Home Dashboard
Effective: March 4, 2026

Terms of Service

Please read these terms carefully before using SecretCarousel. By accessing or using our platform, you agree to be bound by these terms.

Who These Terms Apply To

User Types

These terms govern your use of SecretCarousel depending on how you interact with our platform.

Customer

A registered API key holder who uses SecretCarousel to store, manage, and rotate secrets through the dashboard or API.

Developer

An individual or service integrating with SecretCarousel via the SDK or REST API to programmatically manage secrets.

Visitor

Anyone who browses the SecretCarousel website without creating an account or using the API.

Overview

Table of Contents

Sections

  1. 1 Introduction
  2. 2 Definitions
  3. 3 Account & API Key Registration
  4. 4 Use of the Service
  5. 5 Secret Management Services
  6. 6 Data Protection & Encryption
  7. 7 Intellectual Property
  8. 8 Payment & Subscription
  9. 9 Limitation of Liability
  10. 10 Termination
  11. 11 Governing Law
  12. 12 Changes to Terms
  13. 13 Contact Us

1 Introduction

Welcome to SecretCarousel. These Terms of Service ("Terms") govern your access to and use of the SecretCarousel platform, including our website, dashboard, REST API, SDK, and all related services (collectively, the "Service").

SecretCarousel is a division operated and run by Tyga.Cloud Ltd (Company No: 14643275), a company registered in England and Wales with its registered office at 2 Oakley Court, Kingsmead Business Park, London Road, High Wycombe, United Kingdom, HP11 1JU.

By accessing or using the Service, you agree to be bound by these Terms. If you do not agree to these Terms, you must not use the Service.

Important: These Terms constitute a legally binding agreement between you and Tyga.Cloud Ltd. Please read them carefully before using SecretCarousel.

2 Definitions

In these Terms, the following definitions apply:

  • "SecretCarousel," "we," "us," "our" refers to the SecretCarousel platform operated by Tyga.Cloud Ltd.
  • "Customer" means a registered API key holder who uses SecretCarousel to store, manage, and rotate secrets.
  • "Developer" means an individual or service that integrates with SecretCarousel via the SDK or REST API.
  • "Visitor" means any person who accesses or browses the SecretCarousel website without registering for an account.
  • "Secrets" means any confidential data stored within SecretCarousel, including but not limited to API keys, tokens, passwords, certificates, environment variables, and other sensitive configuration data.
  • "Service" means the SecretCarousel platform, including the website, dashboard, REST API, SDK, documentation, and all associated services.
  • "API Key" means the authentication credential issued to Customers for accessing the SecretCarousel API and dashboard.
  • "Tenant" means a logically isolated workspace within SecretCarousel associated with a Customer's account.

3 Account & API Key Registration

To access the full features of SecretCarousel, you must register for an account and obtain an API key. When registering, you agree to:

  • Provide accurate and complete registration information.
  • Maintain the security and confidentiality of your API key(s) at all times.
  • Accept responsibility for all activities that occur under your API key(s).
  • Notify us immediately of any unauthorised use of your API key(s) or any other security breach.
  • Not share, publish, or expose your API key(s) in public code repositories, client-side code, or any other publicly accessible location.

Security Notice: You are solely responsible for safeguarding your API keys. SecretCarousel will never ask you for your API key via email or any other unsolicited communication. Compromised keys should be revoked immediately through the dashboard.

We reserve the right to suspend or revoke API keys that we reasonably believe have been compromised, are being misused, or are in violation of these Terms.

4 Use of the Service

4.1 Permitted Use

You may use SecretCarousel for lawful purposes in accordance with these Terms. Permitted uses include:

  • Storing and managing secrets, API keys, tokens, and other sensitive configuration data.
  • Rotating secrets on a scheduled or on-demand basis.
  • Sharing secrets securely with authorised recipients via time-limited, access-controlled share links.
  • Integrating with the SecretCarousel SDK and REST API in your applications and infrastructure.
  • Creating and managing backups of your encrypted secret data.
  • Using the audit log to monitor access and changes to your secrets.

