SafeDisk

Terms of Service

Terms and conditions for using SafeDisk

Last Updated: April 11, 2026

These Terms of Service ("Terms," "Agreement") constitute a legally binding agreement between you ("User," "you," "your") and Afina Systems Spółka z ograniczoną odpowiedzialnością (KRS: 0000884244, NIP: 5252852337, REGON: 388239950, VAT ID: PL5252852337), a company organized under the laws of the Republic of Poland, with its registered office at ul. Senatorska 2, 00-075 Warszawa, Poland ("SafeDisk," "Company," "we," "us," "our"), governing your access to and use of the SafeDisk software application, web management panel, associated services, and any updates thereto (collectively, the "Service").

BY INSTALLING, ACCESSING, OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS IN THEIR ENTIRETY. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT INSTALL OR USE THE SERVICE.

If you are using the Service on behalf of an organization, you represent and warrant that you have authority to bind that organization to these Terms.

1. Definitions

"Encrypted Container" means a virtual disk file (VHDX on Windows, sparsebundle on macOS) created by the Service for the purpose of encrypted data storage on your local device.

"Master Password" means the primary user-defined passphrase used to derive access to an Encrypted Container's decryption key.

"Backup Password" (also referred to as "Double Safe Password" or "Shadow Password") means an optional secondary user-defined passphrase that unlocks a separate, independent encrypted storage slot within the same disk configuration.

"Device Key" means the RSA-4096 cryptographic key pair generated on your device upon first use, used for secure transport of disk encryption keys between the Service infrastructure and your device.

"Disk Encryption Key" means the cryptographic key generated server-side and used by the operating system's native encryption subsystem (BitLocker on Windows; hdiutil AES-256 on macOS) to encrypt and decrypt the contents of an Encrypted Container.

"Web Panel" means the browser-based management interface available at app.safedisk.app.

"Subscription Plan" means the tier of Service to which you subscribe (Lite, Standard, or Business), each providing different feature access and storage allocations.

"Trusted Person" means an individual designated by the User to receive notifications about and, where applicable, intervene in certain account recovery processes.

"Organization" means a business entity account that manages multiple User accounts under administrative policies.

2. Service Description

2.1 Core Functionality

SafeDisk is data protection software that enables Users to create Encrypted Containers on their local computers. The Service provides:

2.2 Platform Requirements

The Service operates on supported versions of Microsoft Windows (with BitLocker capability) and Apple macOS (Intel and ARM64 architectures). The encryption of Encrypted Containers relies on operating system-provided encryption subsystems. SafeDisk does not implement its own block-level cipher; rather, it orchestrates the native encryption tools provided by the underlying operating system.

2.3 Network Dependency

The Service requires an active internet connection to function. Disk Encryption Keys are generated server-side, encrypted with your Device Key, and delivered to your device via our API. Authentication, Master Password validation, Disk Encryption Key retrieval, and subscription verification all require connectivity to SafeDisk servers. You will not be able to create, mount, or unlock Encrypted Containers without an active internet connection to SafeDisk servers.

3. Zero-Knowledge Architecture and Its Limitations

3.1 What We Do Not Store in Plaintext

Your Master Password and Backup Password are never stored in plaintext on our servers. Passwords are validated using Argon2id cryptographic hashing. The Disk Encryption Key is encrypted with your device's RSA-4096 public key before delivery and can only be decrypted by the private key stored on your device.

3.2 What We Do Store

To provide the Service, we store the following data on our servers:

3.3 Limitation of Zero-Knowledge

While we cannot decrypt your files, our servers are involved in password validation, key delivery, and access control. This architecture means: (a) we can enforce the 14-day Master Password Recovery process; (b) Organization administrators can lock disks and suspend members; (c) Trusted Persons can block recovery and initiate emergency locks. These features exist by design to provide account security and organizational control, and you consent to their operation by using the Service.

