CertKit Terms of Service

This Agreement was last modified on

IMPORTANT NOTICE: CERTKIT IS CURRENTLY IN BETA. PLEASE READ SECTION 3 CAREFULLY REGARDING THE BETA NATURE OF THIS SERVICE.

These Terms of Service (the “Agreement”) govern the use of the CertKit automated TLS certificate management platform described at https://www.certkit.io/ (the “Service”) operated by TrackJS LLC (“TrackJS”, “CertKit”, “we”, or “us”).

By creating an account, logging into the Service, or accessing the Service in any manner, you acknowledge that you have reviewed and accept this Agreement, agree to be bound by its terms, and certify that you are an authorized representative of the entity on whose behalf you are accessing the Service with the right and authority to enter into this Agreement on that entity’s behalf.

1. Definitions

  • “Agents” means the CertKit certificate management agents, scripts, and related software components provided by CertKit for installation on your infrastructure.

  • “Certificate Authority” or “CA” means a third-party certificate authority integrated with the Service, including Let’s Encrypt.

  • “Certificate Data” means TLS certificates, private keys, certificate signing requests, domain validation records, and related certificate metadata managed through the Service on your behalf.

  • “Customer Data” means all data you submit to, store on, or transmit through the Service, including Certificate Data, domain configurations, and account information.

  • “Software” means the Service, the Agents, and all related software, documentation, and materials provided by CertKit.

  • “You” or similar terms means you, the person accessing the Service, the business or entity on whose behalf you access the Service, and any person on whose behalf you are using the Service or who may have rights through you.

2. Grant of License and Restrictions on Use

Subject to the terms of this Agreement and payment of applicable fees, CertKit grants you a non-exclusive, non-transferable, limited right to use the Service and Agents solely for your own internal business purposes for the term of this Agreement. You may install and operate the Agents within your own infrastructure and systems.

You are responsible for maintaining the security of your account credentials and for all activity that occurs under your account.

You will not (and you will not allow any third party to):

  1. Use the Service if you are under 18 years of age;
  2. Copy, distribute, rent, lease, transfer, or sublicense any portion of the Software to any third party;
  3. Modify or prepare derivative works of the Software;
  4. Use the Software to develop a competing product or service;
  5. Use the Software in any manner that threatens the integrity, performance, or availability of the Service;
  6. Reverse engineer, decompile, or disassemble the Software;
  7. Remove, alter, or obscure any proprietary notices on the Software;
  8. Resell certificate management services based on CertKit without our express written consent.

3. Beta Service Terms

3.1 Beta Status

You acknowledge and agree that CertKit is beta software that is under active development, may contain bugs or defects, may experience downtime, and may undergo significant changes without notice.

3.2 Beta Responsibilities

During the beta period, you acknowledge and agree that:

  1. You must maintain backup certificate management processes and independently monitor certificate expiration dates.
  2. You should not rely solely on CertKit for mission-critical certificate management without appropriate failover mechanisms.
  3. While CertKit may be used in production environments, you do so at your own risk and accept responsibility for any certificate expirations or service disruptions that result from beta limitations.
  4. We may modify, suspend, or discontinue features without notice, including changes that may require reconfiguration on your part.

3.3 Feedback

As a beta user, you agree to provide reasonable feedback about bugs, errors, and user experience when requested. You grant us a perpetual, royalty-free, worldwide license to use any feedback you provide to improve the Service.

3.4 Transition to General Availability

When CertKit transitions from beta to general availability, we will publish updated terms of service. Your continued use of the Service after that transition constitutes acceptance of the updated terms.

4. Certificate Management — Shared Responsibility

Certificate management is a shared responsibility between CertKit and you.

CertKit is responsible for:

  • Providing automated certificate provisioning and renewal functionality
  • Maintaining the certificate management platform
  • Implementing security best practices for the Service
  • Providing reasonable notice of known issues affecting the Service (when practicable)

You are responsible for:

  • Correctly configuring your domains and DNS settings
  • Maintaining proper access controls and credentials for your account and infrastructure
  • Ensuring certificate deployment to your servers (including correct Agent installation, permissions, and restart/reload commands)
  • Monitoring certificate status and expiration
  • Complying with Certificate Authority requirements and policies
  • Maintaining backup certificate management processes

4.1 Domain Control Representation

You represent and warrant that you own or control, or are otherwise authorized to manage, each domain and hostname you configure in the Service, including authorization to complete domain validation (including delegated DNS / CNAME validation) and to request, install, and renew certificates for those domains.

