Terms of Service

Terms for using VaultProof.

These Terms explain how you may use VaultProof's website, hosted init, dashboard, scanner, API key protection, and provider routing services.

Effective date
  1. 1Last updated June 4, 2026.
  2. 2Use only keys and accounts you are authorized to use.
  3. 3Rotate leaked provider keys at the provider.
  4. 4Contact [email protected] with questions.

1. Agreement

By using VaultProof, you agree to these Terms.

These Terms of Service are an agreement between you and VaultProof Inc. They apply when you access or use VaultProof's website, hosted init installer, downloads, scanner, dashboard, API, provider routing, and related services.

If you use VaultProof for a company or other organization, you represent that you have authority to bind that organization to these Terms. You must be at least 18 years old, or the age of majority where you live, to use the Service.

2. Service

VaultProof helps reduce raw provider-key exposure.

VaultProof is an API key protection and routing service. It helps users move provider keys out of source code, hosted environment files, CI logs, and AI coding context by using VaultProof-managed values and provider-compatible routes.

Hosted init

The init tool can detect supported provider keys, protect them, and write VaultProof values and base URLs into your app environment.

Dashboard

The app provides key management, activity, alerts, usage, settings, and billing-related workflows.

Provider routing

VaultProof routes supported provider calls through compatible endpoints and authenticates upstream on your behalf.

Security boundary VaultProof does not eliminate every key risk. During a provider request, VaultProof must use the credential required to authenticate upstream. You remain responsible for provider-side permissions, rotation, billing controls, and application security.

3. Accounts

You are responsible for your account and configuration.

You must provide accurate account information and keep your login credentials secure. You are responsible for all activity under your account, including activity by users, teammates, applications, agents, CI jobs, or workloads that use your VaultProof values.

  • Use strong authentication and protect access to your email and dashboard account.
  • Only add provider keys that you own or are authorized to use.
  • Remove raw provider keys from old environments, logs, repos, and hosting settings after setup.
  • Notify us promptly if you believe your account or VaultProof values were accessed without authorization.

4. Customer Data

You keep ownership of your data and provider accounts.

"Customer Data" means information you submit to VaultProof, including account information, configuration, provider key material, VaultProof-generated values, activity records, and metadata related to your use of the Service.

You grant VaultProof a limited right to process Customer Data only as needed to provide, secure, operate, troubleshoot, and improve the Service; comply with law; and enforce these Terms. We handle personal data as described in the Privacy Policy.

Provider keys You are responsible for creating, scoping, rotating, revoking, and monitoring provider keys with the underlying providers such as OpenAI, Anthropic, Stripe, Google, and similar services.

5. Acceptable Use

Do not abuse VaultProof or other services through VaultProof.

You may not use VaultProof for illegal, harmful, abusive, or unauthorized activity.

  • Do not store or route keys you stole, found, scraped, bought without authorization, or are not allowed to use.
  • Do not use VaultProof to hide the origin of compromised provider keys or fraudulent provider usage.
  • Do not attack, overload, scan, scrape, reverse engineer, or bypass rate limits or security controls.
  • Do not use the proxy to conduct denial-of-service activity, credential stuffing, spam, malware distribution, fraud, or unlawful surveillance.
  • Do not create multiple accounts or projects to avoid plan limits, abuse controls, or enforcement.

We may suspend, limit, or terminate access if we reasonably believe your use violates these Terms, threatens the Service, creates legal risk, or harms VaultProof, users, providers, or third parties.

6. Billing

Paid plans are billed through our payment processor.

Some VaultProof features may require a paid plan. Prices, plan limits, and included usage are shown at purchase or in the dashboard. Paid plans may be billed monthly, annually, or on another stated cycle through a third-party payment processor.

You authorize us and our payment processor to charge applicable fees, taxes, and allowed usage-based charges. Fees are non-refundable except as required by law or expressly stated in a separate written agreement. If payment fails or usage exceeds allowed limits, we may throttle, limit, downgrade, or suspend access.

7. Availability

The Service is provided with practical operational care, not a blanket uptime promise.

We work to keep VaultProof available, secure, and reliable. Unless you have a separate written agreement that includes a specific service level, VaultProof is provided without a guaranteed uptime, response-time, support-time, or recovery-time commitment.

The Service may be unavailable or degraded because of maintenance, provider outages, internet conditions, security events, third-party dependencies, abuse mitigation, or other events beyond our reasonable control.

8. Termination

You can stop using VaultProof, and we can suspend unsafe use.

You may stop using the Service at any time. You may delete or request deletion of account data where supported by the dashboard, support process, or applicable law.

We may suspend or terminate access if you violate these Terms, create risk for the Service or others, fail to pay fees, or use VaultProof in a way that could expose us, providers, or users to harm or liability. After termination, your right to use the Service ends, but sections that by their nature should continue will continue.

10. Contact

Questions about these Terms?

Contact us at [email protected]. For security issues, use [email protected].