Terms of Service

These Terms of Service (the "Terms") govern your use of HIPKit — the commercial product operated at hipkit.net. By creating an account, purchasing credits, subscribing, or otherwise using the product, you agree to these Terms. If you do not agree, do not use HIPKit.

1. Service Description

HIPKit is a commercial product built on top of the Human Integrity Protocol (HIP). It provides paid tooling for creators to attest, manage, and publish provenance records for files they create — including bulk attestation, a portfolio dashboard, embeddable proof badges, PDF certificates, URL inspection, batch templates, and related features.

HIPKit is not the HIP protocol itself. The HIP protocol is open and free at the protocol surface (hipprotocol.org); HIPKit is one of potentially many products that build on top of it. This boundary is intentional and is described further at /privacy.html § 12. Specifically:

• Under Charter Deployment Principle 5 (Permissionless Proliferation), anyone may build alternative products on top of the HIP protocol. HIPKit is one such product; it is not privileged in the protocol's design.
• Under Charter Deployment Principle 7 (Zero Institutional Cost), the protocol itself is free at the protocol surface. HIPKit's pricing reflects HIPKit's institutional implementation choice, not any protocol-imposed cost.
• Under Charter Deployment Principle 8 (Protocol, Not Entity), HIPKit is an institutional participant in the HIP ecosystem, not the protocol itself.

2. Eligibility

You must be at least 13 years old to use HIPKit. If you are under 18, you must have permission from a parent or legal guardian to make purchases. By using HIPKit, you represent that you have the legal capacity to enter into these Terms in your jurisdiction.

HIPKit's paid features require a HIP credential. Tier 1 credentials are issued by an independent pathway operator (hipverify.org), which performs identity verification under its own terms and privacy policy. Tier 3 credentials are issued device-locally at no cost and require no identity verification.

3. Your HIP Credential

Your credential is your responsibility. Specifically:

• Your credential's private key is generated and stored entirely in your browser (localStorage). HIPKit-the-server never receives, sees, or stores your private key.
• Anyone who possesses your credential file can sign attestations as you. Treat your credential backup file with the same care as a password.
• If you clear your browser storage, lose your device, or otherwise lose access to your credential, HIPKit cannot recover it. Tier 1 credentials may be recoverable via re-verification at hipverify.org; Tier 3 credentials are not recoverable.
• You are responsible for all activity under your credential, including any attestations signed by it.

4. Account & Authentication

HIPKit endpoints accept two forms of authentication:

• API keys issued via the HIPKit app and bound to your credential. The raw key is shown to you exactly once at creation; HIPKit stores only a SHA-256 hash and cannot recover the raw key after that moment. You may deactivate an API key at any time; deactivation is permanent.
• Signed AppAuth canonicals — request bodies signed by your credential's private key in the browser and verified server-side via Ed25519.

You are responsible for keeping your API keys confidential and for promptly deactivating any key that has been exposed or is no longer needed.

5. Pricing, Credits, and Subscriptions

HIPKit is offered both as one-time credit packs and as recurring monthly subscriptions, with current pricing published at hipkit.net/#pricing. Pricing is in U.S. dollars and is subject to change; any change to pricing applies prospectively to new purchases and to renewals after the change.

• Credits. Credits purchased as one-time packs do not expire. Credits are consumed when you invoke metered HIPKit features (for example, creating an attestation through the API). Credits are non-transferable between credentials.
• Subscriptions. Monthly subscription plans grant a monthly credit allotment that is restored at each billing cycle. Unused subscription credits do not roll over between cycles. Cancellation takes effect at the end of the then-current billing period; you retain access through that period.
• "Unlimited" tiers. Where a plan is described as "unlimited", HIPKit reserves the right to apply reasonable abuse-mitigation rate limits to protect infrastructure. These limits are not designed to constrain ordinary professional use.

6. Refunds

Payment is processed by Stripe. HIPKit's refund posture:

• Credit packs. Unused credits in a one-time credit pack may be refunded on request within 14 days of purchase. Credits already consumed are non-refundable.
• Subscriptions. Subscription fees are non-refundable for the current billing period; cancellation prevents future renewals but does not retroactively refund the current period.
• Technical-error refunds. If a technical error on HIPKit's side caused your charge to fail to deliver the credits you paid for, contact us and we will issue a refund or credit at our discretion.
• Failed third-party verifications. Charges that include third-party costs already incurred (for example, Tier 1 identity verification through hipverify.org) follow that operator's refund policy and are not refundable by HIPKit.

To request a refund, email support@hipkit.net from the email address you provided at checkout.

7. Acceptable Use

You agree not to:

• Submit attestations for content you do not have the right to attest, or for content created by another party that you are misrepresenting as your own.
• Use HIPKit to attest content that is unlawful, infringes intellectual property rights, defames any person, or violates applicable law.
• Attempt to create multiple credentials for the same person, or otherwise circumvent the protocol's one-credential-per-human deduplication enforcement.
• Probe, scan, reverse-engineer, or attack the HIPKit infrastructure, or attempt to access endpoints, accounts, or data that do not belong to you.
• Use HIPKit to mass-generate fraudulent provenance for content created by automated systems while misrepresenting that content as human-created.
• Resell, sublicense, or repackage HIPKit's paid features as a competing service without prior written agreement.
• Use HIPKit in any manner that would expose HIPKit's infrastructure providers (Cloudflare, Stripe) to liability or breach of their own terms.

