SanctiKey

Legal

Business Continuity and Keyout Policy

SanctiKey, LLC · Last Updated: July 4, 2026 · Effective Date: May 24, 2026

1. Purpose

This Business Continuity and Keyout Policy ("Policy") describes SanctiKey's commitments to operational continuity and documents the Keyout right available to customers. It applies to all SanctiKey accounts.

SanctiKey provisions every customer into a dedicated, single-tenant AWS account, with cryptographic key material generated and held as non-extractable material in AWS KMS within that account. Customers hold the right to take full ownership of that account, and every key in it, at any time via the Keyout. This architecture is the foundation of SanctiKey's continuity guarantee: your keys are yours regardless of what happens to SanctiKey.

2. Business Continuity Architecture

2.1 Sovereign Key Custody

Each customer's cryptographic key material is generated and held as non-extractable material in AWS KMS within a dedicated, single-tenant AWS account provisioned for that customer. No one, including SanctiKey, can extract or export the raw key bytes. During normal operation, SanctiKey operates these keys to perform the operations the customer requests via the Service's API; customers do not hold direct AWS credentials, which keeps the account's attack surface minimal.

Independence is guaranteed by the Keyout right (Section 3). When Customer exercises the buyout, Customer designates an IAM role in Customer's own, separate AWS account (the "Escrow Access Role"). Before SanctiKey's managed layer is decommissioned, the Escrow Access Role is granted the ability to make direct AWS KMS API calls against Customer's keys, so cryptographic access is uninterrupted from initiation through final account transfer.

This means that even in a scenario where SanctiKey's managed service layer becomes unavailable, customers retain:

  • Full ownership of their cryptographic key material, isolated in their dedicated account
  • The ability to make direct AWS KMS API calls using the Escrow Access Role designated at buyout initiation
  • Access to their encrypted data, subject to their own key management practices

SanctiKey's managed service layer provides abstraction, compliance tooling, and operational simplicity on top of this key material, but the key material itself is never dependent on SanctiKey's continued operation.

2.2 Infrastructure Availability

SanctiKey's Service is hosted on AWS infrastructure across multiple Availability Zones, providing resilience against single-zone failures. Availability commitments are governed by the Service Level Agreement.

2.3 Data Portability

Customers may export their account metadata, key configuration data, and audit logs at any time using SanctiKey's standard API endpoints as documented at docs.sanctikey.com. SanctiKey recommends that customers periodically export configuration data as part of their own business continuity practices.

3. Keyout Right

3.1 Purpose

The Keyout right grants customers the ability to acquire operational ownership of their SanctiKey tenant AWS account and associated infrastructure. This right exists to ensure that no customer's cryptographic keys are ever hostage to its vendor, including SanctiKey: a customer may take independent ownership of its account at any time, for any reason.

3.2 Triggering Events

The Keyout right is available to Customer at any time during the active Subscription Term and may be exercised by Customer for any reason. It is customer-initiated; SanctiKey does not initiate it. Exercise is not contingent on SanctiKey ceasing or intending to cease operations, although the right also remains available during any shutdown notice period described in Section 4.

3.3 Exit Fee Structure

Execution of the Keyout requires payment of an exit fee. The fee is a published formula, not a negotiated amount:

Buyout fee = the greater of (a) USD $1,000, or (b) 24 x the Customer's trailing twelve-month average monthly bill.

For an account active fewer than twelve months, the trailing average is computed over the full account lifetime. Because the fee is derived from historical billing rather than account state at the time of exercise, it is not reduced by lowering usage or deleting keys immediately before exercising the right.

Examples:

  • Steady $49/mo average (1 key): max($1,000, 24 x $49 = $1,176) = $1,176
  • $157/mo average (10 keys): max($1,000, 24 x $157) = $3,768
  • $637/mo average (50 keys): max($1,000, 24 x $637) = $15,288

Exit fees are non-negotiable and must be paid in full via Stripe before Phase 1 of the buyout process initiates. SanctiKey's orchestration systems are designed to verify confirmed Stripe payment before executing any buyout phase.

