Terms of service

OC Vault stores passwords, one-time-password seeds, API keys, notes, and small files. Every item is encrypted client-side in your browser under a vault key that never leaves your control. When you sync to the cloud, OrangeCheck stores an opaque encrypted blob — OrangeCheck cannot read your vault contents, item names, or item types.

OC Vault is built on the OC Lock protocol. It is not a custodial service for funds and does not take possession of any cryptocurrency.

Your identity is a Bitcoin address you prove control of via BIP-322. No email or password is required. You are responsible for the security of the wallet you sign with and of the vault key that encrypts your data.

OC Vault offers a free tier and paid tiers purchased with Bitcoin over the Lightning Network. OrangeCheck receives payment and never sends funds to users; OC Vault holds no custodial balance for you. Cloud sync is granted by the vault Cloud Annual (21,000 sats / year) and vault Cloud Lifetime (210,000 sats one-time) tiers. All paid tiers are subject to the service limits below.

Every tier — including the one-time Lifetime tier — is subject to the following service limits. They are deliberately set well above the needs of a personal password vault but bound the storage and bandwidth a single account may consume on the shared infrastructure. The limits are enforced in code; exceeding them returns an HTTP 507 (storage) or 429 (rate) response.

storage

• entries per personal vaultup to 5,000 entries (envelope ids). A brand-new entry counts against this ceiling; replacing an existing entry does not.
• entries per team vaultup to 5,000 entries, shared across team members.
• per-entry sizeeach entry's ciphertext is capped at 1.25 MB (≈ 1 MB of plaintext payload — sufficient for any password, TOTP seed, API key, note, or small file).
• total ciphertext per personal vaultup to ≈ 1 GiB (1,073,741,824 bytes) of ciphertext per identity. Typical real-world vaults are well under 50 MB.
• total ciphertext per team vaultup to ≈ 2 GiB of ciphertext per team.

bandwidth & request rate

The API is rate-limited per IP address as a fair-use measure. Current ceilings: up to 1,000 blob reads / writes per minute, 120 manifest listings per minute, and 30 escrow-key writes per minute. Exceeding a limit returns HTTP 429; legitimate clients retry with backoff. There is no per-month bandwidth cap; the delta-sync protocol makes a steady-state sync fetch only the change manifest, so day-to-day bandwidth use is negligible.

adjustments

OrangeCheck may adjust these limits with reasonable advance notice — for example, to defend the service against abuse, to keep pace with infrastructure costs, or to lift a ceiling that is constraining legitimate use. We will not lower a limit below a number that would reduce existing data already stored under a paid tier without offering an export and a reasonable migration window.

The one-time Lifetime tier grants cloud sync for the operational life of OC Vault, subject to the service limits above. The portable export feature is always free and works offline with `@orangecheck/vault-core` — even if OC Vault is discontinued, you retain a self-decryptable copy of your data.

You are solely responsible for safeguarding your vault key and any recovery material, for the lawfulness of what you store, and for maintaining your own independent backups of anything critical.

prohibited — illegal

• >>Any unlawful purpose
• >>Violating any applicable laws or regulations
• >>Fraud, money laundering, or financial crimes
• >>Infringing intellectual property rights

prohibited — harmful

• >>Harass, threaten, or harm others
• >>Impersonate any person or entity
• >>Misrepresent your identity or affiliation
• >>Assert control of a Bitcoin address, identity, or handle you do not control

prohibited — technical abuse

• >>Interfere with or disrupt the Service or its servers
• >>Attempt unauthorized access to any account, system, or data
• >>Automated scraping or harvesting without permission
• >>Introduce viruses, malware, or malicious code
• >>Circumvent security features or rate limits

We reserve the right to investigate and act against anyone who violates these prohibitions — including terminating access and reporting to law enforcement.

OrangeCheck's rights

The Service and its content (excluding user-generated content) are protected by copyright, trademark, patent, and other IP laws — including the OrangeCheck name, logos, branding, site design, software, code, algorithms, and documentation.

your license

You receive a limited, non-exclusive, non-transferable, revocable license to access and use the Service subject to these Terms. You may not sell, sublicense, or use the Service to build a competing product.

your content

You retain ownership of content you submit (feedback, support requests, integration material). You grant us a worldwide, non-exclusive, royalty-free license to operate and improve the Service using that content. You are responsible for your content.

open source

OrangeCheck protocol specifications and the @orangecheck/* packages are released under open-source licenses (MIT unless stated otherwise). Those portions are governed by their own license terms; these Terms govern the hosted service.

