Last updated: May 28, 2026
This Risk Disclosure Statement ("Statement") is provided by Sms Password Bv, a Besloten Vennootschap registered in the Netherlands under company number 62832123, with its registered office at Fellinilaan 131, Almere Stad, 1325TV, The Netherlands ("MagicPassword," "we," "us," or "our"), in accordance with our transparency obligations and best practices for digital service providers operating in the European Union.
The purpose of this Statement is to inform you, the user, of the risks associated with the use of the MagicPassword.io platform and related services (the "Services"). By using the Services, you acknowledge that you have read, understood, and accepted the risks described in this Statement. If you do not understand or do not wish to accept these risks, you must discontinue use of the Services immediately.
This Statement does not purport to disclose all possible risks associated with the use of the Services. The risks described below are not exhaustive, and additional risks, whether foreseen or unforeseen, may arise in the future. You are encouraged to conduct your own due diligence and to seek independent professional advice where appropriate.
MagicPassword is a software-as-a-service (SaaS) platform that provides password generation, secret management, access control, and related security tools. We do not provide financial services, investment advice, payment processing, insurance, or any other regulated financial products. The Services are intended for information security and operational efficiency purposes only.
While we employ industry-standard security measures, including encryption, access controls, and audit logging, no system can be guaranteed to be completely secure. The security of your data depends not only on our measures but also on your own security practices, the security of your devices and networks, and the behavior of third parties with whom you interact.
Cyberattacks and Data Breaches. Despite our commitment to security, the Services, like all internet-connected systems, are subject to the risk of cyberattacks, including but not limited to: denial-of-service (DoS) attacks; distributed denial-of-service (DDoS) attacks; ransomware attacks; phishing and social engineering; man-in-the-middle (MitM) attacks; SQL injection and other web application attacks; zero-day exploits; and insider threats. A successful attack could result in the unauthorized access, disclosure, alteration, or destruction of your data, including your passwords, secrets, and other sensitive information.
Encryption Limitations. We encrypt data in transit using TLS 1.3 and data at rest using AES-256. However, encryption is not infallible. Advances in computing, including the development of quantum computing, could potentially render current encryption standards obsolete or vulnerable. While we monitor developments in cryptography and plan to update our encryption practices accordingly, we cannot guarantee that data encrypted today will remain secure indefinitely.
Compromise of User Credentials. The security of your account depends in part on the strength and confidentiality of your own credentials. If your master password, API keys, or other authentication factors are compromised, an attacker may gain access to your stored secrets. We strongly encourage the use of strong, unique passwords, multi-factor authentication (MFA), and secure devices. We are not liable for losses arising from your failure to maintain the security of your own credentials.
Third-Party Integrations. The Services may integrate with third-party platforms, APIs, and services. The security of these integrations depends on the security practices of the third parties involved. A security breach at a third-party provider could expose your data or compromise the integrity of the Services. We carefully vet our integration partners, but we cannot guarantee their security.
Service Interruptions. We strive to provide reliable and continuous access to the Services. However, unforeseen circumstances, including hardware failures, software bugs, network outages, power failures, natural disasters, and human error, may result in temporary or prolonged service interruptions. During an interruption, you may be unable to access your secrets or use critical features of the Services.
Data Loss. While we maintain redundant backups and disaster recovery procedures, we cannot guarantee that your data will never be lost or corrupted. Data loss may occur due to technical failures, software errors, cyberattacks, or other unforeseen events. You are responsible for maintaining independent backups of critical data where appropriate.
Software Bugs and Errors. The Services are complex software systems that may contain bugs, errors, or vulnerabilities. Despite our testing and quality assurance processes, we cannot guarantee that the Services will be free of defects. A software bug could result in incorrect password generation, data corruption, unauthorized access, or other unintended behavior.
Compatibility and Integration Risks. The Services are designed to work with a wide range of browsers, operating systems, and devices. However, compatibility issues may arise with certain configurations, older software versions, or uncommon platforms. Integration with third-party services may also be affected by changes to those services' APIs or policies.
Changes in Law. The legal and regulatory environment for data protection, cybersecurity, and digital services is constantly evolving. New laws, regulations, court decisions, or administrative guidance could affect the operation of the Services, our ability to provide certain features, or your rights and obligations as a user. For example, changes to the General Data Protection Regulation (GDPR), the Network and Information Security Directive (NIS2), or national cybersecurity laws could require us to modify our practices or discontinue certain services.
Cross-Border Data Transfers. If you access the Services from outside the European Economic Area (EEA), your data may be transferred across international borders. While we implement appropriate safeguards for such transfers, including Standard Contractual Clauses and encryption, changes in international data transfer law (such as the Schrems II judgment and subsequent guidance) could create uncertainty or additional restrictions.
Jurisdictional Enforcement. As a Netherlands-based company, we are subject to the jurisdiction of Dutch and EU courts and regulators. Enforcement actions by data protection authorities, competition authorities, or other regulators could result in fines, operational restrictions, or changes to our services that affect your use of the platform.
Company Viability. Sms Password Bv is a privately held company. Like all businesses, we are subject to market risks, competitive pressures, and financial uncertainties. In the unlikely event of insolvency, liquidation, or cessation of operations, your access to the Services and your data may be affected. We maintain business continuity and disaster recovery plans, but we cannot guarantee uninterrupted service in all circumstances.
Changes to Service Offerings. We may modify, suspend, or discontinue any aspect of the Services at any time, including features, subscription plans, pricing, and supported platforms. While we will endeavor to provide reasonable notice of material changes, we reserve the right to make changes without notice. Such changes could affect the value or utility of the Services to you.
Reputational Risk. A security incident, service outage, or other adverse event affecting MagicPassword could damage our reputation and lead to a loss of user trust. While we take proactive measures to prevent such events, we cannot eliminate all risk.
Incorrect Use of Services. The effectiveness of the Services depends on correct and informed use. If you use weak passwords, disable security features, share credentials inappropriately, or misconfigure access policies, the security benefits of the Services may be compromised. You are responsible for using the Services in accordance with best practices and our documentation.
Dependency on the Services. Relying exclusively on any single service provider for critical security functions creates a concentration of risk. We encourage you to maintain contingency plans, including offline backups and alternative access methods, in case the Services become unavailable.
No Insurance or Guarantee. The Services are not insured, and we do not provide any guarantee or warranty regarding the security, availability, or performance of the Services beyond what is expressly stated in our Terms of Service. You assume the full risk of any loss, damage, or liability arising from your use of the Services.
While we cannot eliminate all risks, we are committed to continuous improvement in our security posture, operational resilience, and transparency. We recommend that users take the following steps to mitigate their own risk exposure: enable multi-factor authentication (MFA) on all accounts; use strong, unique passwords generated by our password generator or another trusted source; regularly review and rotate stored secrets and API keys; monitor audit logs for suspicious activity; maintain offline backups of critical credentials and data; keep your devices, browsers, and operating systems up to date; and exercise caution when clicking links or downloading attachments, even if they appear to come from MagicPassword.
We will review and update this Risk Disclosure Statement periodically to reflect changes in our services, the threat landscape, and applicable legal requirements. We encourage you to review this Statement regularly. The date of the most recent update is indicated at the top of the page.
If you have any questions about this Risk Disclosure Statement, please contact us at:
Sms Password Bv
Fellinilaan 131
Almere Stad, 1325TV
The Netherlands
Email: hi@magicpassword.io
Company number: 62832123
Universal Entity Code: 3120-5433-6433-0895