Terms of Service

By installing, accessing, or using the Service, you confirm that you are at least 13 years of age, have read and understood these Terms, and agree to be bound by them. If you are using the Service on behalf of an organisation, you represent that you have the authority to bind that organisation.

TOTPBOX provides a local-first authentication management tool that helps users store TOTP (Time-based One-Time Password) credentials, track Passkey readiness, and manage authentication upgrade workflows. The core features are:

• Local TOTP vault — stored and encrypted on your device
• Browser extension — auto-fill TOTP codes into login forms
• Passkey Awareness — identify accounts eligible for Passkey upgrade
• Cloud Sync (Pro) — encrypted vault synchronisation across devices
• Recovery Code Vault (Pro) — AES-256-GCM encrypted one-time code storage

Paid plans are billed monthly or annually in advance. All fees are non-refundable except as required by law or as individually agreed. We reserve the right to change pricing with 30 days' notice. Continued use after a price change constitutes acceptance.

Failure to pay may result in downgrade to the free tier. Your data will not be deleted immediately — we provide a 30-day grace period during which you may export your vault.

You agree not to:

• Use the Service for any unlawful purpose or in violation of any regulations
• Attempt to reverse-engineer, decompile, or extract the source code of any part of the Service
• Use the Service to store or transmit malicious code
• Interfere with or disrupt the integrity or performance of the Service
• Attempt to gain unauthorised access to any part of the Service or its related systems
• Resell or sublicense the Service without our explicit written consent

Your master key (passphrase) is never transmitted to or stored on our servers. If you lose your master key, we cannot recover your encrypted data. You are solely responsible for:

• Maintaining a secure backup of your master key
• Exporting your vault periodically as a personal backup
• The security of the device on which TOTPBOX is installed

TOTPBOX Inc. accepts no liability for data loss resulting from a lost master key or compromised device.

All intellectual property in the Service — including software, logos, designs, and documentation — is owned by TOTPBOX Inc. or its licensors. We grant you a limited, non-exclusive, non-transferable licence to use the Service during your subscription period.

You retain ownership of all data you enter into the Service. By using cloud sync, you grant us a limited, technical licence to store and transmit your encrypted vault data solely for the purpose of delivering the Service.

The Service is provided "as is" and "as available" without warranties of any kind, express or implied. We do not warrant that the Service will be error-free, uninterrupted, or free of security vulnerabilities. To the maximum extent permitted by law, we disclaim all implied warranties including merchantability and fitness for a particular purpose.

To the maximum extent permitted by applicable law, TOTPBOX Inc. shall not be liable for any indirect, incidental, special, consequential, or punitive damages — including loss of data, loss of profits, or loss of authentication access — even if we have been advised of the possibility of such damages. Our total aggregate liability shall not exceed the amount you paid us in the 12 months preceding the claim.

You may cancel your subscription at any time from your account settings. Cancellation takes effect at the end of the current billing period. We may suspend or terminate your account if you violate these Terms, with or without notice.

Upon termination, your right to use the Service ends immediately. Your locally-stored vault data remains on your device and is not affected by account termination. Cloud-sync data is retained for 30 days after which it is permanently deleted.

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes shall be resolved exclusively in the state or federal courts located in Delaware.

We may update these Terms at any time. We will notify you of material changes at least 14 days before they take effect via email or in-app notice. Continued use of the Service after the effective date constitutes acceptance of the revised Terms.

Questions about these Terms? Contact us at legal@totpbox.com.