3.4 Buyout Process

At initiation, Customer designates the Escrow Access Role (Section 2.1): an IAM role in an AWS account owned by Customer, which must be a different AWS account than Customer's SanctiKey tenant account. The Keyout then proceeds in three phases following confirmed payment:

Phase 1: Compute Demolition (Day 1)

SanctiKey's managed compute layer (Lambda functions, API Gateway configurations, and IAM orchestration) is decommissioned from Customer's tenant environment. Customer's AWS KMS keys and key material remain fully intact and operational throughout this phase.

Following Phase 1, Customer retains uninterrupted cryptographic access via direct AWS KMS API calls using the Escrow Access Role. The Escrow Access Role is granted use of Customer's KMS keys before compute demolition begins, so there is no gap in cryptographic access. SanctiKey's managed service layer is no longer present, but Customer's keys and encrypted data remain fully accessible and operational.

Phase 2: Transition Quarantine (Days 2 through 90)

During this 90-day period, Customer's AWS account remains within SanctiKey's AWS Organization. This period allows AWS CloudTrail management event history, which contains SanctiKey's proprietary infrastructure deployment parameters, Lambda environment configurations, and IAM choreography, to age out completely before account transfer.

This phase is non-disruptive to Customer. Customer retains full access to key material and encrypted data via direct KMS calls throughout. The quarantine period is a SanctiKey IP protection measure that operates invisibly in the background.

Phase 3: Account Ejection (Day 91)

On Day 91, Customer's AWS account is formally ejected from SanctiKey's AWS Organization and transferred to Customer's independent ownership. At this point, Customer takes full, independent operational ownership of the account, all infrastructure remaining within it, and all associated AWS resources.

Following ejection, SanctiKey has no further access to, responsibility for, or involvement with the transferred account.

3.5 What the Buyout Transfers

Upon completion of Phase 3, Customer receives:

  • Full ownership of the AWS account containing their tenant environment
  • All AWS KMS keys and key material within the account
  • All DynamoDB data tables and stored encrypted data within the account
  • All CloudWatch logs and audit trails within the account
  • All remaining AWS resources within the account

3.6 What the Buyout Does Not Transfer

The following are explicitly excluded from the Keyout:

  • SanctiKey’s proprietary Lambda function source code and binary packages
  • SanctiKey’s proprietary API Gateway configurations and deployment templates
  • SanctiKey’s proprietary IaC blueprints and CloudFormation templates
  • SanctiKey’s trademarks, brand assets, and documentation
  • Any SanctiKey intellectual property; these items are decommissioned and removed during Phase 1

Customer receives the AWS infrastructure and their data. Customer does not receive SanctiKey's software.

3.7 Customer Responsibilities During Buyout

Customer is responsible for:

  • Maintaining current payment information to facilitate exit fee collection
  • Engaging AWS support or an AWS partner to assume ownership of the transferred account if needed
  • Migrating any production integrations off SanctiKey’s API endpoints before or during Phase 2
  • Managing the transferred AWS account independently following Phase 3 ejection

4. Shutdown Notice

In the event SanctiKey elects to permanently cease operations, SanctiKey will:

  • Provide affected customers with at least 30 days’ written notice by email
  • Make the Keyout process available to all customers during the notice period
  • Continue providing the Service at full operational capacity throughout the notice period
  • Provide reasonable technical assistance to customers transitioning off the Service

5. Incapacitation of Sole Operator

SanctiKey is currently operated by a sole founder. In the event the sole operator becomes incapacitated or deceased and is unable to execute the Keyout process:

  • Customer key material remains intact, operational, and isolated in Customer’s dedicated AWS account; key custody does not depend on SanctiKey operator availability. Customers with an executed buyout in progress retain direct KMS access via the Escrow Access Role
  • The designated successor administrator will be identified in SanctiKey’s Operating Agreement and will have authority to execute buyout processes on behalf of SanctiKey’s estate
  • Customers experiencing service disruption due to operator incapacitation should contact legal@sanctikey.com

6. Amendments

SanctiKey may update this Policy at any time. Material changes will be communicated by email and by updating the "Last Updated" date. Changes to the Keyout fee structure will be communicated at least 30 days in advance and will not apply retroactively to customers who have already initiated a buyout.

7. Contact

SanctiKey, LLC
Legal: legal@sanctikey.com
Support: support@sanctikey.com

This Business Continuity and Keyout Policy is effective as of the date listed above and supersedes all prior versions.