Terms and Conditions

Effective 1 March 2026

Welcome to Glassbreak. These Terms and Conditions ("Terms") govern your access to and use of the Glassbreak platform, website, and related services (collectively, the "Service") operated by Glassbreak ("we", "us", "our"). By creating an account or using the Service, you agree to be bound by these Terms. If you do not agree, you must not use the Service.

1. Overview

Glassbreak is a break-glass emergency access platform for securely storing, encrypting, and distributing access to sensitive information including credentials, secrets, and crisis communications. Secrets are encrypted on your device using AES-256 encryption before transmission to our infrastructure. Neither Glassbreak nor any of our infrastructure providers has access to your unencrypted content.

2. Eligibility

You must be at least 16 years old to use Glassbreak. If you are using the Service on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to these Terms. By using the Service, you confirm that you meet these requirements.

3. Accounts and Security

To access the Service, you must create an account with a valid email address and a strong password. You are responsible for:

  • Maintaining the confidentiality of your account credentials and encryption keys
  • All activity that occurs under your account
  • Enabling and maintaining multi-factor authentication (MFA) where required by your organisation's policy
  • Promptly notifying us at security@glassbreak.io if you suspect unauthorised access to your account

We support TOTP authenticator apps, WebAuthn/FIDO2 hardware keys, and recovery codes as MFA methods. Your organisation administrator may require MFA for all members.

4. Teams and Organisations

Users can create or join organisations and teams. Teams manage shared access to encrypted secrets, contacts, and communications. Team administrators control membership, roles, and permissions. You are responsible for selecting trusted team members and managing access controls appropriately.

5. Service Plans and Pricing

Glassbreak offers the following service tiers:

  • Free — limited usage at no cost (1 team, 5 members, 10 secrets)
  • Standard — $20 per user per month (or $200 per user per year), billed via Stripe, with unlimited teams, secrets, and advanced features
  • Premium — custom-priced for enterprise needs, including SLA, SSO/SAML, priority support, and extended audit log retention

Charges are non-refundable once the billing period begins, except as required by applicable law. We reserve the right to change pricing with 30 days' prior notice. Current pricing is available on our pricing page.

6. Infrastructure and Security

The Service operates across multiple independent cloud providers for resilience:

  • AWS — S3 static hosting, Lambda API compute
  • Scaleway — Object Storage, serverless Functions, Managed Database
  • Fastly & Bunny — Dual-CDN edge delivery with automatic failover
  • Neon & Scaleway DB — Independent PostgreSQL databases per API vertical
  • Route 53 & DNSimple — Dual-provider authoritative DNS

Encryption is handled on your device using AES-256 for secrets, RSA-4096 for key exchange, and Kyber1024 for post-quantum key encapsulation. We do not store decryption keys in any accessible form. All data is encrypted in transit (TLS) and at rest.

7. No Access to Secrets — Zero-Knowledge Architecture

Glassbreak operates a zero-knowledge architecture. We do not access, process, or store decrypted user secrets at any point. Encryption and decryption occur exclusively on your device. Our servers store only encrypted ciphertext and encrypted key material.

You are solely responsible for:

  • Safeguarding your encryption keys, passwords, and recovery codes
  • Managing access controls, team membership, and role-based permissions
  • Selecting and vetting trusted team members who receive access to shared secrets
  • Maintaining independent backups of critical information outside the Service

YOU ACKNOWLEDGE AND ACCEPT THAT IF YOU LOSE ACCESS TO YOUR ENCRYPTION KEYS, PASSWORDS, AND RECOVERY CODES, YOUR ENCRYPTED DATA WILL BE PERMANENTLY AND IRREVERSIBLY INACCESSIBLE. GLASSBREAK CANNOT RECOVER, RESET, OR RECONSTRUCT YOUR ENCRYPTION KEYS UNDER ANY CIRCUMSTANCES. This is a fundamental and intentional property of our security architecture. No Glassbreak employee, system, process, or infrastructure provider can decrypt your data on your behalf.

You expressly waive any claim against Glassbreak for data loss resulting from lost, forgotten, or compromised encryption keys or recovery codes. It is your responsibility to store recovery codes securely and separately from your primary credentials.