4. User Responsibilities

4.1 Password Management

YOU ARE SOLELY AND ENTIRELY RESPONSIBLE FOR THE CREATION, MEMORIZATION, AND SAFEKEEPING OF YOUR MASTER PASSWORD(S) AND BACKUP PASSWORD(S). SafeDisk personnel cannot retrieve, reset, or bypass your Master Password or Backup Password. If you lose your password, the only mechanism available is the Master Password Recovery process described in Section 6, which is subject to a mandatory 14-day waiting period and additional verification requirements.

You acknowledge and agree that:

(a) There is no "forgot password" shortcut for Master Passwords. The recovery process is deliberately slow and restrictive by design for security purposes.

(b) Password strength is your responsibility. While the Service enforces minimum password requirements (minimum 8 characters with a complexity score of at least 3 out of 4), these are minimum thresholds only. Choosing a weak password within these parameters increases your risk.

(c) No key escrow exists. Neither SafeDisk nor any third party maintains a backup copy of your Disk Encryption Keys in a form that can be used to bypass your Master Password.

(d) Device Key loss is catastrophic. If the Device Key stored on your computer is lost (due to operating system reinstallation, hardware failure, corruption of local application data, or any other cause), you will not be able to decrypt Disk Encryption Keys delivered for that device. You must re-register the device and initiate Master Password Recovery to regain access.

4.2 Account Security

You are responsible for:

4.3 Data Backup

SAFEDISK IS NOT A BACKUP SERVICE. The Service creates encrypted storage containers on your local device. SafeDisk does not replicate, back up, or store your files on remote servers. You are solely responsible for maintaining independent backups of any data stored within Encrypted Containers. We strongly recommend maintaining regular backups of critical data in a separate, independent system.

4.4 System Environment

You acknowledge that the proper functioning of the Service depends on factors outside SafeDisk's control, including but not limited to:

5. Registration, Authentication, and Two-Factor Authentication

5.1 Account Creation

To use the Service, you must create an account with a valid email address and a password meeting the minimum requirements (minimum 12 characters, including uppercase, lowercase, digits, and special characters). Email verification is required before account activation. We perform password breach checks (Have I Been Pwned) during registration to protect against compromised credentials.

5.2 Two-Factor Authentication (2FA)

The Service supports the following two-factor authentication methods:

Two-factor authentication is mandatory for certain operations, including Master Password Recovery and desktop application authentication. Your Organization may require 2FA for all operations.

Important: Master Password Recovery (Section 6) requires a TOTP code specifically — FIDO2 hardware keys and backup codes are not accepted for recovery. You are strongly encouraged to keep TOTP enabled even if you primarily use a hardware security key.

Upon enabling TOTP, you will receive 10 single-use backup codes. Backup codes may be used for emergency login but are not accepted for Master Password Recovery. You are responsible for storing these backup codes securely. Lost backup codes combined with loss of your 2FA device may result in permanent account lockout.

5.3 Sessions and Devices

Each login creates a session bound to your IP address and user-agent fingerprint. Access tokens expire after 15 minutes; refresh tokens expire after 7 days. You may review and revoke active sessions at any time through the Web Panel. Each device is registered with a unique RSA-4096 key pair. You may have multiple registered devices.

6. Master Password Recovery Process

6.1 Overview

If you forget your Master Password, you may initiate a recovery process. This process takes a minimum of 14 calendar days by design and is subject to the following conditions:

(a) You must authenticate with your account password and a valid TOTP code from your authenticator application. Backup codes are not accepted for recovery.

(b) Upon initiation, the Encrypted Container becomes inaccessible through the desktop application for the full 14-day period.

(c) All designated Trusted Persons are notified of the recovery request.

(d) Any Trusted Person may block the recovery at any time during the 14-day period, which cancels the process entirely.

(e) After 14 days, completion requires your account password, a valid TOTP code, and email confirmation (triple verification).

(f) Upon completion, you may set a new Master Password. The underlying Disk Encryption Key remains unchanged.