HIPKit may suspend or terminate access for any account that materially violates this section. Where the violation involves fraudulent attestations, HIPKit may also flag the affected attestation records via the protocol's /dispute-proof mechanism.

For copyright takedown notices and the counter-notice procedure under the Digital Millennium Copyright Act, see the HIPKit DMCA Policy.

8. User Content & Attestations

HIPKit is a hashing-and-signing tool, not a hosting service. The files you attest are not uploaded to HIPKit — only their cryptographic fingerprints, your signatures, your classifications, and any optional thumbnails you choose to publish. Specifically:

• You retain all rights, title, and interest in the underlying creative works you attest. HIPKit claims no ownership of, and no license to, the underlying files themselves — because HIPKit does not receive the files.
• By creating an attestation through HIPKit, you grant HIPKit a worldwide, royalty-free, perpetual, non-exclusive license to store and serve the attestation record (content hash, classification, signature, optional thumbnail, manifest, and related metadata) for the purposes of operating the protocol's verification surface and HIPKit's portfolio, certificate, and badge features.
• You represent and warrant that you have the right to attest each file you submit and that the attestation does not infringe any third party's rights.
• Optional thumbnails you publish are public. Do not publish thumbnails of content you do not have the right to publish.

9. Permanence of Attestations

Attestations, series, and collections are written to a public verification surface. They cannot be deleted on request. This is a fundamental property of a verification protocol: a record that disappears when convenient is not a verification. The HIP protocol provides retirement (marking a credential or record as superseded) but not deletion.

Before you publish an attestation, confirm that you are willing for the content hash, classification, signature, optional thumbnail, and timestamp to remain part of the public record indefinitely.

10. Intellectual Property

The HIPKit name, brand, logos, site copy, and product designs are owned by Peter Rieveschl. The HIPKit code at github.com/tadortot/hipkit-net is published under its repository license; the HIP protocol code is published under the hip-protocol repository license set.

These Terms grant you a limited, revocable, non-exclusive, non-transferable license to use HIPKit's hosted product as offered, subject to these Terms. They do not grant you rights to HIPKit's name, brand, or any feature of the product beyond use of the hosted service.

11. Third-Party Services

HIPKit relies on the following third parties:

• Stripe for payment processing. Your payment information is handled by Stripe under its own terms and privacy policy. See stripe.com/legal.
• Cloudflare for infrastructure (Pages, Workers, KV, Email Routing). HIPKit's data is processed through Cloudflare's network under its own terms. See cloudflare.com/terms.
• hipverify.org for Tier 1 credential issuance. If you obtained your credential through the Tier 1 pathway, that issuance is governed by hipverify.org's own terms and privacy policy.
• Didit (transitively, via hipverify.org) for identity verification. HIPKit has no direct relationship with Didit; Didit's handling of your identity documents is governed by its agreement with hipverify.org.

HIPKit is not responsible for the actions, terms, privacy practices, or service availability of these third parties.

12. Disclaimers

HIPKit is provided "as is" and "as available", without warranty of any kind, express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted availability, or accuracy.

HIPKit is not a certificate authority, a financial service, a notary, an identity provider, a legal document service, or a regulator. A HIP attestation is a cryptographic record of a content fingerprint, a credential, and a timestamp — nothing more. It is not by itself proof of authorship, copyright, ownership, factual accuracy, or any other legal status, and it does not substitute for legal advice or formal registration where applicable law requires those.

HIPKit does not guarantee that any specific feature will continue to be offered, that pricing will not change, or that credentials issued today will be compatible with all future versions of the HIP protocol.

13. Limitation of Liability

To the maximum extent permitted by applicable law, HIPKit's total aggregate liability to you for any claim arising out of or related to your use of HIPKit is limited to the total amount you paid HIPKit in the twelve (12) months preceding the event giving rise to the claim.

To the maximum extent permitted by applicable law, HIPKit is not liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including without limitation lost profits, lost data, loss of goodwill, or loss of business opportunity, even if HIPKit has been advised of the possibility of such damages.

Some jurisdictions do not allow the exclusion or limitation of certain damages; in those jurisdictions the foregoing limitations apply to the maximum extent permitted.

14. Indemnification

You agree to indemnify and hold harmless HIPKit, its operator, and its infrastructure providers from any claim, loss, liability, or expense (including reasonable attorneys' fees) arising out of (a) your breach of these Terms, (b) your violation of applicable law, or (c) your submission of attestations for content you did not have the right to attest.

15. Changes to These Terms

We may update these Terms from time to time. Routine or non-material changes take effect when posted, noted with an updated effective date at the top of this page. Material adverse changes — those that materially reduce your rights or materially increase your obligations — will be announced at hipkit.net and on the HIPKit GitHub repository at least thirty (30) days before they take effect. Continued use of HIPKit after a change takes effect constitutes acceptance of the updated Terms. If you do not agree to a change, your remedy is to stop using HIPKit before it takes effect.