8. Acceptable Use

You agree not to use the Service to:

  • Store or transmit content that is illegal, harmful, threatening, defamatory, or infringing on third-party rights
  • Store, transmit, or distribute child sexual abuse material (CSAM) or any content depicting the exploitation or abuse of minors
  • Store or transmit content that promotes, incites, or facilitates terrorism, violent extremism, or radicalisation
  • Store or transmit stolen data, credentials, or personally identifiable information obtained without authorisation
  • Facilitate or engage in human trafficking, exploitation, or modern slavery
  • Store, distribute, or facilitate the sale of illegal drugs, weapons, or controlled substances
  • Use the Service to facilitate money laundering, terrorism financing, sanctions evasion, tax evasion, or other financial crimes
  • Circumvent, disable, or interfere with security features or access controls
  • Attempt to gain unauthorised access to the Service, other accounts, or connected systems
  • Reverse-engineer, decompile, or disassemble any part of the Service
  • Transmit viruses, malware, or other malicious code
  • Use automated systems (bots, scrapers) to access the Service without prior written consent
  • Resell, sublicense, or redistribute access to the Service without authorisation

9. Illegal Content and Reporting

Glassbreak has a zero-tolerance policy for illegal content. While we cannot inspect encrypted content stored on the Service, we will act on credible reports and legal orders.

If we receive a valid legal order, court order, or law enforcement request requiring action on an account, we will comply to the extent required by applicable law. This may include suspension or termination of accounts and disclosure of unencrypted account metadata (but not encrypted content, which we cannot decrypt).

If you become aware of illegal content or activity on the Service, report it to abuse@glassbreak.io. We will investigate and take appropriate action, which may include account suspension, termination, and referral to law enforcement.

Accounts found to be in violation of these provisions will be terminated immediately without notice or refund. We reserve the right to cooperate fully with law enforcement authorities and to comply with court orders requesting or directing disclosure of account information.

10. Intellectual Property

The Service, including its design, code, branding, documentation, and all related intellectual property, is owned by Glassbreak and protected by copyright, trademark, and other intellectual property laws. You are granted a limited, non-exclusive, non-transferable, revocable licence to use the Service in accordance with these Terms.

You retain ownership of all content you upload to the Service. By uploading content, you grant us only the technical permissions necessary to store and transmit your encrypted data as part of operating the Service.

11. Availability and Service Levels

We strive to maintain high availability using geographically isolated, multi-cloud infrastructure. However, except where a separate Service Level Agreement (SLA) has been executed for Premium customers:

  • We do not guarantee uninterrupted or error-free operation of the Service
  • We may perform scheduled maintenance with reasonable advance notice
  • We may temporarily suspend the Service for emergency maintenance or security incidents

12. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

Without limiting the foregoing, we do not warrant that:

  • The Service will meet your specific requirements
  • The Service will be uninterrupted, timely, secure, or error-free
  • Any errors in the Service will be corrected
  • The Service will be compatible with any particular hardware or software

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL GLASSBREAK, ITS DIRECTORS, EMPLOYEES, PARTNERS, AGENTS, SUPPLIERS, OR AFFILIATES BE LIABLE FOR:

  • Any indirect, incidental, special, consequential, or punitive damages
  • Any loss of profits, revenue, data, goodwill, or business opportunity
  • Any damages arising from your use of or inability to use the Service
  • Any data loss due to loss of encryption keys, mismanagement of team permissions, or failure to maintain backups
  • Any outages or performance degradation due to third-party provider failures
  • Any unauthorised access resulting from your failure to secure your credentials

OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID US IN THE 12 MONTHS PRECEDING THE CLAIM, OR (B) AUD $100.

Nothing in these Terms excludes or limits liability that cannot be excluded or limited under applicable law, including liability for fraud, death, or personal injury caused by negligence, or any rights you have under the Australian Consumer Law.