6.2 Risks and Limitations

You acknowledge and agree that:

7. Double Safe (Backup Password) Feature

7.1 Description

The Double Safe feature allows creation of a secondary encrypted storage slot associated with the same disk, accessible via a separate Backup Password. Each slot uses an independently generated Disk Encryption Key. The primary storage slot and the Double Safe slot are cryptographically independent.

7.2 User Acknowledgments

By using Double Safe, you acknowledge and agree that:

(a) Each slot has an independent password. Losing the Backup Password results in permanent loss of access to the Double Safe slot, subject only to the recovery process in Section 6.

(b) SafeDisk makes no representations regarding the legal implications of using Double Safe, including but not limited to any obligation you may have to disclose the existence of hidden storage under applicable laws or court orders. You are solely responsible for understanding and complying with the laws of your jurisdiction.

(c) Improper use of Double Safe (including but not limited to storing illegal materials, obstructing legal investigations, or violating court orders) is your sole responsibility and may expose you to legal liability under applicable law.

(d) Organization administrators may disable Double Safe for members under their Organization's security policies.

8. Subscriptions, Payments, and Service Continuity

8.1 Subscription Plans

Access to SafeDisk features is provided based on your chosen Subscription Plan. The current plans, pricing, and feature comparison are available at https://safedisk.app/#pricing. SafeDisk reserves the right to modify plan pricing and features with at least 30 days' prior notice to active subscribers. Changes to pricing will not affect your current billing period.

8.2 Free Trial

We offer a one-time 7-day free trial per account. No payment information is required to start a trial. The trial provides access to all features. The trial may be converted to a paid subscription at any time during or after the trial period.

8.3 Auto-Renewal and Cancellation

Subscriptions renew automatically at the end of each billing period unless canceled prior to the renewal date. You may cancel your subscription at any time through the billing portal. Cancellation takes effect at the end of the current billing period.

8.4 Refund Policy

You may request a refund within 7 days of your initial purchase if the Service is incompatible with your system or fails to perform its stated functions as described in Section 2. Refund requests must be submitted to support@safedisk.app with a description of the issue. Refunds are not available for subsequent billing periods, changes of mind, forgotten passwords, or data loss.

8.5 Grace Period and Data Retention After Expiry

THIS SECTION CONTAINS CRITICAL INFORMATION ABOUT DATA DELETION.

Upon subscription expiry or non-payment:

(a) Grace Period (7 days): You retain limited access to the Service for 7 calendar days. You will receive notifications at days 0, 3, 5, and 7.

(b) Blocked Status: After the grace period expires, your account is blocked. You cannot authenticate, mount, or access Encrypted Containers through the Service. Your local Encrypted Container files remain on your device but are inaccessible without the Service.

(c) Data Deletion Warning: You will receive warnings at approximately 60 and 83 days after your account is blocked.

(d) Permanent Data Deletion (90 days after block): Ninety (90) calendar days after your account enters blocked status, all server-side data associated with your disks is permanently and irrevocably deleted, including Disk Encryption Key records, disk metadata, Trusted Person associations, and pending commands. Your user account record is preserved to allow re-subscription, but no disk data can be recovered after this deletion.

(e) Local files are not affected by server-side deletion. However, without the Disk Encryption Keys (which are deleted from our servers), the Encrypted Containers on your local device will be permanently inaccessible.

YOU ARE SOLELY RESPONSIBLE FOR EXPORTING, BACKING UP, OR MIGRATING YOUR DATA BEFORE YOUR SUBSCRIPTION EXPIRES. SafeDisk shall not be liable for any data loss or inaccessibility resulting from subscription expiry, non-payment, or the subsequent data deletion process.

9. Organization Accounts and Administrative Controls

9.1 Organization Administrator Powers

If you use the Service under an Organization account, you acknowledge that Organization administrators (super_admin and admin roles) have the following capabilities:

9.2 Member Acknowledgments

If you are a member of an Organization, you acknowledge and agree that:

(a) Your Organization's administrator may restrict, suspend, or terminate your access at any time.

