Terms of Service

By accessing or using the Vaulthaus web application (the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

Vaulthaus is a zero-knowledge password manager that runs entirely in your browser. It stores encrypted credentials locally in your browser's IndexedDB and optionally syncs an encrypted backup to your own Google Drive via OAuth. The Service does not include any server-side component operated by us; we do not have access to your data.

Vaulthaus does not require account registration. Your master password is the sole key to your encrypted vault and is known only to you. If you lose your master password, your vault cannot be recovered by anyone, including us. We strongly recommend keeping a secure offline copy of your master password and exporting periodic backups.

You agree not to:

• Use the Service for any unlawful purpose or in violation of any applicable law.
• Attempt to compromise, reverse-engineer for malicious purposes, disrupt, or circumvent the security mechanisms of the Service.
• Use the Service to store, transmit, or facilitate the distribution of malware, illegal content, or material that violates third-party rights.
• Misrepresent your identity or impersonate any person or entity in connection with your use of the Service or any sharing features.
• Use the Service to manage credentials you are not authorized to possess.

You retain all rights to the credentials, notes, and other data ("Your Content") that you store in Vaulthaus. Because Your Content remains encrypted on your device and is never transmitted to us, we claim no rights to it and have no ability to access it.

You are solely responsible for the legality and accuracy of Your Content and for ensuring you have the right to store and use the credentials it contains.

The Service integrates optional third-party services (Have I Been Pwned, Google Drive via OAuth, Google Identity Services, DuckDuckGo Favicons, Google Fonts). Your use of those services is governed by their respective terms and privacy policies. We are not responsible for the availability, accuracy, or behavior of third-party services.

The service is provided "as is" and "as available", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, non-infringement, or that the service will be uninterrupted, secure, or error-free.

While Vaulthaus uses well-established cryptographic primitives, no software is immune to bugs, vulnerabilities, or compromise of the device on which it runs. You assume all responsibility for evaluating whether the Service meets your security requirements.

To the maximum extent permitted by applicable law, in no event shall the maintainers or contributors of Vaulthaus be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of data, use, goodwill, or other intangible losses, arising out of or in connection with your use of, or inability to use, the service.

You agree to indemnify and hold harmless the maintainers and contributors of Vaulthaus from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorney's fees) arising out of or in any way connected with your access to or use of the Service, your violation of these Terms, or your violation of any third-party rights.

We may modify or discontinue the Service, in whole or in part, at any time. We may also revise these Terms from time to time; the "Effective" date at the top of this page reflects the most recent version. Continued use of the Service after changes constitutes acceptance of the revised Terms.

You may stop using the Service at any time by clearing your browser's site data for the Vaulthaus origin and revoking any third-party OAuth grants. We may suspend or terminate access to any deployment of the Service at our discretion, with or without notice.

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which the operator of your Vaulthaus deployment is established, without regard to conflict-of-law provisions.

If any provision of these Terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the remaining Terms remain in full force and effect.

For questions about these Terms, please open an issue on the project's GitHub repository or contact the maintainer of the deployment you are using.