• payment processingLightning payments are processed via a self-hosted BTCPay Server; we do not guarantee the availability of the Lightning Network
• storage / hostingencrypted blobs are stored with third-party infrastructure providers; they receive ciphertext only

Maintain your own backups of anything critical. The encryption design that prevents OrangeCheck from reading your data also prevents OrangeCheck from recovering it.

excluded damages

This exclusion covers, without limitation: direct, indirect, incidental, special, consequential, exemplary, punitive, reliance, and cover damages; and loss of Bitcoin, sats, cryptocurrency, tokens, assets, funds, private keys, seed phrases, passwords, data, profits, revenue, goodwill, reputation, business opportunity, anticipated savings, or use.

hard cap

If, notwithstanding the above, a court of competent jurisdiction finds OrangeCheck liable to you, our aggregate liability for all claims arising out of or related to the Service or these Terms is capped at the greater of (a) US$100 or (b) the total amount you actually paid OrangeCheck in the twelve (12) months immediately preceding the event giving rise to the claim.

essential purpose · jurisdictional floor

These limitations form an essential basis of the bargain and apply even if a limited remedy fails of its essential purpose. Some jurisdictions do not allow certain exclusions; there, the limitations apply to the maximum extent permitted by law and the remainder of these Terms stays in full force.

You agree to indemnify, defend, and hold harmless OrangeCheck and its affiliates from any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from:

• >>Your use or misuse of the Service
• >>Your violation of these Terms
• >>Your violation of any law or regulation
• >>Your violation of any third-party rights
• >>Content you submit or share
• >>Your negligence or willful misconduct

• >>You must be at least 13 (or the age of digital consent in your jurisdiction)
• >>You must have the legal capacity to enter into a binding contract
• >>You must not be prohibited from using the Service under applicable law
• >>You must comply with all applicable laws and regulations

to the service

We may modify, suspend, or discontinue the Service at any time, with or without notice. We are not liable for any modification, suspension, or discontinuation.

to these terms

• >>We will update the "last updated" date
• >>For material changes, we will provide notice on the website (and by email where we hold one)
• >>Changes become effective when posted
• >>Continued use after changes constitutes acceptance

informal resolution

Before filing a claim, contact us at hello@ochk.io to attempt to resolve the dispute informally.

arbitration · class-action waiver · jury waiver

• >>Administered by the American Arbitration Association under its then-current Commercial or Consumer Arbitration Rules (whichever applies)
• >>Seat of arbitration: Wilmington, Delaware, United States — or, at either party’s election, conducted remotely by video
• >>Single neutral arbitrator; decision final and binding, enforceable in any court of competent jurisdiction
• >>The arbitrator — not any court — decides threshold questions of arbitrability, including the validity and scope of this clause

exceptions to arbitration

• >>Small-claims court actions (if eligible and filed individually)
• >>Injunctive or equitable relief to protect intellectual property or confidential information
• >>Any claim that cannot lawfully be arbitrated under applicable law

one-year limit to bring claims

To the fullest extent permitted by law, any claim arising out of or relating to the Service or these Terms must be commenced within one (1) year after it accrues, or it is permanently barred.

opt-out of arbitration

You may opt out by sending written notice to hello@ochk.io within 30 days of first using the Service, including your name, the date you first used the Service, and a clear statement that you wish to opt out. Opting out does not affect the class-action or jury-trial waivers.

governing law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict-of-law principles, and, where applicable, the U.S. Federal Arbitration Act (9 U.S.C. §§ 1–16). For users in the EEA, UK, or Switzerland, mandatory consumer-protection laws of your country of residence may apply and nothing here overrides those rights.

entity of record

• entire agreementthese terms + the privacy policy are the entire agreement and supersede any prior agreement on the same subject
• severabilityif a provision is invalid or unenforceable it is severed and the remainder stays in full force
• waiverfailure to enforce a provision is not a waiver of the right to enforce it later
• assignmentyou may not assign these terms without our consent; we may assign freely in a merger, acquisition, or sale of assets
• no agencynothing here creates a partnership, joint venture, employment, agency, or fiduciary relationship
• force majeurewe are not liable for delays or failures caused by events beyond our reasonable control — including network failures, Nostr relay outages, Bitcoin network conditions, government action, or natural disaster
• noticesto you via email, the Service, or the website; to us at hello@ochk.io
• electronic acceptanceyour use of the Service is electronic acceptance of these terms under applicable e-signature laws

sanctions, export controls, and prohibited jurisdictions

You represent and warrant that you are not, and are not acting on behalf of, any person or entity that is:

• >>Located in, organized under the laws of, or ordinarily resident in any country or territory subject to comprehensive U.S., U.N., E.U., or U.K. sanctions
• >>Identified on the U.S. Treasury OFAC Specially Designated Nationals list, Consolidated Sanctions List, or any other U.S. government restricted-party list
• >>Identified on any U.K. HMT, E.U., U.N., or other applicable consolidated sanctions list
• >>Otherwise subject to a sanctions, export-control, or anti-terrorism restriction that would prohibit your use of the Service

You agree to comply with all applicable export-control laws, including the U.S. Export Administration Regulations. A breach of this section is a material breach of these Terms.