4.2 Prohibited Use

You must not use SecretCarousel to:

  • Store any content that is unlawful, harmful, threatening, abusive, harassing, defamatory, or otherwise objectionable.
  • Attempt to gain unauthorised access to any part of the Service, other users' accounts, or any systems or networks connected to the Service.
  • Use the Service to facilitate illegal activities, including the distribution of malware, phishing, or other cybercrime.
  • Reverse-engineer, decompile, disassemble, or attempt to derive the source code of the Service.
  • Use automated scripts, bots, or tools to scrape, overload, or interfere with the operation of the Service.
  • Circumvent or disable any security features, rate limits, or access controls implemented by SecretCarousel.
  • Resell, sublicense, or redistribute access to the Service without our prior written consent.

4.3 Rate Limits & Fair Usage

SecretCarousel imposes rate limits and usage quotas to ensure fair access for all users. Exceeding these limits may result in temporary throttling or suspension of your API access. Current rate limits are documented in our API documentation and may be updated from time to time.

5 Secret Management Services

SecretCarousel provides a comprehensive secrets management platform. The following terms apply to specific features of the Service:

5.1 Encrypted Storage

All secrets stored in SecretCarousel are encrypted at rest using industry-standard encryption algorithms. While we employ robust security measures to protect your data, you acknowledge that:

  • No method of electronic storage is 100% secure, and we cannot guarantee absolute security.
  • You are responsible for maintaining your own backups of critical secrets where appropriate.
  • The encryption of your data does not absolve you of responsibility for the nature and legality of the content you store.

5.2 API Access & SDK

SecretCarousel provides a REST API and SDK for programmatic access to the platform. When using the API or SDK, you agree to:

  • Authenticate all requests using valid API keys issued to your account.
  • Respect rate limits and usage quotas as documented in the API documentation.
  • Implement appropriate error handling and retry logic in your integrations.
  • Not cache or store decrypted secrets longer than necessary for your application's operation.
  • Keep your SDK dependencies up to date with the latest security patches.

5.3 Secret Sharing

SecretCarousel allows you to share secrets with authorised recipients via secure, time-limited share links. When using the sharing feature, you acknowledge that:

  • You are solely responsible for ensuring that share links are sent to the intended recipients only.
  • Share links may be configured with expiry times, maximum view counts, and optional passphrase protection.
  • Once a secret is accessed via a share link, we cannot control how the recipient uses that information.
  • You should revoke share links immediately if you suspect they have been compromised.

5.4 Secret Rotation

SecretCarousel supports automatic and manual rotation of secrets. You acknowledge that:

  • Rotation of secrets may temporarily affect applications that depend on those secrets until they retrieve the updated values.
  • You are responsible for configuring rotation policies that are appropriate for your use case.
  • We recommend testing rotation workflows in a non-production environment before enabling them in production.

5.5 Audit Logging

SecretCarousel maintains audit logs of all actions performed on your secrets. Audit logs record the action type, resource, actor, timestamp, and associated metadata. You acknowledge that:

  • Audit logs are provided for your compliance, security monitoring, and forensic purposes.
  • Audit log retention periods may vary depending on your subscription plan.
  • We may access audit logs to investigate suspected Terms of Service violations or security incidents.

5.6 Backup & Recovery

SecretCarousel provides backup and recovery features that allow you to export and restore encrypted snapshots of your secret data. You acknowledge that:

  • Backups are encrypted and can only be restored to your own tenant.
  • You are responsible for securely storing any backup files you download from the platform.
  • Restoring a backup may overwrite existing secrets, and this action cannot be undone.
  • We are not liable for data loss resulting from improper use of the backup or restore features.

6 Data Protection & Encryption

We take the security of your data seriously. SecretCarousel implements the following security measures:

  • Encryption at rest: All secrets are encrypted using AES-256 or equivalent encryption before being stored.
  • Encryption in transit: All communications between your applications and our servers are encrypted using TLS 1.2 or higher.
  • API key hashing: API keys are hashed using bcrypt and are never stored in plaintext.
  • Tenant isolation: Each customer's data is logically isolated within their own tenant.
  • Access controls: Role-based access controls and API key scoping ensure that access is limited to authorised users and operations.