(b) Organization policies may override your individual preferences regarding password requirements, 2FA, session management, and feature access.

(c) Upon removal from an Organization, your disk data may be deleted according to the Organization's data retention policy, which may be immediate.

(d) SafeDisk is not responsible for administrative actions taken by your Organization's administrators. Disputes regarding administrative actions are between you and your Organization.

10. Trusted Persons

10.1 Description

Standard and Business plan Users may designate up to three (3) Trusted Persons. A Trusted Person may:

10.2 User Acknowledgments

By designating Trusted Persons, you acknowledge and agree that:

(a) A Trusted Person can block your own recovery attempt and can lock your disks, potentially preventing your access to your own data.

(b) You are solely responsible for your choice of Trusted Persons and for managing (including revoking) these designations.

(c) SafeDisk is not liable for any action or inaction taken by a Trusted Person, including but not limited to wrongful recovery blocking, unauthorized emergency locking, or failure to act.

11. Use Restrictions

11.1 Prohibited Uses

You agree not to use the Service for:

(a) Storing, transmitting, or distributing any material that violates the laws of your jurisdiction or the jurisdiction in which SafeDisk operates (Republic of Poland / European Union).

(b) Attempting to decompile, reverse-engineer, disassemble, or otherwise derive the source code of the SafeDisk software, except to the extent expressly permitted by applicable law (including but not limited to EU Directive 2009/24/EC).

(c) Circumventing, disabling, or interfering with any licensing, subscription verification, or security mechanism of the Service.

(d) Reselling, sublicensing, or providing access to the Service to third parties without prior written consent from SafeDisk.

(e) Using the Service in any manner that could impair, overburden, or compromise the integrity of SafeDisk's servers or infrastructure.

(f) Using automated tools (bots, scrapers, etc.) to access the Service or its API without prior written authorization.

11.2 Compliance with Laws

You are solely responsible for ensuring that your use of the Service, including the data you store within Encrypted Containers, complies with all applicable local, national, and international laws and regulations, including but not limited to export control laws, data protection regulations, and any legal obligations to disclose encrypted data.

12. Intellectual Property

12.1 Ownership

SafeDisk, including its design, source code, user interface, logos, trademarks, proprietary technologies (including Double Safe), documentation, and all related intellectual property, is the exclusive property of Afina Systems Spółka z ograniczoną odpowiedzialnością and is protected by copyright, trademark, trade secret, and other intellectual property laws of the Republic of Poland, the European Union, and international treaties.

12.2 License Grant

Subject to your compliance with these Terms and payment of applicable fees, SafeDisk grants you a limited, non-exclusive, non-transferable, revocable license to install and use the Service on devices you own or control, solely for your personal or internal business use in accordance with your Subscription Plan.

12.3 Restrictions

This license does not include the right to: (a) modify, adapt, or create derivative works of the Service; (b) distribute, sell, lease, or sublicense the Service; (c) use the Service to develop a competing product; or (d) remove, alter, or obscure any proprietary notices in the Service.

13. Privacy and Data Processing

13.1 Data Collection

We collect and process the data described in Section 3.2. We also collect:

13.2 Data Processing Basis

We process your data on the following legal bases under the General Data Protection Regulation (GDPR):

13.3 Third-Party Processors

13.4 Data Subject Rights

Under the GDPR, you have the right to access, rectify, erase, restrict processing of, and port your personal data, as well as to object to processing and to withdraw consent. To exercise these rights, contact us at support@safedisk.app. Note that deletion of your account will result in the permanent loss of access to your Encrypted Containers as described in Section 8.5.

13.5 Data Retention

14. Disclaimer of Warranties

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. SafeDisk expressly disclaims all warranties, including but not limited to:

(a) IMPLIED WARRANTIES of merchantability, fitness for a particular purpose, title, and non-infringement.

(b) WARRANTIES REGARDING RELIABILITY — SafeDisk does not warrant that the Service will be uninterrupted, error-free, secure, or free from viruses or other harmful components.

