Sharing & teams

Org vaults, roles, and seats

Team plan structure — Owner, Member, and Viewer roles, per-seat billing, and opt-in escrow recovery.

Updated 2026-07-11

The Team plan turns TimeLock into a shared vault for an organization.

Roles

  • Owner — manages members, seats, billing, escrow settings, and break-glass approvals.
  • Member — uses org vault items per their grants; can create and share.
  • Viewer — read-only access to what's shared with them.

Seats

Team is billed per user per year. Each invited person occupies a seat; add seats as the team grows.

Escrow recovery (opt-in, disclosed)

By default, TimeLock cannot recover anyone's data — including your employees'. Teams can opt in to escrow recovery, which lets org administrators recover a member's vault access (for example, after an employee departure).

Two things keep this honest:

  • It is opt-in — off unless the org enables it.
  • It is disclosed — every member sees that escrow is enabled on their account, the whole time it's enabled.

Audit

Team accounts get 1-year retention of the append-only audit log: unlocks, grants, denials, shares, and schedule changes, with metadata only — never plaintext.

Ready for a vault that can't be read — even by us?

Start a free trial today. Your master password never leaves your browser, and any secret can be locked to a schedule.