16. Termination

You may stop using HIPKit at any time. Stopping use does not entitle you to a refund of fees already paid except as specified in §6 (Refunds).

HIPKit may suspend or terminate your access for material breach of these Terms (including §7 Acceptable Use), for fraud, for non-payment, or where required by law. On termination, sections 8 (Permanence-related obligations), 10 (Intellectual Property), 12 (Disclaimers), 13 (Limitation of Liability), 14 (Indemnification), 17 (Operator and Successor Entity), 18 (Sunset and Continuity), 19 (Governing Law), 20 (Dispute Resolution), and 21 (Contact) survive.

17. Operator and Successor Entity

HIPKit is operated by Peter Rieveschl as an individual at the time of this update. The HIPKit name, brand, and product code are owned by the operator personally as described in § 10 (Intellectual Property); the protocol-layer code at github.com/human-integrity-protocol/hip-protocol is published openly under its repository licenses.

If HIPKit's commercial operations are assigned to a limited-liability company or other successor entity formed to hold them — for example, a U.S.-formed LLC at the time of public launch — the successor will be bound by these Terms with respect to obligations already incurred under them, and any change in the operator entity will be noted with an updated effective date at the top of this page. The successor entity name, when formed, will appear in this section. Superseding terms, if any, will be published here before they take effect.

18. Sunset and Continuity

If HIPKit-the-product is wound down or its commercial operations are sunset, your accrued rights and the data described in the HIPKit Privacy Policy § 6 (Data Retention) will be handled as follows:

• Attestation records, series records, collection records. The HIP protocol's verification surface is designed to outlast any single operator. The Steward Node specification at SN-SPEC-v0.md describes the planned decentralization of record persistence. Once that tier is activated, HIPKit-originated records held by HIPKit can be migrated to Steward Nodes for continued public verification. Until that tier is activated, HIPKit will publish a final read-only snapshot of records (covering content hashes, classifications, signatures, timestamps, and any optional thumbnails) to a public archive — such as a GitHub release or an Internet Archive snapshot — before any wind-down completes.
• Refunds and accrued credits. A final accounting period sufficient to satisfy refund obligations under § 6 (Refunds) will be observed before account data is closed. Unused credits eligible for refund under § 6 may be requested during this period.
• Account data, Stripe customer references, credit balances, API key state. Handled per the HIPKit Privacy Policy § 15 (Sunset and Continuity), including the 30-day post-notice retention floor.
• Notice. A wind-down or operator-transfer notice will appear at hipkit.net and on the HIPKit GitHub repository at least thirty (30) days before any non-reversible step is taken. Continued use after the notice period constitutes acknowledgement of the wind-down terms.

19. Governing Law

These Terms are governed by the laws of the U.S. state in which the HIPKit operator resides at the time a dispute arises (the operator's then-current state of residence), without regard to its conflict-of-laws principles, together with applicable U.S. federal law. If HIPKit's commercial operations are assigned to a successor entity (see § 17), the governing law becomes the U.S. state of that entity's formation, noted with an updated effective date. Subject to § 20 (Dispute Resolution), the state and federal courts located in the applicable governing-law state have exclusive jurisdiction over any dispute not resolved by arbitration.

20. Dispute Resolution

Please contact support@hipkit.net first — most disputes can be resolved informally, and we ask that you give us 30 days to do so before starting a formal proceeding. If a dispute is not resolved informally, the following applies:

• Binding individual arbitration. Any dispute arising out of or relating to these Terms or your use of HIPKit that is not resolved informally will be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules (or Consumer Arbitration Rules where those apply), rather than in court, except as stated below. The arbitration will take place in the applicable governing-law state (see § 19) or remotely by agreement, and judgment on the award may be entered in any court of competent jurisdiction.
• Class-action waiver. Disputes will be conducted only on an individual basis. You and HIPKit each waive any right to bring or participate in a class action, class-wide arbitration, consolidated action, or other representative proceeding. The arbitrator may not consolidate more than one person's claims or preside over any representative or class proceeding.
• Small-claims carveout. Either party may instead bring an individual claim in small-claims court if the claim qualifies.
• Injunctive-relief carveout. Either party may seek injunctive or other equitable relief in court to protect intellectual property or to stop unauthorized access to or misuse of the service, without waiving this arbitration agreement as to other claims.
• Jurisdictional limits. Some jurisdictions do not permit, or limit the enforceability of, pre-dispute arbitration agreements or class-action waivers — particularly for consumers. Where applicable law prohibits any part of this section, that part does not apply to you to the extent prohibited, the remainder continues in effect, and any dispute not subject to arbitration is resolved in the courts identified in § 19 (Governing Law).

21. Contact

For questions about these Terms, contact support@hipkit.net or open an issue on the HIP Protocol GitHub repository. For privacy-specific inquiries, see the HIPKit Privacy Policy.