oc·vault
v0 · previewoc · vault
bip-322 · x25519
§ pricing

priced in sats.
paid in lightning. yours forever.

Free forever locally. Cloud sync via vault.ochk.io is one Lightning payment — annual if you want to try it, lifetime if you know. No fiat, no card, no subscription, no account.

local

free forever
self-supplied storage · zero servers
  • unlimited entries
  • local-only storage (IndexedDB)
  • self-supplied sync (your Nostr relay or HTTP blob URL)
  • portable .lock envelope export
  • open SDK forever (@orangecheck/lock-core)
open your vault

vault cloud annual

lightning
21,000 sats
per year · per bitcoin identity
try cloud sync · renew via lightning
  • everything in free
  • cloud sync via vault.ochk.io
  • cross-device unlock with one wallet signature
  • one bitcoin identity · one year
  • renews via lightning · no card on file
pay with lightning
recommended

vault cloud lifetime

lightning
210,000 sats
one-time · per bitcoin identity · forever
cloud sync · zero recurring · zero lock-in
  • everything in annual
  • one bitcoin identity · lifetime · never expires
  • priority email support
  • price locked at 210k sats forever (sat-value compounds with BTC)
pay with lightning

family circle

lightning
50,000 sats
one-time · up to 5 identities · lifetime
shared entries · multi-recipient envelopes
  • multi-recipient shared entries (up to 5 bitcoin identities)
  • every member uses their own wallet — no shared password
  • one circle, one purchase, every member synced
  • add or rotate members anytime
  • requires at least one paid (annual / lifetime) member
add to your vault
§ what 210k sats actually costs
~$210

at $100k/BTC. The sat price never changes; the dollar number falls as BTC rises.

~$600

1Password Family at $60/yr × 10 years. And they hold your ciphertext database — see LastPass 2022.

~$0

the value to OC of being subpoenaed for your vault. We have ciphertext only; we can hand it over and you remain safe.

why lightning only

Card processors require a custodial business relationship we explicitly refuse to have. Lightning gives instant settlement, no chargebacks, no PII, and matches the product's posture: your money is bearer, your secrets are bearer.

why annual and lifetime?

Annual is for "try it." Lifetime is for "I'm staying." Annual renews via Lightning (no card on file, ever); lifetime is paid once and binds to your Bitcoin identity forever — no recurring billing to fail, no way for us to disable it later.

questions worth asking

what counts as a 'bitcoin identity'?
One BIP-322-signing Bitcoin address. The address that signs the payment-binding message is the identity that gets the entitlement. Use a new address ⇒ new entitlement.
what if I lose my wallet?
Then you lose the ability to decrypt your vault. There is no recovery backdoor — that's the design. Add the optional Witnessed Recovery slot when it lands, or keep an offline export of your .lock envelopes alongside your wallet backup.
can OC read my entries?
No. We hold ciphertext only. Even with full database access we cannot decrypt: the vault key never leaves your browser, and entries are sealed under AES-256-GCM with a fresh nonce per entry. Cloud-sync blobs are double-encrypted; OC sees neither names nor types.
what if vault.ochk.io disappears?
Your exports still decrypt. The protocol is open, the SDK is MIT-licensed, the envelope format is documented in oc-lock-protocol. Self-host the relay, or skip the cloud entirely and live on local + manual export.
does family circle require lightning every year?
No. Family Circle is a one-time 50k-sat add-on on top of an active cloud-sync tier. As long as at least one member has an unexpired annual or any lifetime, the circle stays active.
is witnessed recovery available yet?
Coming in v1.8. It will be 21k sats/year for an OC-hosted timelocked recovery shard — sealed to OC's device key with a release rule that requires a BIP-322 wallet-loss declaration plus a 14-day delay. OC sees ciphertext only and cannot release the shard outside the rule.