4.2 Key Material and Private Keys

You acknowledge and agree that the Service may generate, store, access, transmit, and deploy TLS private keys, certificate signing requests (CSRs), certificates, and related cryptographic material (“Key Material”) on your behalf in order to provide the Service (including issuance, renewal, deployment, verification, and monitoring).

You are responsible for securing the systems where you install Agents, including operating system hardening, access controls, and preventing unauthorized access to certificate files and Key Material after deployment.

CertKit is responsible for implementing reasonable administrative, technical, and physical safeguards designed to protect Key Material and Customer Data within the Service.

Certificate Authorities

CertKit integrates with third-party Certificate Authorities. Certificate issuance is subject to CA policies and rate limits. We are not responsible for CA downtime, policy changes, or actions taken by a CA against your account. You must comply with all applicable CA terms of service.

5. Grant of License to CertKit

You retain all right, title, and interest in your Customer Data. You grant CertKit a worldwide right to use, store, and reproduce Customer Data as necessary for CertKit to: (i) provide the Service to you; (ii) develop and improve the Service; (iii) provide support and troubleshooting; and (iv) create aggregated, anonymized reports or statistics, provided that no such report identifies you by name or other distinguishing mark.

6. Ownership

TrackJS is the sole and exclusive owner of the Software and warrants that it has full right, title, and authority to grant the rights under this Agreement, and that the Software does not infringe any valid United States patent, copyright, trade secret, trademark, or other intellectual property right of a third party.

You acknowledge that the Software is the exclusive property of TrackJS. TrackJS retains all rights, title, and interest in the Software. You acquire no right, title, or interest in the Software except the limited license granted in this Agreement.

7. Fees and Payment

7.1 Subscription Fees

Fees for the Service are as published at https://certkit.io/pricing or as otherwise agreed in writing. All fees are billed in advance on a monthly or annual basis and are non-refundable except as expressly provided in this Agreement. Subscriptions automatically renew at the end of each billing period at the then-current rate unless you cancel before the renewal date.

7.2 Beta Pricing

During the beta period, CertKit may be offered at reduced or no cost. We reserve the right to implement standard pricing upon transition to general availability. We may implement pricing changes at any time by updating the pricing page or by otherwise communicating the change to you.

7.3 Taxes

All fees are exclusive of taxes. You are responsible for all applicable taxes, and we will charge tax where required by law.

8. Term, Termination, and Suspension

8.1 Term

This Agreement remains in effect for as long as you have an active CertKit account.

8.2 Termination by Either Party

Either party may terminate this Agreement at any time with 30 days written notice.

8.3 Cancellation by You

You may cancel your subscription at any time, effective at the end of your then-current billing period. Cancellation stops future renewals. You will not receive a refund for any prepaid fees except as expressly provided in this Agreement.

8.4 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if the other party materially breaches this Agreement and fails to cure the breach within 30 days of receiving written notice of the breach.

8.5 Suspension

We may suspend your access to the Service, without terminating this Agreement, if:

  1. Your account is past due on payment;
  2. Your use of the Service poses a security risk to the Service or other users;
  3. Your use of the Service violates this Agreement or applicable law; or
  4. Suspension is required by law or by a Certificate Authority.

We will provide reasonable notice before suspension when practicable, and will restore access promptly when the issue is resolved.

8.6 Termination for Non-Payment

If your account remains past due for more than 30 days after we provide notice of non-payment, we may terminate this Agreement immediately.

8.7 Effect of Termination

Upon termination, all rights and licenses granted to you terminate immediately. You will stop using the Service and Agents and delete all copies of the Agents in your possession, except that you may retain copies solely as required for backup, archival, or legal compliance purposes. Sections that by their nature should survive termination will survive, including Sections 6-17.

8.8 Customer Data After Termination

Following termination, you will have 30 days to export your Customer Data from the Service. After 30 days, we may delete all Customer Data associated with your account. We are not obligated to retain Customer Data beyond this period.

