>_envshare.io

envshare.io legal

Terms of Service

These terms explain the rules for using EnvShare's encrypted environment variable sharing service, including the dashboard, hosted API, invite flow, CLI login flow, and hosted project administration.

Effective date: June 5, 2026

1. Agreement

These Terms of Service govern access to and use of envshare.io, the hosted web dashboard, API routes, invite flows, CLI authentication flow, and related service surfaces. By using EnvShare, creating or accepting an invite, authenticating through GitHub, or using the EnvShare CLI with the hosted service, you agree to these Terms.

If you use EnvShare for an employer, customer, repository owner, or other organization, you confirm that you are authorized to bind that organization and to manage the projects, secrets, devices, members, and access grants you create or accept.

2. What EnvShare provides

EnvShare is a developer tool for sharing environment variable sets across authorized team members. The CLI is the primary workflow for creating projects, encrypting variables, pushing encrypted values, pulling assigned variables, creating scoped invites, accepting invites, managing access, and reviewing audit activity. The web dashboard provides visual administration for projects, variable metadata, members, invites, access grants, CLI setup, and audit events.

EnvShare is designed so secret values are encrypted before upload in the normal CLI workflow. The hosted service stores ciphertext, key envelopes, metadata, access grants, invite records, device records, project membership, session records, and audit events. EnvShare does not provide plaintext secret recovery. If your team loses the device keys or local copies needed to decrypt a variable, EnvShare may not be able to restore that secret value.

3. Accounts, devices, and authentication

Web authentication uses GitHub through Firebase. CLI authentication uses a browser approval flow, loopback callback when available, S256 PKCE verification, server-side CLI sessions, and local token storage. You are responsible for protecting your GitHub account, local operating system account, CLI device, local credential store, and any repository where EnvShare writes local files.

You must promptly revoke CLI sessions, remove access grants, rotate affected credentials, and notify affected project administrators if a device, GitHub account, invite token, local .env file, or repository is lost, compromised, or accessed without authorization.

4. Project and team responsibilities

Project owners and administrators control membership, invite recipients, selected variables, access grants, and revocation decisions. Members may only access projects, repositories, variables, and credentials that they are authorized to use. You are responsible for the accuracy of repository metadata, recipient email addresses, role assignments, and variable selections.

Revoking an invite, access grant, CLI session, member, or project blocks future hosted-service access where the product supports that action. It cannot recall plaintext variables that were already pulled into a local file, copied, logged, committed, or used in another system. Rotate external credentials when revocation needs to invalidate a secret outside EnvShare.

5. Restricted data and regulated uses

EnvShare is built for environment variables and developer credentials, not for storing customer records or regulated personal datasets. Do not use EnvShare to store protected health information, payment card data, government identifiers, consumer credit data, biometric data, private communications unrelated to developer operations, or other regulated personal information unless you have independently confirmed that your use satisfies all legal, contractual, and compliance obligations.

You must not upload, share, or request secrets that you are not authorized to possess, export, disclose, or use. You remain responsible for compliance with employment agreements, customer contracts, repository policies, cloud-provider rules, sanctions and export laws, privacy laws, and security requirements that apply to the credentials you manage.

6. Acceptable use

  • Do not attempt to bypass authentication, authorization, rate limits, invite expiration, revocation, audit logging, encryption, or other security controls.
  • Do not interfere with EnvShare infrastructure, probe non-public systems, introduce malware, exfiltrate another user's data, or use the service to attack, spam, phish, or impersonate anyone.
  • Do not abuse invite emails, CLI login requests, API routes, project creation, or support channels.
  • Do not use EnvShare in a way that violates law, infringes intellectual property rights, or breaches duties owed to a repository owner, employer, customer, or teammate.

7. CLI package and open source components

The published @envshare/cli package and repository code may include open source license terms that apply to your use, copying, modification, or distribution of that code. These Terms govern the hosted envshare.io service and do not remove rights granted by an applicable open source license.