Our commitment: While we employ industry-standard security practices, we encourage all users to follow security best practices, including regular key rotation, using scoped API keys, and monitoring audit logs for suspicious activity.

For further information on how we collect, use, and protect your personal data, please refer to our Privacy Policy.

7 Intellectual Property

The Service, including its original content, features, functionality, design, and branding, is and will remain the exclusive property of Tyga.Cloud Ltd and its licensors. The Service is protected by copyright, trademark, and other intellectual property laws.

7.1 Our Intellectual Property

  • The SecretCarousel name, logo, and all related names, logos, product and service names, designs, and slogans are trademarks of Tyga.Cloud Ltd.
  • You must not use such marks without the prior written permission of Tyga.Cloud Ltd.
  • All other names, logos, product and service names, designs, and slogans on the Service are the trademarks of their respective owners.

7.2 Your Content

You retain all rights to the secrets and data you store within SecretCarousel. By using the Service, you grant us a limited, non-exclusive licence to process and store your data solely for the purpose of providing the Service to you. We will never access, use, or disclose your stored secrets except as necessary to operate the Service, comply with legal obligations, or enforce these Terms.

8 Payment & Subscription

SecretCarousel may offer free and paid subscription plans. If you choose a paid plan:

  • You agree to pay all fees associated with your chosen plan in accordance with the billing terms presented at the time of purchase.
  • Fees are non-refundable except as required by applicable law or as expressly stated in these Terms.
  • We may change our fees upon reasonable notice. Continued use of the Service after a fee change constitutes your acceptance of the new fees.
  • If payment fails, we may suspend or restrict your access to paid features until the outstanding balance is resolved.

Free-tier users are subject to usage limits as described in our pricing documentation. We reserve the right to modify free-tier limits at any time.

9 Limitation of Liability

To the fullest extent permitted by applicable law:

  • SecretCarousel and Tyga.Cloud Ltd shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, use, goodwill, or other intangible losses.
  • Our total liability arising out of or relating to these Terms or the Service shall not exceed the total amount paid by you to us in the twelve (12) months preceding the claim.
  • We do not warrant that the Service will be uninterrupted, timely, secure, or error-free.
  • We are not responsible for any damage or loss resulting from your failure to maintain the security of your API keys or account credentials.

Important: The Service is provided on an "as is" and "as available" basis. We make no warranties, express or implied, regarding the Service, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

Nothing in these Terms shall limit or exclude our liability for death or personal injury resulting from our negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be lawfully excluded or limited.

10 Termination

We may terminate or suspend your access to the Service immediately, without prior notice or liability, for any reason, including but not limited to a breach of these Terms.

10.1 Termination by You

You may stop using the Service at any time by revoking your API keys and ceasing all use of the platform. If you wish to delete your account and all associated data, please contact us at the address below.

10.2 Termination by Us

We may terminate or suspend your account if:

  • You breach any provision of these Terms.
  • We are required to do so by law or regulatory authority.
  • We reasonably believe your account has been compromised or is being used for unauthorised purposes.
  • You fail to pay any applicable fees when due.

10.3 Effect of Termination

Upon termination, your right to use the Service will immediately cease. We may retain or delete your data in accordance with our data retention policies and applicable law. We recommend exporting any data you wish to keep before terminating your account.

11 Governing Law

These Terms shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of law principles.

Any disputes arising from or relating to these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of England and Wales.

If any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that these Terms shall otherwise remain in full force and effect.

12 Changes to Terms

We reserve the right to modify or replace these Terms at any time at our sole discretion. If a revision is material, we will provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.

By continuing to access or use the Service after any revisions become effective, you agree to be bound by the revised Terms. If you do not agree to the new Terms, you must stop using the Service.

Stay informed: We recommend reviewing these Terms periodically for any changes. Changes to these Terms are effective when they are posted on this page with an updated effective date.

13 Contact Us

If you have any questions about these Terms of Service, please contact us:

Get in Touch

If you have any questions about these Terms of Service or need clarification on any provision, we are here to help.

Email: legal@tyga.cloud
Tyga.Cloud Ltd (Company No: 14643275)
2 Oakley Court, Kingsmead Business Park, London Road, High Wycombe, HP11 1JU, United Kingdom