SealedNote
Open Source▲ Build Proof
Back to Home

Terms of Service

Last Updated: September 25, 2025

If you signed a separate Cover Page to access the Product with the same account, and that agreement has not ended, the terms below do not apply. Instead, your separate Cover Page applies to your use of the Product.

This Agreement is between SealedNote Inc. (the Provider) and the company or person accessing or using the Product (the Customer). This Agreement consists of (1) this Cover Page (Order Form + Key Terms) and (2) the Framework Terms defined below.

If you are accessing or using the Product on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company. By signing up, accessing, or using the Product, Customer accepts this Agreement.

Order Form

Framework Terms. This Cover Page incorporates and is governed by the Framework Terms made up of the Key Terms below and the Common Paper Cloud Service Agreement Standard Terms v2.1 (the Standard Terms), which are incorporated by reference: https://commonpaper.com/standards/cloud-service-agreement/2.1/. Any modifications to the Standard Terms made in this Cover Page control over any conflict with the Standard Terms. Capitalized terms have the meanings given in this Cover Page or the Standard Terms.

Cloud Service. SealedNote is an anonymous feedback platform with optional end‑to‑end encryption for messages. Key features include AI‑assisted guidance for constructive feedback, configurable filtering, optional auto‑deletion of filtered comments, and sender privacy controls. Encryption boundary. When enabled, messages are encrypted client‑side to recipients’ public keys; Provider does not possess the private keys. AI filtering. If Customer enables AI filtering, message content may be sent to third‑party model providers for classification as described in Appendix A (Security & Encryption Summary). Customer is responsible for configuring features consistent with its privacy requirements.

Order Date. The Effective Date.

Subscription Period.

  • Free Tier: No fixed subscription period; terminable at will per the Standard Terms.
  • Paid Tiers (if selected): 1 month, auto‑renewing unless terminated per Non‑Renewal Notice Period below.

Cloud Service Fees.

  • Free Tier: $0.
  • Paid Tiers (if selected): As listed on Provider’s pricing page: https://www.sealednote.com/pricing. Provider may update paid pricing with at least 30 days’ notice (including by email or within the Product). Price changes apply in the next Subscription Period. Fees are inclusive of taxes unless the invoice states otherwise.

Payment Process (applies only to paid tiers). Customer authorizes Provider to charge the payment method on file monthly for immediate payment without further approval.

Non‑Renewal Notice Period (paid tiers only). At least 30 days before the end of the then‑current Subscription Period.

Service Levels. No uptime/service‑credit commitment for the Free Tier. Any paid‑tier SLAs will be stated (if applicable) on the pricing page and are incorporated by reference.

Security Policy; AUP; Subprocessors. The Security & Encryption Summary (Appendix A), Acceptable Use Policy (Appendix B), and Subprocessors List (Appendix C) are incorporated by reference and form part of the Framework Terms.

Key Terms

Customer. The company or person who accesses or uses the Product. If the person accepting this Agreement does so on behalf of a company, all references to Customer mean that company.

Provider. SealedNote Inc.

Effective Date. The date Customer first accepts this Agreement.

Governing Law. The laws of the State of Delaware, USA, without regard to conflict‑of‑laws principles.

Chosen Courts. The state or federal courts located in Delaware, and the parties consent to their exclusive jurisdiction and venue except where prohibited by applicable law for consumers.

Covered Claims.

  • Provider Covered Claims. Any action, proceeding, or claim that the Cloud Service, when used by Customer according to the Agreement, violates, misappropriates, or infringes another party’s intellectual property or proprietary rights.
  • Customer Covered Claims. Any action, proceeding, or claim (1) that the Customer Content, when used according to the Agreement, violates, misappropriates, or infringes another party’s intellectual property or proprietary rights; or (2) arising from Customer’s breach or alleged breach of Section 2.1 (Restrictions on Customer) of the Standard Terms or Appendix B (AUP).

General Cap Amount (modifies Standard Terms). The greater of (a) $100 and (b) the fees paid or payable by Customer to Provider in the 12‑month period immediately before the event giving rise to the claim. The exclusions and carve‑outs in the Standard Terms (e.g., for uncapped indemnity obligations specified therein) still apply.