9. Acceptable Use

You will not (and you will not allow any third party to) use the Service, Agents, or Software to:

  1. Request, issue, renew, deploy, or monitor certificates for any domain, hostname, or system that you do not own or control or are not authorized to manage;
  2. Violate any applicable law, regulation, or third-party right (including CA policies);
  3. Interfere with, disrupt, or attempt to gain unauthorized access to the Service, Agents, accounts, systems, or networks;
  4. Probe, scan, or test the vulnerability of the Service or bypass any security measures, except with our prior written permission;
  5. Introduce malware, exploit code, or other harmful material into the Service or Agents;
  6. Circumvent usage limits, rate limits, or access controls;
  7. Use the Service to provide managed certificate services to third parties (resale) without our express written consent; or
  8. Use the Service in a way that threatens the integrity, performance, availability, or security of the Service or other users.

We may suspend or terminate your access for violations of this Section.

10. Security and Incident Notification

We use reasonable administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of the Service and Customer Data. However, no system can be guaranteed to be 100% secure.

If we become aware of a confirmed security incident that compromises the confidentiality of Customer Data within the Service, we will use commercially reasonable efforts to notify you without undue delay and provide information reasonably necessary for you to understand the scope of the incident and take appropriate steps.

You are responsible for the security of your own environments where Agents run, including patching, access controls, and protecting deployed certificates and private keys on your systems.

11. Support and Availability

We provide best-effort support and will use reasonable efforts to keep the Service available. You acknowledge and agree that the Service may experience interruptions, downtime, maintenance, or other availability issues, particularly during beta, and that we do not provide any service level agreement (SLA) unless expressly agreed in writing.

12. Warranty Disclaimers

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, THE SERVICE AND AGENTS ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND. TRACKJS DOES NOT WARRANT THAT THE SERVICE WILL MEET YOUR REQUIREMENTS OR THAT CERTIFICATE PROVISIONING WILL BE UNINTERRUPTED OR ERROR-FREE.

TRACKJS HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

TRACKJS SPECIFICALLY DISCLAIMS ANY WARRANTY THAT CERTIFICATES WILL BE ISSUED, RENEWED, OR DEPLOYED SUCCESSFULLY, OR THAT THE SERVICE WILL PREVENT CERTIFICATE EXPIRATION.

13. Limitation of Liability

NEITHER PARTY’S TOTAL AGGREGATE LIABILITY UNDER, FOR BREACH OF, OR ARISING OUT OF THIS AGREEMENT SHALL EXCEED THE PAYMENTS ACTUALLY MADE BY YOU FOR THE SERVICE DURING THE TWELVE (12) MONTHS PRIOR TO THE DATE OF THE EVENT GIVING RISE TO ANY LIABILITY.

UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY OTHER PERSON FOR:

  1. Any indirect, special, incidental, exemplary, punitive, or consequential damages of any kind;
  2. Lost profits, revenue, data, or use;
  3. Costs of procurement of substitute services;
  4. Service interruptions or certificate expirations; or
  5. Security breaches resulting from expired or misconfigured certificates;

WHETHER OR NOT THE LIABLE PARTY WAS ADVISED OF, KNEW OF, OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.

13.1 Exceptions to Liability Cap

Notwithstanding the foregoing, the liability cap in this Section 13 does not apply to: (i) your payment obligations under this Agreement; (ii) your indemnification obligations under Section 14.1; or (iii) either party’s breach of its confidentiality obligations under Section 15.

14. Indemnification

14.1 Your Indemnification of CertKit

You agree to indemnify and hold TrackJS, and its subsidiaries, affiliates, officers, directors, agents, partners, and employees, harmless from any claim or demand, including reasonable attorneys’ fees, made by any third party due to or arising out of: (i) your use of the Service; (ii) your breach of this Agreement; (iii) your violation of any law or third-party right; or (iv) your failure to properly configure, deploy, or monitor certificates.

14.2 CertKit’s Indemnification of You (IP)

TrackJS will indemnify and hold you, and your subsidiaries, affiliates, officers, directors, agents, partners, and employees, harmless from any third-party claim that the Service infringes, misappropriates, or violates such third party’s valid United States patent, copyright, trade secret, trademark, or other intellectual property right.

This Section 14.2 states TrackJS’s sole and exclusive liability, and your sole and exclusive remedy, for any intellectual property infringement or misappropriation claim.

