Customers or resulting from external factors, such as Customer's ISP, Single Sign-On or technical integration issues.

Uptime Availability

• below 99.9% but greater than or equal to 99.5%
• below 99.5% but greater than or equal to 99.0%
• below 99.0% but greater than or equal to 98.0%
• below 98.0%

4. Disaster Recovery

Keeper maintains, updates and periodically tests a disaster recovery plan. The following objectives are provided for the Services:

a. Recovery Time Objective (RTO) - 8 hours

b. Recovery Point Objective (RPO) - 24 hours

Support Service Level Objectives

Support Tiers

Keeper provides support to customers who purchase Keeper Services. Every customer is entitled to the Free support tier as part of their purchase. Silver and Platinum support tiers are reserved for customers who purchase corresponding Silver or Platinum support SKUs. Tiers descriptions are available for review at https://www.keepersecurity.com/professional-services-business.html.

Communication Channels

Customers can engage with support based on the communication channel associated with their support tier. To initiate support, customers are encouraged to use the following communication channels:

Automated Chat: https://www.keepersecurity.com/chat-support/

Live Chat: https://www.keepersecurity.com/chat-support/

Web form submission on https://keepersecurity.com/support

Self-Service Support Tools

Keeper provides comprehensive self-help resources for customers to retrieve information and support themselves.

Self-Service Guide for Administrators: Enterprise Guide

Training Videos: https://www.keepersecurity.com/support.html

Self Service Guide for End Users: End User Guide

Scope of Customer Support

Keeper shall provide customer support solely as outlined herein.

Customers may submit requests for custom services that fall outside the scope of the Agreement. Any out-of-scope requests will be subject to Keeper approval in its sole discretion as well as a separate price quotation which will be mutually agreed upon by all Parties before commencing work.

Usage Guidelines and Information

1. Software and Security

• Keeper requires an active Internet connection to function on cloud-based platforms such as web browsers and extensions.
• All information is encrypted with 256-bit AES and transmitted to Keeper's Cloud Security Vault™ via a 256-bit TLS connection.
• Keeper employees do not have access to your records and cannot retrieve them if you forget your Master Password.

2. Agreement and Policies

Use of the Software is subject to the applicable agreement, which includes Keeper Security, Inc.'s DPA and Privacy Policy and any additional rules or guidelines that may be published.

3. Support & Tiers

• Free Support: Included with every Keeper purchase and comprising access to our library of guides, tutorials and related resources.
• Silver & Platinum Support: Reserved for customers who purchase corresponding Silver or Platinum support SKUs.
• Full tier descriptions are available at: Keeper Professional Services.
• In some cases, you may grant remote screen access for troubleshooting. Keeper staff will never access your Master Password or stored records.

Customers may access support through the following channels, based on their support tier:

• Automated Chat: keepersecurity.com/chat-support
• Live Chat: keepersecurity.com/chat-support
• Web Form Submission: keepersecurity.com/support

Keeper also provides resources for customers to resolve issues independently:

• Training Videos: keepersecurity.com/support.html
• Self-service guide for end users: End User Guide

4. Master Password

Keeper provides comprehensive self-help resources for customers to retrieve information and support themselves.

• You must create and maintain a unique Master Password.
• Keeper does not store, know or request your Master Password, even during support.
• If lost or forgotten, your Master Password cannot be recovered by Keeper.
• You may not share your Master Password with third parties, including Keeper support staff.

5. Eligibility

• The Software is available only to individuals capable of entering legally binding contracts and is not available to persons under 18.
• By using the Software, you represent that you are at least 18 years old.
• If using Keeper as part of an administered program, you must have authorization from your administrator.

6. Maintenance of Your Keeper Records

Keeper allows end users to enter, store, secure, back up, share and restore confidential and sensitive information ("micro-data") and files on computers and mobile devices for the purpose of protecting this information from unauthorized access. "Micro-data" refers to short strings of critical information, such as website logins, passwords, Social Security numbers, bank account numbers, access codes, PIN codes and private notes.

Micro-data and files stored in a user's Keeper vault are collectively referred to as "Keeper Records." For paid subscribers Keeper Security maintains an encrypted binary backup of Keeper Records in Keeper Security's Cloud Security Vault™. This encrypted backup is created when records are backed up and is retained to allow recovery in the event of data loss caused by system failure, device damage/loss or a security incident that results in the destruction of local records. The Cloud Security Vault™ also enables secure synchronization of Keeper Records across devices on which Keeper is installed.

If a paid subscription expires and is not renewed within ninety (90) days, Keeper Security reserves the right to delete any Keeper Records in the account that contain files (such as documents, photos or videos). Notice will be provided prior to deletion using the email address associated with the user's Keeper account. Upon expiration accounts convert to Free User accounts.

Free Users may use Keeper on one mobile device only and do not have the ability to back up, restore, share or export their Keeper Records outside of that device. If the device or its data is lost or stolen, Free Users will not be able to recover their records.

Free User accounts are limited to a maximum of ten (10) Keeper Records. To exceed this limit, a paid Keeper plan (such as Unlimited, Family, Business or Enterprise) is required. Free User accounts may also store up to two (2) vault records containing time-based one-time passcode (TOTP) two-factor authentication codes. Additional TOTP records require a paid plan. Free User accounts may upload and store up to five (5) files in their Keeper vault, with a total storage limit of 100 MB. Exceeding this limit requires the purchase of a paid storage plan. If a Free User account remains inactive for twelve (12) consecutive months, Keeper Security reserves the right to terminate and delete the account. Prior notice will be sent to the email address associated with the account.