(c) WARRANTIES REGARDING COMPATIBILITY — SafeDisk does not warrant that the Service will function correctly with all operating system versions, configurations, hardware, or third-party software, including but not limited to antivirus software, disk management utilities, virtualization platforms, or other encryption software.

(d) WARRANTIES REGARDING DATA INTEGRITY — SafeDisk does not warrant that data stored within Encrypted Containers will remain intact, uncorrupted, or recoverable under all circumstances. Encrypted Container integrity depends on factors entirely outside SafeDisk's control, including but not limited to storage media health, operating system stability, proper shutdown procedures, power supply reliability, and the integrity of the underlying encryption subsystem (BitLocker or hdiutil).

(e) WARRANTIES REGARDING ENCRYPTION STRENGTH — SafeDisk relies on operating system-provided encryption (BitLocker and hdiutil/APFS encryption). SafeDisk does not warrant the absolute security of these encryption implementations and is not responsible for vulnerabilities, bugs, or weaknesses in the operating system's encryption subsystem discovered after the date of this Agreement or otherwise.

(f) WARRANTIES REGARDING PASSWORD RECOVERY — SafeDisk does not warrant that the Master Password Recovery process will be available, successful, or completed within any specific timeframe. The recovery process depends on server availability, 2FA device availability, Trusted Person actions, and subscription status.

15. Limitation of Liability

15.1 Exclusion of Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL SAFEDISK, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, AFFILIATES, OR LICENSORS BE LIABLE FOR ANY:

(a) INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, including but not limited to loss of profits, loss of data, loss of business opportunities, loss of goodwill, or cost of procurement of substitute services, arising out of or relating to the Service, regardless of the cause of action or theory of liability (whether in contract, tort, negligence, strict liability, or otherwise), even if SafeDisk has been advised of the possibility of such damages.

(b) DIRECT OR INDIRECT DATA LOSS, including but not limited to:

(c) DAMAGES ARISING FROM THE DOUBLE SAFE FEATURE, including but not limited to legal consequences of hidden storage use, data loss in either storage slot, or inability to access either slot due to password loss.

15.2 Cap on Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SAFEDISK'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED THE LESSER OF: (A) THE TOTAL AMOUNT PAID BY YOU TO SAFEDISK IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED EUROS (EUR 100.00).

15.3 Essential Basis

The disclaimers, exclusions, and limitations in Sections 14 and 15 are an essential basis of the bargain between you and SafeDisk. SafeDisk would not provide the Service without these limitations. You acknowledge that the subscription fees reflect this allocation of risk.

15.4 Jurisdictional Limitations

Some jurisdictions (including certain EU member states) do not allow the exclusion or limitation of certain warranties or liabilities. In such jurisdictions, SafeDisk's liability shall be limited to the greatest extent permitted by applicable law. Nothing in these Terms excludes or limits liability for (a) death or personal injury caused by negligence, (b) fraud or fraudulent misrepresentation, or (c) any liability that cannot be excluded or limited under applicable mandatory law.

16. Indemnification

You agree to indemnify, defend, and hold harmless SafeDisk, its directors, officers, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:

(a) Your use of the Service, including any data stored within Encrypted Containers.

(b) Your violation of these Terms or any applicable law or regulation.

(c) Your negligence or willful misconduct, including but not limited to failure to safeguard passwords, failure to maintain backups, or failure to maintain adequate system security.

(d) Any third-party claim arising from your use of the Double Safe feature.

(e) Any claim by a member, employee, or third party arising from your exercise of Organization administrative powers.

17. Service Availability and Modifications

17.1 Availability

SafeDisk will use commercially reasonable efforts to maintain Service availability. However, the Service may be temporarily unavailable due to scheduled maintenance, unscheduled maintenance, infrastructure failures, or force majeure events. During any period of Service unavailability, you will be unable to create, mount, or unlock Encrypted Containers. SafeDisk shall not be liable for any damages resulting from Service unavailability.

