Terms of Service

Last updated: February 20, 2026

Welcome to Fortilis. By using our service, you agree to these Terms of Service. Please read them carefully before using the application.

1. Acceptance of Terms

By accessing or using Fortilis ("the Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

GDK Digital LLC ("we," "us," or "our") reserves the right to modify these Terms at any time. We will notify you of material changes by posting the updated Terms on our website. Your continued use of the Service after such changes constitutes acceptance of the new Terms.

2. Description of Service

Fortilis is a cross-platform desktop application and ecosystem for managing sensitive information with zero-knowledge encryption. The Service includes:

2.1 Core Application

  • Password Manager with TOTP two-factor authentication, breach detection, and vault health scoring
  • Credit Card Storage with visual card preview, Luhn validation, and expiration alerts
  • Identity Documents storage for passports, driver's licenses, national IDs, visas, SSN, and birth certificates
  • Secure Notes with Markdown, plaintext, and code editing with syntax highlighting
  • Encrypted File Storage with thumbnails and secure document viewing
  • Secrets Management for API keys, environment variables, JSON configs, SSL certificates, SSH keys, and database credentials
  • External Sharing with zero-knowledge encrypted links, DRM controls, and watermarking
  • Vault Health Dashboard with aggregate security scoring and breach detection
  • Encrypted Backup & Recovery with manual and automatic scheduled backups
  • Team Collaboration with role-based access control (Owner, Admin, Member, ReadOnly)
  • Project Management with workspace dashboards and automatic project detection

2.2 Browser Extension

  • Available for Chrome, Firefox, and Edge
  • Standalone, Native, and Cloud operating modes
  • Password autofill, credential capture, and password generation
  • Multi-vault support with portable .fortilis vault files

2.3 Developer Tools

  • CLI Tool (fort) for secret injection, export, and scanning
  • MCP Server for integration with AI coding assistants (Claude Code, Cursor, VS Code Copilot)
  • Agent Bridge HTTP API for IDE plugins
  • VS Code Extension for autocomplete and secret detection

2.4 Platform Features

  • Local-first, zero-knowledge encryption (AES-256-GCM)
  • Bring Your Own Database (BYOD) synchronization
  • Multi-platform support (Windows, macOS, Linux)
  • Schema storage with version control and drift detection
  • Dynamic secrets with TTL and rotation policies

3. Account Registration

To use certain features of the Service, you must create an account. You agree to:

  • Provide accurate, current, and complete information
  • Maintain and update your information as needed
  • Keep your password secure and confidential
  • Notify us immediately of any unauthorized access
  • Accept responsibility for all activities under your account

4. Subscription & Payment

4.1 Subscription Plans

We offer the following subscription options:

  • Beta Access: Free during the beta testing period
  • Yearly Subscription: Annual recurring payment
  • Lifetime License: One-time payment for perpetual access

4.2 Payment Terms

  • All payments are processed securely through Stripe
  • Yearly subscriptions automatically renew unless cancelled
  • You may cancel your subscription at any time
  • Prices are subject to change with 30 days notice

4.3 Refunds

We offer a 30-day money-back guarantee for new subscriptions. If you are not satisfied with the Service, contact us within 30 days of your initial purchase for a full refund. Refunds are not available after the 30-day period or for subscription renewals.

5. License & Usage

5.1 Proprietary License

Fortilis is proprietary software owned by GDK Digital LLC. Subject to these Terms and your active subscription, we grant you a limited, non-exclusive, non-transferable, revocable license to use the Service for your personal or business purposes. This is not an open-source license. Access to source code (if provided) does not grant open-source rights.

5.2 Device & Session Limits

  • You may install Fortilis on multiple devices
  • You may only be logged in on one device at a time
  • Logging in on a new device will end sessions on other devices

5.3 Prohibited Uses

You agree NOT to:

  • Share, sell, or transfer your account to others
  • Reverse engineer, decompile, or disassemble the software
  • Copy, modify, or create derivative works of the software
  • Redistribute, sublicense, or resell the software
  • Use the Service for any illegal purpose
  • Attempt to circumvent security measures or access controls
  • Interfere with or disrupt the Service or servers
  • Use the Service to store, transmit, or distribute malware
  • Use the Service to build a competing product or service

6. Your Data & Responsibilities

6.1 Bring Your Own Database (BYOD)

Fortilis uses a BYOD model for data synchronization. This means:

  • You provide and manage your own database for sync
  • You are responsible for your database credentials and security
  • You are responsible for backing up your data
  • We do not have access to your sync database

6.2 Data Loss Disclaimer

Important: You are solely responsible for maintaining backups of your data. Because we cannot access your encrypted secrets or your sync database, we cannot recover lost data. GDK Digital is not liable for any data loss.

