Legal

Terms of Service

Last updated: March 2026

These Terms of Service (“Terms”) are a legal agreement between you (“Customer,” “you,” or “your”) and Sentinel Vault Systems LLC (“Company,” “we,” “us,” or “our”), a Wyoming limited liability company, governing your use of VaultGuard360 and related services.

By deploying VaultGuard360 from the Azure Marketplace or accessing its dashboard, you agree to these Terms. If you do not agree, do not deploy or use the service.

Your use of VaultGuard360 is also subject to the Microsoft Customer Agreement and applicable Microsoft Azure Marketplace terms. In the event of a conflict between these Terms and the Microsoft Customer Agreement, these Terms govern with respect to VaultGuard360-specific provisions.

1. Service Description

VaultGuard360 is an Azure Key Vault expiration monitoring service sold through the Microsoft Azure Marketplace as an Azure Managed Application. The service scans Azure Key Vaults across your tenant, tracks expiring secrets, certificates, and keys, and sends alerts via email and webhook integrations.

VaultGuard360 deploys into your Azure subscription as a Managed Application. The application runs entirely within your Azure environment. You are responsible for the Azure infrastructure costs incurred in your tenant in addition to the VaultGuard360 subscription fee.

2. Subscription Tiers

VaultGuard360 is offered in three tiers:

(a) Trial — $0/month for 14 calendar days. Includes Professional-level features with scale limits: up to 15 Azure subscriptions and up to 1,000 monitored items. Trial begins on first deployment and expires automatically after 14 days.

(b) Professional — $499/month. Up to 15 Azure subscriptions and up to 2,000 monitored items. Includes email and webhook alerting, team-based routing, and a configuration dashboard.

(c) Enterprise — $1,499/month. Unlimited Azure subscriptions and unlimited monitored items. Includes all Professional features plus VNet Integration and Private Endpoint support.

Paid subscriptions are billed monthly through Microsoft Azure Marketplace and renew automatically unless canceled before the renewal date. Price changes will be communicated at least 30 days in advance.

3. Trial Terms and Expiration

The Trial tier provides 14 calendar days of access at no charge. Warning notifications are sent at 7, 3, and 1 days before expiration.

Upon trial expiration:

  • All API endpoints return HTTP 402 (Payment Required). The dashboard displays an overlay directing you to subscribe.
  • Automated scans are halted. No further monitoring or notifications are sent.
  • The health check, license status, user identity, and data export endpoints remain accessible so you can retrieve your configuration.
  • To restore service, subscribe to a Professional or Enterprise plan through the Azure Marketplace.

4. Upgrade and Data Migration

Important: Upgrading from Trial to a paid plan requires deploying a new Managed Application, which creates a new managed resource group. Data from your Trial deployment is not automatically transferred.

  • Before upgrading, use the built-in data export tool to download your configuration as JSON. The export endpoint remains accessible after trial expiry.
  • After deploying the paid plan, use the data import tool to restore your configuration.
  • Sensitive fields (webhook secrets, ServiceNow credentials, Teams webhook URLs) must be re-entered manually after import.

5. Read-Only Security Model

VaultGuard360 operates on a strict read-only security model with respect to your Key Vaults. The service uses a user-assigned managed identity with Reader and Key Vault Reader RBAC roles at subscription scope. Within the managed resource group, additional roles enable internal operations (storage and communication services).

VaultGuard360 never accesses secret values, certificate private keys, or key material. The service does not perform any cryptographic operations or modify your Key Vaults.

6. Azure Managed Application Model

  • Customer data ownership: All data generated by VaultGuard360 is stored in Azure Table Storage within your Azure subscription. We do not access your customer data as a matter of policy.
  • Publisher access: Contributor-level access to the managed resource group for support, updates, and health monitoring, as is standard for Azure Managed Applications.
  • Customer restrictions: The managed resource group has a ReadOnly lock. You can view but not directly modify resources inside it.
  • Encryption: All data at rest is encrypted via Azure Storage Service Encryption. All data in transit uses TLS 1.2 or higher.