17.2 Modifications

SafeDisk reserves the right to modify, update, or discontinue any aspect of the Service at any time. Material changes that reduce functionality available under your current Subscription Plan will be communicated with at least 30 days' notice. Continued use of the Service after such changes constitutes acceptance of the modified terms.

17.3 Discontinuation

In the event that SafeDisk discontinues the Service entirely, we will provide at least 90 days' advance notice and make commercially reasonable efforts to provide Users with tools or instructions to export or decrypt their data. However, SafeDisk does not guarantee that decryption without the Service will be possible, as the Encrypted Containers depend on operating system-native encryption tools and SafeDisk-managed key infrastructure.

18. Termination

18.1 Termination by User

You may terminate your account at any time by requesting account deletion through the Web Panel or by contacting support@safedisk.app. Account termination results in immediate and permanent deletion of all server-side data associated with your account, including Disk Encryption Keys. This action is irreversible and will render all Encrypted Containers permanently inaccessible.

18.2 Termination by SafeDisk

We reserve the right to suspend or terminate your access to the Service, with or without notice, if:

(a) You breach these Terms, including but not limited to non-payment, prohibited use, or attempted circumvention of licensing mechanisms.

(b) We are required to do so by law, regulation, or court order.

(c) Your use of the Service poses a security risk to SafeDisk or other Users.

(d) Your account has been inactive for an extended period and your subscription has expired.

18.3 Effect of Termination

Upon termination:

19. Governing Law and Dispute Resolution

19.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Republic of Poland, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply.

19.2 Jurisdiction

Any dispute arising out of or relating to these Terms shall be subject to the exclusive jurisdiction of the courts located in Warsaw, Republic of Poland. However, if you are a consumer within the EU, you retain the right to bring proceedings in the courts of your country of residence, and nothing in this section deprives you of mandatory consumer protection provisions of the law of your country of residence.

19.3 EU Online Dispute Resolution

If you are a consumer in the EU, you may use the EU Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr.

20. General Provisions

20.1 Entire Agreement

These Terms, together with any applicable Privacy Policy and Subscription Plan details, constitute the entire agreement between you and SafeDisk and supersede all prior agreements, understandings, and representations.

20.2 Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.

20.3 Waiver

No waiver of any provision of these Terms shall be deemed a further or continuing waiver of such provision or any other provision, and SafeDisk's failure to assert any right or provision shall not constitute a waiver of such right or provision.

20.4 Assignment

You may not assign or transfer your rights or obligations under these Terms without SafeDisk's prior written consent. SafeDisk may assign its rights and obligations under these Terms without restriction.

20.5 Force Majeure

SafeDisk shall not be liable for any delay or failure to perform resulting from causes outside its reasonable control, including but not limited to natural disasters, war, terrorism, cyberattacks, government actions, pandemics, internet or infrastructure failures, or failures of third-party service providers (including but not limited to Stripe, hosting providers, and operating system vendors).

20.6 Notices

Notices to you will be sent to the email address associated with your account. Notices to SafeDisk should be sent to support@safedisk.app. Notices are deemed received upon sending (for email).

20.7 Language

These Terms are drafted in English. In the event of a conflict between the English version and any translation, the English version shall prevail.

21. Changes to These Terms

SafeDisk reserves the right to modify these Terms at any time. Material changes will be communicated via email to your registered email address and/or through a notice in the Web Panel or desktop application at least 30 days before they take effect. Your continued use of the Service after the effective date of the changes constitutes your acceptance of the modified Terms. If you do not agree to the modified Terms, you must stop using the Service and terminate your account.

22. Contact Information

For questions, concerns, or notices regarding these Terms:

Afina Systems Spółka z ograniczoną odpowiedzialnością ul. Senatorska 2, 00-075 Warszawa, Poland KRS: 0000884244 | NIP: 5252852337 | REGON: 388239950 | VAT ID: PL5252852337 Email: support@safedisk.app

For data protection inquiries: Email: support@safedisk.app

SafeDisk — Your fortress in the digital world.