Most cloud storage providers don't tell you what happens if they shut down. We do. This is the commitment we make to every paying customer.
We commit to operating Vault for at least 5 years from the date of your purchase. Beyond that period, our intent is to continue operating the service for existing customers at no additional cost for as long as it remains viable to do so — we deliberately phrase this as an intent rather than a binding guarantee, because we'd rather under-promise on a horizon five-plus years out than commit to something we cannot honestly guarantee. If we ever do need to wind down operations, we will give you at least 90 days advance notice and provide a working export tool so you can retrieve all your encrypted files and the metadata needed to decrypt them offline. Your right to export is not contingent on continued payment, on a fresh login during a specific window, or on anything other than your continued possession of your recovery key.
Many "lifetime" cloud services have quietly disappeared, leaving customers locked out of their data with little warning. We've watched that happen repeatedly and decided to write the opposite policy into our contract instead.
5 years is a length we can credibly commit to. It's also long enough to be genuinely useful — most documents you'd put in a vault (tax records, insurance policies, contracts, medical paperwork) have a 5-10 year retention window in many jurisdictions. Beyond the 5-year minimum, our intent is to keep the service running for existing customers at no additional cost, but we leave that as an intent rather than a binding promise so we can be honest about what we can and cannot guarantee that far out. We'd rather promise 5 years we can deliver — plus an honest plan for what comes after — than promise "forever" and disappear.
For the 5-year minimum operating period from your purchase date, we commit to:
Beyond the 5-year minimum, our intent is to continue operating the service for existing customers at no additional cost for as long as it remains financially viable and we believe we can continue to do so responsibly. This is a plan, not a binding guarantee — we are being deliberately careful about the difference, because we'd rather be honest about what we cannot promise five-plus years out than pretend to certainty we don't have. We will only initiate a wind-down if one of the following becomes true:
If we cease operations without honoring the 90-day notice and export window, you have a legitimate breach-of-contract claim against the operator under your jurisdiction's consumer protection laws. We have written this policy specifically because we want to be held to it.
If you're concerned about this risk and want additional reassurance, the safer practice is to use the "Export all" feature periodically (e.g. once a year) to keep an offline copy of your encrypted files. That way, even an unannounced shutdown leaves you with your data.
We publish a small command-line utility (under an open-source license) that can decrypt files exported from Vault using your recovery key, without needing the Vault service to be running. This utility is independent of our service and will remain available at github.com/[ORG]/vault-decrypt indefinitely.
This means: even if every server we operate goes offline tomorrow, you can still decrypt files you exported earlier. Your encryption is not contingent on our continued existence.
If we initiate a wind-down before the 5-year minimum operating period has elapsed, we will refund a pro-rated portion of your purchase price corresponding to the unfulfilled time. After 5 years, no refund obligation exists, since the commitment will have been fully delivered.
Because trust is built on specific, falsifiable commitments — not on vague promises. If you're choosing between Vault and another provider, we want you to be able to compare what each of us is willing to put in writing about the unhappy path.