6.3 Vault Password

Your vault password encrypts all your secrets. We do not store or have access to this password. If you forget your vault password, your encrypted data cannot be recovered unless you have a recovery key. Keep your vault password and recovery key secure.

7. Intellectual Property

The Service, including all software, designs, text, graphics, and other content, is owned by GDK Digital LLC and protected by intellectual property laws. You may not:

  • Copy, modify, or create derivative works
  • Use our trademarks without permission
  • Remove or alter any proprietary notices

7.1 External Services & Third-Party APIs

Fortilis connects to the following external services as part of normal operation:

Have I Been Pwned (Breach Detection)

When you use the breach detection feature, Fortilis sends only the first 5 characters of the SHA-1 hash of your password to the Have I Been Pwned API (k-anonymity protocol). Your full password never leaves your device. This service is operated by Troy Hunt and subject to the HIBP license terms.

Auto-Updater

Fortilis periodically contacts gdkdigital.com to check for updates. This request includes your current app version, operating system, and CPU architecture. No personal data or vault contents are transmitted.

FTC Integration (Optional)

If you enable the FTC (Fortilis Team Communications) integration, Fortilis sends event metadata (e.g., credential expiry alerts, schema drift notifications) to gdkdigital.com/tdc. No secret values or vault contents are transmitted. This feature is opt-in.

User-Configured SMTP (Team Invitations)

Team invitation emails are sent via your own SMTP server configuration. The inviter's name and team name are included in the email. You are responsible for the security and privacy of your SMTP configuration.

External Share Viewer

When you create an external share, the encrypted content and metadata (creator, expiration, view limits) are stored on GDK servers. The encryption key is placed in the URL fragment and never transmitted to GDK servers. Decryption occurs entirely in the recipient's browser.

7.2 Browser Extension

The Fortilis browser extension operates in three modes, each with different data handling:

Standalone Mode

All data is stored locally in the browser's IndexedDB. No data is sent to GDK servers or any external service.

Native Mode

Communicates with the Fortilis desktop app via localhost native messaging only. No data is sent to external servers.

Cloud Mode

Syncs encrypted data to a backend you configure (BYOD model). You control where your data is stored. All data is encrypted before transmission.

In all modes, the browser extension does not send telemetry, analytics, or usage data to GDK servers.

8. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

  • MERCHANTABILITY
  • FITNESS FOR A PARTICULAR PURPOSE
  • NON-INFRINGEMENT
  • ACCURACY OR COMPLETENESS

We do not warrant that the Service will be uninterrupted, error-free, or secure. You use the Service at your own risk.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, GDK DIGITAL SHALL NOT BE LIABLE FOR:

  • Any indirect, incidental, special, consequential, or punitive damages
  • Loss of profits, data, use, or goodwill
  • Service interruption or data loss
  • Security breaches of your sync database
  • Any damages resulting from forgotten passwords

Our total liability shall not exceed the amount you paid for the Service in the 12 months preceding the claim.

10. Indemnification

You agree to indemnify and hold harmless GDK Digital LLC, its officers, directors, employees, and agents from any claims, damages, losses, or expenses (including legal fees) arising from your use of the Service, violation of these Terms, or infringement of any third-party rights.

11. Termination

We may terminate or suspend your account at any time for:

  • Violation of these Terms
  • Non-payment of fees
  • Fraudulent or illegal activity
  • At our discretion with reasonable notice

Upon termination, your right to use the Service ceases immediately. You remain responsible for all fees incurred before termination.

12. Governing Law & Disputes

These Terms are governed by the laws of the State of Michigan, United States, without regard to conflict of law principles.

Any disputes arising from these Terms or the Service shall be resolved in the state or federal courts located in Michigan. You consent to the exclusive jurisdiction of these courts.

13. General Provisions

  • Entire Agreement: These Terms constitute the entire agreement between you and GDK Digital LLC.
  • Severability: If any provision is found invalid, the remaining provisions remain in effect.
  • Waiver: Failure to enforce any provision does not constitute a waiver.
  • Assignment: You may not assign your rights without our consent.

14. Contact Us

If you have questions about these Terms, please contact us:

GDK Digital LLC

P.O. Box 85, Benton Harbor, MI 49023

Phone: 1-877-435-3424

Email: support@gdkdigital.com