7. Uninstall Instructions

To uninstall Keeper, please visit the FAQ pages:

• docs.keeper.io/user-guides/uninstall-keeper
• keepersecurity.com/support.html

8. Important Account Information

Strong Master Password
It is highly recommended that customers choose a strong Master Password for their Keeper account. This Master Password should not be used anywhere outside of Keeper. Users should never share their Master Password with anyone.

Emergency Access (Digital Legacy)
Keeper's consumer product supports the ability to add up to 5 emergency contacts (must have their own paid account) to grant vault access in the event of an emergency or death. Once a specified wait time has elapsed, the emergency contact will gain access to the user's vault. The process of sharing a vault is Zero-Knowledge and the user's Master Password is never directly shared. EC or RSA encryption is utilized to share a 256-bit AES key with the emergency contact, at the expiration of the wait time set by the originating user. Therefore, the emergency contact must have a Keeper account (and a public/private key pair) to accept the invitation.

Account Recovery
A 24-word recovery phrase enables Keeper customers to regain access to their Keeper Vault if they lose or forget their master password. The word list used in BIP39 is a set of 2,048 words used to generate an encryption key with 256 bits of entropy. This method of recovery is commonly used in popular bitcoin and cryptocurrency wallets. Each word in the BIP39 list is carefully selected to improve visibility and make the recovery process less error-prone. Users should write their recovery phrase down and store it in a secure place such as a safe.
The recovery phrase generates a 256-bit AES key that encrypts a copy of the user's data key. To recover the account and reset the master password, users will need the recovery phrase along with an email verification and Two-Factor Authentication (2FA). Enterprise Admins can disable account recovery at the role enforcement policy level.

Los clientes Business y Enterprise disponen de un método de recuperación de cuentas de conocimiento cero para sus usuarios mediante la política de transferencia de cuentas de Keeper.

9. Contact

For questions regarding Keeper software:

• For inquiries: keepersecurity.com/support
• Mail:
  CRM Management
  Keeper Security, Inc.
  311 W. Monroe Street, Suite 406
  Chicago, IL 60606

10. Vulnerability Reporting and Bug Bounty Program

Keeper Security is committed to the industry best practice of responsible disclosure of potential security issues. We take your security and privacy seriously are committed to protecting our customers' privacy and personal data. Keeper's mission is to build the world's most secure and innovative security apps and we believe that bug reports from the worldwide community of security researchers is a valuable component to ensuring the security of Keeper's products and services.

Proteger a los usuarios es uno de los valores fundamentales de nuestra organización. Valoramos las aportaciones de los investigadores de buena fe y creemos que una relación continua con la comunidad de seguridad cibernética nos ayuda a garantizar su seguridad y privacidad, y hace de Internet un lugar más seguro. Aquí se incluye fomentar pruebas de seguridad responsables y la divulgación de vulnerabilidades de la seguridad.

Directrices
En la política de divulgación de vulnerabilidades de Keeper se estipulan las expectativas a la hora de colaborar con hackers de buena fe, así como también lo que puede esperar de nosotros.

Si las pruebas e informes de seguridad se realizan en el marco de las directrices de esta política:

• las consideraremos actividades autorizadas de conformidad con la Ley de Fraude y Abuso Informático de EE. UU.;
• Consider it exempt from DMCA and will not bring a claim against you for bypassing any security or technology controls,
• Consider it legal and will not pursue or support any legal action related to this program against you,
• colaboraremos con usted para entender y solucionar el problema rápidamente; y
• reconoceremos sus contribuciones de forma pública si usted es el primero en notificar el problema, y realizaremos un cambio en el código o en la configuración basado en el problema.

If at any time you are concerned or uncertain about testing in a way that is consistent with the Guidelines and Scope of this policy, please contact us at security@keepersecurity.com before proceeding.

Para fomentar las pruebas de seguridad de buena fe y la divulgación de las vulnerabilidades detectadas, le pedimos que:

• Avoid violating privacy, harming user experience, disrupting production or corporate systems and/or destroying data,
• Perform research only within the scope set out by the Bugcrowd vulnerability disclosure program linked below and respect systems and activities which are out-of-scope,
• Contact us immediately at security@keepersecurity.com if you encounter any user data during testing and
• Finalmente concédanos un tiempo razonable para analizar, confirmar y resolver el problema notificado antes de divulgar públicamente cualquier vulnerabilidad encontrada.

Submitting a Report
Keeper has partnered with Bugcrowd to manage our vulnerability disclosure program.

Please submit reports through https://www.keepersecurity.com/vulnerability-disclosure-policy/

Documentation & User Guides

Read our administrator guides, end-user guides and release notes for the Keeper Security platform.

Zero Knowledge

Learn more about our zero-knowledge encryption model and how it's engineered to deliver end-to-end security, privacy and compliance at scale.

Confianza cero

Vea cómo el marco de seguridad de confianza cero puede proteger su organización, lo fácil que es aplicarlo y cómo Keeper le ayuda a conseguir la confianza cero.

Security Practices

Take a deeper look into Keeper's zero-trust security, encryption methods, certifications and how Keeper protects passwords, secrets, privileged access and endpoints.

Centro de Confianza

Access Keeper's security and compliance resources and reports, such as SOC 2, ISO 27001 and regulatory attestations.

Brand Assets & Media Center

Access official Keeper brand assets, logos and media resources.

Keeper Patents

Legacy Terms

Prior to March 9, 2026

View legacy terms and conditions for historic reference.