14. Indemnification

You agree to indemnify, defend, and hold harmless Glassbreak and its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or related to:

  • Your use of the Service or any activity under your account
  • Your breach of these Terms or any applicable law or regulation
  • Your violation of any third-party rights, including intellectual property or privacy rights
  • Content you store, transmit, or make available through the Service
  • Your failure to maintain adequate security of your account credentials, encryption keys, or recovery codes
  • Claims by your team members, employees, or end users arising from your use of the Service

This indemnification obligation survives termination of your account and these Terms.

15. Indemnification in Event of Service Failure

In the event of a failure, outage, or data loss attributable solely to Glassbreak's negligence or wilful misconduct (and not to third-party provider failures, force majeure events, or user error):

  • Free tier users— Glassbreak's sole obligation shall be to use commercially reasonable efforts to restore the Service. No financial compensation is provided.
  • Standard tier users— Glassbreak will provide a pro-rata service credit for the period of unavailability, applied to future invoices. Total credits in any 12-month period shall not exceed one month's subscription fees.
  • Premium tier users — remedies are governed by the applicable Service Level Agreement (SLA) executed between the parties, which may include enhanced credits, response time commitments, and escalation procedures.

In all cases, Glassbreak's liability for service failures is subject to the limitations set out in section 13 (Limitation of Liability). Service credits are your sole and exclusive remedy for downtime or service degradation unless a separate SLA provides otherwise.

Glassbreak is not liable for any inability to decrypt or recover data, as decryption keys are held exclusively by users and are never transmitted to or stored by Glassbreak in decrypted form.

16. Termination

By you: You may terminate your account at any time from your account settings. Upon termination, your encrypted data will be scheduled for deletion in accordance with our data retention policy.

By us: We reserve the right to suspend or terminate your account immediately and without prior notice for:

  • Material breach of these Terms
  • Activity that threatens the security or integrity of the Service
  • Unlawful use or suspected fraud
  • Non-payment of applicable fees after reasonable notice

Upon termination, your right to use the Service ceases immediately. We will retain your data for a reasonable period (up to 90 days) to allow for data export, after which it will be permanently deleted. Sections 9, 10, 12, 13, 14, 15, 19, and 20 survive termination.

17. Data Portability and Export

You may export your data at any time through the Service's export functionality, where available. Upon written request to legal@glassbreak.io, we will provide your personal data (excluding encrypted content we cannot decrypt) in a structured, machine-readable format within 30 days.

18. Force Majeure

Neither party shall be liable for any failure or delay in performance resulting from causes beyond its reasonable control, including but not limited to: acts of God, natural disasters, pandemic, war, terrorism, government actions, power failures, internet or telecommunications failures, cyberattacks, or failures of third-party cloud infrastructure providers. During any such event, the affected party's obligations are suspended for the duration of the event.

19. Modifications to Terms

We may modify these Terms from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 14 days before taking effect. If you do not agree to the updated Terms, you must stop using the Service and close your account before the changes take effect. Continued use after the effective date constitutes acceptance.

20. Dispute Resolution

In the event of any dispute arising from or relating to these Terms or the Service, the parties agree to first attempt to resolve the dispute in good faith through informal negotiation for a period of at least 30 days. If the dispute cannot be resolved informally, it shall be submitted to mediation under the rules of the Australian Disputes Centre (ADC) before either party may commence court proceedings.

21. Governing Law and Jurisdiction

These Terms are governed by and construed in accordance with the laws of New South Wales, Australia. Subject to the dispute resolution process in section 20, any legal proceedings shall be brought exclusively in the courts of New South Wales, Australia. Nothing in these Terms limits your rights under the Australian Consumer Law or any other mandatory consumer protection legislation.

22. Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the parties' original intent.

23. Entire Agreement

These Terms, together with the Privacy Policy and any applicable Service Level Agreement, constitute the entire agreement between you and Glassbreak regarding the Service. These Terms supersede all prior agreements, understandings, and representations, whether written or oral.

24. Contact

For legal inquiries or support:
Legal: legal@glassbreak.io
Security: security@glassbreak.io
General support: support@glassbreak.io

By using Glassbreak, you acknowledge that you have read, understood, and agree to be bound by these Terms and Conditions.

Stay Updated

Get product updates and security insights. No spam, unsubscribe anytime.

We respect your privacy. See our privacy policy.