Terms of Service
Last updated: March 6, 2026
1. Acceptance of Terms
By accessing or using ShieldKey, you agree to be bound by these Terms of Service. If you do not agree, do not use the service.
2. Service Description
ShieldKey is an API key security proxy. You register your real API keys with ShieldKey, receive shield tokens, and route API requests through our proxy. The proxy enforces access policies, logs metadata, and forwards requests to upstream providers using your encrypted keys.
3. Your Responsibilities
You agree to:
- Maintain the confidentiality of your account credentials and shield tokens.
- Not violate the terms of service of any upstream API provider when using ShieldKey as a proxy.
- Not use ShieldKey for any unlawful purpose or to transmit harmful, fraudulent, or abusive content.
- Configure appropriate access policies (IP allowlists, rate limits, geo-restrictions) to protect your tokens.
4. Service Availability
We strive to maintain high availability but do not guarantee uninterrupted service. ShieldKey adds minimal latency to proxied requests (median under 25ms). We are not liable for outages, errors, or latency caused by upstream API providers.
5. Plan Limits
Your use of ShieldKey is subject to the limits of your current plan (number of shield tokens, proxied requests per month, team seats). If you exceed your plan limits, requests may be throttled or rejected. You can upgrade your plan at any time from the dashboard.
6. Spend Budgets and Cost Estimates
ShieldKey provides spend budgets and cost estimation features as a convenience. Cost estimates are based on approximate token pricing and may not reflect your actual charges from upstream API providers. ShieldKey is not liable for any discrepancies between estimated costs and actual provider charges, for spend that exceeds a configured budget due to processing delays, or for any financial losses arising from reliance on spend budget features. Spend budgets are best-effort controls and are not a guarantee of cost containment. You are solely responsible for monitoring your upstream provider billing.
7. Data and Security
Your API keys are encrypted at rest with AES-256-GCM using an Argon2id-derived key. While we implement industry-standard security practices, no system is perfectly secure. You use ShieldKey at your own risk. For full details, see our Privacy Policy.
8. Limitation of Liability
To the maximum extent permitted by law, ShieldKey and its affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or business opportunities, arising from your use of or inability to use the service, even if we have been advised of the possibility of such damages.
9. Termination
- By you: You may delete your account at any time from the dashboard. All shield tokens will be revoked and encrypted keys will be permanently deleted.
- By us: We may suspend or terminate your account if you violate these Terms of Service. Upon termination, all tokens are revoked and encrypted keys are deleted.
10. Changes to Terms
We may update these Terms of Service from time to time. Continued use of ShieldKey after changes constitutes acceptance of the updated terms. We will notify you of material changes via email or the ShieldKey dashboard.
11. Contact
If you have questions about these Terms of Service, contact us at legal@shieldkey.io.