You are responsible for installing the CLI from trusted package sources, pinning versions where appropriate, and reviewing changes before using the CLI in production repositories or automated workflows.

8. Third-party services

EnvShare relies on third-party providers for authentication, hosting, database persistence, email delivery, package distribution, and related infrastructure. These providers may include GitHub, Firebase or Google services, Supabase, Resend, Vercel, npm, and infrastructure providers used by those services.

Your use of GitHub authentication, email inboxes, package managers, cloud providers, repository hosts, and local operating system credential stores may be governed by separate terms and policies from those third parties.

9. Service changes and availability

EnvShare may change, suspend, limit, or discontinue features to improve security, reliability, compliance, or product fit. We may also apply quotas, project limits, invite limits, abuse protections, or operational restrictions. EnvShare does not promise uninterrupted availability, permanent storage, or compatibility with every shell, operating system, package manager, repository host, or CI environment.

You are responsible for maintaining independent backups or recovery paths for credentials, rotating critical credentials outside EnvShare when needed, and validating EnvShare behavior before relying on it in production release or incident-response workflows.

10. Privacy and security

The Privacy Policy explains what personal information and project metadata EnvShare collects, how encrypted secret material is handled, and how to make privacy requests. The Privacy Policy is part of these Terms.

EnvShare uses security controls appropriate for a developer secret-sharing service, including client-side encryption in the normal CLI workflow, token hashing, short-lived login requests, scoped invites, access grants, revocation records, and audit events. No internet service can guarantee perfect security. You must use EnvShare with appropriate operational controls for your team.

11. Termination

You may stop using EnvShare at any time. Project owners can delete projects, remove members, revoke access grants, and revoke invites through supported product surfaces. EnvShare may suspend or terminate access if use appears unlawful, abusive, harmful to security, or inconsistent with these Terms.

Sections that by their nature should continue after termination will continue, including responsibility for previously pulled secrets, intellectual property provisions, privacy and security obligations, disclaimers, limitations of liability, indemnity, dispute terms, and payment obligations if paid features are introduced.

12. Disclaimers

EnvShare is provided as-is and as-available to the maximum extent permitted by law. We disclaim implied warranties of merchantability, fitness for a particular purpose, title, non-infringement, uninterrupted operation, error-free operation, data recovery, and complete protection from unauthorized access.

EnvShare does not provide legal, compliance, security-audit, credential-rotation, incident-response, or professional advice. You are responsible for deciding whether EnvShare is appropriate for your repositories, teams, credentials, and regulatory environment.

13. Liability limits

To the maximum extent permitted by law, EnvShare will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost data, lost secrets, business interruption, security incidents in systems outside EnvShare, or costs of credential rotation.

To the maximum extent permitted by law, EnvShare's total liability for all claims relating to the service will not exceed the greater of the amount you paid to EnvShare for the service in the 12 months before the claim or USD $100. Some jurisdictions do not allow certain exclusions or limits, so these limits apply only where permitted.

14. Indemnity

You will defend, indemnify, and hold EnvShare harmless from claims, damages, liabilities, losses, and expenses, including reasonable legal fees, arising from your misuse of EnvShare, unauthorized handling of secrets, violation of these Terms, violation of law, or infringement of another person's rights.

15. Governing law and disputes

Where permitted by law, these Terms are governed by the laws of Victoria, Australia, without regard to conflict-of-law rules. Courts located in Victoria, Australia will have non-exclusive jurisdiction over disputes relating to these Terms or EnvShare. Mandatory consumer protections and privacy rights that apply in your location are not limited by this section.

16. Changes and contact

We may update these Terms by posting a revised version with a new effective date. Continued use of EnvShare after the revised Terms take effect means you accept the updated Terms. If a change materially reduces your rights or materially increases your obligations, we will use reasonable product or email channels to provide notice when practical.

Questions about these Terms can be sent to contact@netwitx.co.