Notice Address.

  • Provider: notices@sealednote.com and SealedNote Inc..
  • Customer: The primary email address on Customer’s account. Customer agrees that in‑product and email notices constitute written notice.

Age Requirement. The Product is not intended for use by individuals under 16. Customer represents that all end users are at least 16 years old (or the minimum age required by local law, if higher).

Publicity. Provider may not use Customer’s name or marks without Customer’s prior written consent, except to identify Customer’s account in administrative contexts.

Appendix A — Security & Encryption Summary

This Appendix describes the Product’s security and data‑handling at a high level. It supplements the Standard Terms and controls over any conflict with marketing materials.

Data Minimization

We do not intentionally collect or store: account profile data (unless provided by Customer), device fingerprints, behavioral tracking or session data, third‑party analytics, or sender identification data. We do not store IP addresses in our application databases.

We do process minimal metadata necessary to provide the Service:

  • Timestamps for database records.
  • Ephemeral rate‑limit counters (cleared every ~60 seconds).
  • Recipients’ public keys for encryption.
  • Workspace configuration (e.g., filtering preferences, notification email addresses).

Network and hosting telemetry. Our hosting and CDN providers may temporarily process IP addresses and similar connection data for routing, delivery, and abuse mitigation. Provider does not retain or reidentify this telemetry.

Encryption & Key Management

  • End‑to‑end hybrid encryption (RSA‑OAEP + AES‑GCM) is available; private keys are generated and remain client‑side.
  • Transit encryption via TLS 1.3.
  • Encrypted payload storage: ciphertext is stored server‑side when E2EE is enabled; Provider cannot decrypt without Customer‑held keys.

AI Filtering (Optional)

If enabled by Customer, message content may be transmitted to third‑party AI model providers for classification and coaching. Such processing occurs transiently and is not used by Provider for advertising or profiling. See Appendix C (Subprocessors) for current providers. Customer can disable AI filtering to avoid this processing.

Retention & Deletion

  • Messages: retained until Customer deletes them or closes the account.
  • Abuse/security logs: retained up to 30 days.
  • Deletion window: within 7 days of a verified deletion request, subject to standard backup latency.

Security Practices

  • SOC 2‑aligned controls via hosting providers; periodic access reviews; least‑privilege access; encrypted backups.
  • No sale or sharing of personal information.
  • Data locality as provided by hosting/CDN; Customer should not upload regulated data (e.g., PHI, PCI) without a separate written agreement.

Appendix B — Acceptable Use Policy

To keep the Service safe and lawful, Customer and its end users must not:

  • Post content that is unlawful, infringing, defamatory, harassing, hateful, or that discloses others’ personal or confidential information (including doxxing).
  • Upload malware, attempt to exploit, probe, or disrupt the Service or others’ systems, or bypass security or rate limits.
  • Use the Service for spam, scams, or deceptive activity.
  • Use the Service to report emergencies or imminent threats. The Service is not a crisis hotline or emergency service. Call local emergency services instead.

Enforcement. Provider may remove content, throttle functionality, or suspend or terminate access for violations. Provider does not undertake an obligation to monitor content but may do so at its discretion. Customer is responsible for end‑user conduct.

Notice/Takedown. Report suspected violations to abuse@sealednote.com. Provider may disable or remove content at its discretion and will, where feasible, notify Customer.

Appendix C — Subprocessors

Current third‑party subprocessors used to provide the Service:

  • Vercel (hosting/CDN; global) — connection handling and static asset delivery.
  • Supabase (managed Postgres and auth; US/EU regions) — database and storage.
  • Postmark (email delivery; US/EU) — transactional notifications; no message body content.
  • OpenRouter (AI processing gateway; region per provider) — optional AI filtering/classification when enabled.

Provider may update this list from time to time by posting an updated version not less than 30 days before the change takes effect (except for urgent replacements for security or continuity). Customer may object per the Standard Terms.

Questions about our terms? Contact us at support@sealednote.com