7. Service Level Agreement

  • Availability: VaultGuard360 targets 99.5% monthly uptime for Professional and Enterprise tiers. Trial deployments are best-effort.
  • Scan schedule: Scans execute on the configured schedule (default: weekdays at 9:00 AM UTC). Start times may vary by up to 15 minutes.
  • Notifications: Delivered within 5 minutes of scan completion under normal conditions.
  • Support response times: Critical — 4 hours (Enterprise), 24 hours (Professional). High and Normal — 24 hours. Via support@sentinelvaultsystems.com.
  • Exclusions: Azure platform outages, missing RBAC permissions, customer misconfiguration, Trial tier, scheduled maintenance (48h advance notice), and force majeure.

8. Your Responsibilities

When using VaultGuard360, you agree to:

  • Maintain appropriate Azure permissions for the Managed Application
  • Keep your Azure subscription in good standing and pay all applicable infrastructure costs
  • Use the service only for lawful purposes
  • Not attempt to reverse engineer, decompile, or extract source code
  • Not resell, sublicense, or redistribute the service without authorization
  • Not attempt to circumvent tier limits, trial duration, or usage restrictions
  • Export your configuration data before canceling or upgrading

9. Our Responsibilities

We commit to:

  • Providing a service that functions as documented
  • Responding to support requests within stated timeframes
  • Maintaining the read-only RBAC security model
  • Providing reasonable notice of material changes to the service or Terms
  • Never accessing, viewing, or storing your Key Vault secret values, certificate private keys, or key material
  • Treating information accessed during support interactions as confidential

10. Cancellation and Data Handling

  • By you: Cancel anytime through the Azure Marketplace. You are responsible for charges until cancellation takes effect.
  • Effect: Azure deletes the managed resource group and all resources within it, including all Table Storage data. This is permanent and irreversible.
  • Data export: We strongly recommend exporting your configuration before canceling.
  • Refunds: Governed by the Microsoft Azure Marketplace Publisher Agreement.
  • By us: We may terminate access if you materially breach these Terms, with reasonable notice and an opportunity to export your data.

11. Intellectual Property

All content, software, trademarks, and intellectual property in VaultGuard360 are owned by Sentinel Vault Systems LLC or our licensors. Your subscription grants a limited, non-exclusive, non-transferable, revocable license to use the service during the subscription term.

12. Limitation of Liability

To the maximum extent permitted by applicable law:

  • We are not liable for any indirect, incidental, special, consequential, or punitive damages.
  • Our total aggregate liability is limited to the amount you paid to Sentinel Vault Systems in the 12 months preceding the claim.
  • We are not responsible for outages, data loss, or issues caused by the Azure platform, your environment, or failure to export data before cancellation.
  • VaultGuard360 is a monitoring tool. It does not rotate, renew, or replace expiring items. You remain solely responsible for acting on alerts.

13. Disclaimer of Warranties

The service is provided “as is” and “as available.” We disclaim all warranties, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, and non-infringement.

14. Indemnification

You agree to indemnify and hold harmless Sentinel Vault Systems LLC from claims arising out of your use of the service, your violation of these Terms, or your violation of any applicable law.

15. Governing Law

These Terms are governed by the laws of the State of Wyoming, United States, without regard to conflict of law principles. Any legal action shall be brought exclusively in the state or federal courts located in Wyoming.

16. Dispute Resolution

Before filing any claim, you agree to contact us at info@sentinelvaultsystems.com and attempt to resolve the dispute informally for at least 30 days.

17. Modifications to Terms

We may update these Terms from time to time. Material changes will be posted with an updated date and reasonable notice. Continued use after changes constitutes acceptance.

18. Severability

If any provision is held invalid, the remaining provisions continue in full force and effect.

19. Entire Agreement

These Terms, together with applicable Microsoft Marketplace agreements, constitute the entire agreement regarding VaultGuard360 and supersede all prior agreements.

20. Assignment

You may not assign your rights without our consent. We may assign these Terms to a successor in interest without your consent.

21. Waiver

The failure to enforce any provision shall not constitute a waiver of that right. Any waiver must be in writing.

22. Contact

For questions about these Terms: info@sentinelvaultsystems.com

For technical support: support@sentinelvaultsystems.com