Exclusions

TrackJS will have no obligation under this Section 14.2 to the extent a claim arises from:

  1. Your use of the Service in violation of this Agreement or applicable law;
  2. Your modification of the Service, Agents, or Software, or use of the Service with modifications not provided by TrackJS;
  3. Combination of the Service with products, services, software, systems, or data not provided by TrackJS, if the claim would not have arisen but for such combination;
  4. Your failure to use the most current, unmodified version of the Service or Agents made available by TrackJS, if the claim would have been avoided by using that version; or
  5. Any content, data, or materials provided by you or on your behalf.

If the Service is held or reasonably likely to be held to constitute such an infringement, TrackJS will, at its expense and option, either: (i) secure for you the right to continue using the Service; (ii) replace or modify the Service so that it is no longer infringing while remaining substantially equivalent; or (iii) if neither (i) nor (ii) is reasonably available, terminate this Agreement and refund any prepaid fees for the unused portion of the current billing period.

14.3 Indemnification Procedure

The indemnified party must: (i) promptly notify the indemnifying party of the claim; (ii) give the indemnifying party sole control of the defense and settlement; and (iii) provide reasonable cooperation at the indemnifying party’s expense. The indemnifying party will not settle any claim in a manner that imposes obligations on the indemnified party without the indemnified party’s prior written consent.

14.4 Survival

These indemnity obligations will survive the expiration or termination of this Agreement.

15. Confidentiality

Each party acknowledges that it may receive non-public, confidential information from the other party in connection with this Agreement. CertKit’s certificate management methodologies, automation algorithms, and system architectures constitute confidential information of CertKit. Your Customer Data constitutes your confidential information. Each party agrees to take reasonable steps to protect the other party’s confidential information from unauthorized disclosure, using at least the same degree of care it uses to protect its own confidential information.

16. Compliance with Laws

You represent and warrant that your use of CertKit will comply with all applicable laws and regulations. You are responsible for determining whether the Service is suitable for you to use in light of all applicable legal and regulatory requirements, including HIPAA, PCI DSS, SOC 2, or other compliance frameworks.

17. Privacy

By using the Service, you agree to our collection, use, and disclosure of information as described in the most recent version of our Privacy Policy published at https://www.certkit.io/privacy.

18. Governing Law and Venue

This Agreement is entered into and performed in the State of Minnesota, United States of America. It is governed by and shall be construed under the laws of Minnesota, exclusive of any choice of law or conflict of laws provisions. In any claim or action arising under this Agreement, each party irrevocably submits to the personal jurisdiction of the Minnesota State District Court sitting in Washington County, Minnesota or the United States District Court for the District of Minnesota. Each party waives any jurisdictional, venue, or inconvenient forum objections to these courts.

19. Publicity

You are permitted to state publicly that you are a user of CertKit. You agree that TrackJS may include your name in a list of CertKit users, online or in promotional materials, and may verbally reference you as a user of the Service. You may opt out by sending a request to hello@certkit.io.

20. General Provisions

20.1 Entire Agreement

This Agreement is the complete and exclusive agreement between the parties concerning its subject matter and supersedes all prior agreements and representations.

20.2 Amendments

Any waiver of or modification to this Agreement will not be effective unless in writing and signed by TrackJS. TrackJS reserves the right to modify this Agreement at any time by posting updated terms at https://www.certkit.io/terms. Your continued use of the Service after such changes constitutes acceptance of the updated terms.

20.3 Assignment

You may not assign this Agreement without our prior written consent. TrackJS may assign this Agreement in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets without your consent. This Agreement binds and inures to the benefit of the parties’ permitted successors and assigns.

20.4 Notices

All notices under this Agreement will be sent to the email address associated with your CertKit account (for notices to you) or to hello@certkit.io (for notices to us). Notices are deemed received when sent to a valid email address.

20.5 Force Majeure

Neither party will be liable for any delay or failure to perform its obligations under this Agreement due to causes beyond its reasonable control, including natural disasters, acts of government, internet or infrastructure failures, power outages, or actions by third-party service providers (including Certificate Authorities).

20.6 Severability

If any provision of this Agreement is held to be unenforceable, the remaining provisions will remain in full force and effect.

20.7 Export Compliance

The Software is controlled by U.S. Export Regulations and may not be exported to or used by embargoed countries or individuals.

IN WITNESS WHEREOF, this Agreement is entered into and becomes binding with effect from the first date of Service.