Terms of Service

1. Service Description

VaultProof ("the Service") is an API key storage and proxy platform operated by Rial Labs. We split your API keys using Shamir Secret Sharing, encrypt the resulting shares with AES-256-GCM, and reassemble them only for the milliseconds required to execute a proxied API call. Zero-knowledge proofs (Noir) allow you to verify that your key is stored correctly without ever revealing it. Your raw API key is never stored whole on any server.

2. Account Terms

To use VaultProof you must create an account with a valid email address and password. You must be at least 18 years of age. You are responsible for maintaining the confidentiality of your credentials and for all activity that occurs under your account. You agree to notify us immediately of any unauthorized access.

3. Acceptable Use

You agree not to use VaultProof for any illegal activity, to abuse or overload the proxy infrastructure, to attempt to extract other users' data, or to circumvent rate limits or security controls. We reserve the right to suspend or terminate accounts that violate these terms.

4. API Key Responsibility

You own your API keys. VaultProof never sees, stores, or logs your full plaintext API keys. Keys are split client-side using Shamir Secret Sharing before being transmitted to our servers. You are solely responsible for creating, rotating, and revoking your keys with the underlying API providers (e.g., OpenAI, Anthropic, Google).

5. Service Availability

VaultProof is provided on a best-effort basis. We aim for high availability but do not guarantee any specific uptime or SLA unless covered by a separately negotiated agreement. Scheduled maintenance windows will be communicated in advance when possible.

6. Data Handling

We store encrypted Shamir shares of your API keys, never plaintext keys. Shares are encrypted with AES-256-GCM and stored in our database. For full details on what data we collect and how we handle it, please see our Privacy Policy.

7. Payment Terms

Paid plans are billed through Stripe on a monthly or annual cycle. Each plan includes specific limits on the number of stored keys and proxy calls per month. If you exceed your plan's limits, additional usage may be throttled or billed as overage according to your plan's terms. All fees are non-refundable except as required by law.

8. Termination

Either party may terminate this agreement at any time. You may delete your account from the Dashboard. We may terminate or suspend your access if you violate these terms. Upon termination, all your data (encrypted shares, account information, usage logs) will be permanently deleted upon request via cascading delete.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, VAULTPROOF AND RIAL LABS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, OR GOODWILL, ARISING FROM YOUR USE OF THE SERVICE. OUR TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE TWELVE MONTHS PRECEDING THE CLAIM.

10. Modifications

We may update these Terms of Service from time to time. When we make material changes, we will notify you via email or a prominent notice on the Service. Your continued use of VaultProof after changes take effect constitutes acceptance of the revised terms.

11. Prohibited Uses

The following uses of VaultProof are strictly prohibited:

• You may only store API keys that you own or are authorized to use
• Using VaultProof to obscure the origin of stolen, leaked, or unauthorized API keys is prohibited
• Creating multiple accounts to circumvent rate limits or tier restrictions is prohibited
• Using the proxy to conduct denial-of-service attacks against any service is prohibited
• VaultProof reserves the right to cooperate with API providers to investigate and revoke stolen keys
• Violation of any of the above results in immediate account termination without refund

12. Contact

If you have questions about these terms, contact us at hello@vaultproof.dev.