Terms of Service
These Terms of Service (the "Terms") govern your use of HIPKit — the commercial product operated at hipkit.net. By creating an account, purchasing credits, subscribing, or otherwise using the product, you agree to these Terms. If you do not agree, do not use HIPKit.
1. Service Description
HIPKit is a commercial product built on top of the Human Integrity Protocol (HIP). It provides paid tooling for creators to attest, manage, and publish provenance records for files they create — including bulk attestation, a portfolio dashboard, embeddable proof badges, PDF certificates, URL inspection, batch templates, and related features.
HIPKit is not the HIP protocol itself. The HIP protocol is open and free at the protocol surface (hipprotocol.org); HIPKit is one of potentially many products that build on top of it. This boundary is intentional and is described further at /privacy.html § 12. Specifically:
- Under Charter Deployment Principle 5 (Permissionless Proliferation), anyone may build alternative products on top of the HIP protocol. HIPKit is one such product; it is not privileged in the protocol's design.
- Under Charter Deployment Principle 7 (Zero Institutional Cost), the protocol itself is free at the protocol surface. HIPKit's pricing reflects HIPKit's institutional implementation choice, not any protocol-imposed cost.
- Under Charter Deployment Principle 8 (Protocol, Not Entity), HIPKit is an institutional participant in the HIP ecosystem, not the protocol itself.
2. Eligibility
You must be at least 13 years old to use HIPKit. If you are under 18, you must have permission from a parent or legal guardian to make purchases. By using HIPKit, you represent that you have the legal capacity to enter into these Terms in your jurisdiction.
HIPKit's paid features require a HIP credential. Tier 1 credentials are issued by an independent pathway operator (hipverify.org), which performs identity verification under its own terms and privacy policy. Tier 3 credentials are issued device-locally at no cost and require no identity verification.
3. Your HIP Credential
Your credential is your responsibility. Specifically:
- Your credential's private key is generated and stored entirely in your browser (localStorage). HIPKit-the-server never receives, sees, or stores your private key.
- Anyone who possesses your credential file can sign attestations as you. Treat your credential backup file with the same care as a password.
- If you clear your browser storage, lose your device, or otherwise lose access to your credential, HIPKit cannot recover it. Tier 1 credentials may be recoverable via re-verification at hipverify.org; Tier 3 credentials are not recoverable.
- You are responsible for all activity under your credential, including any attestations signed by it.
4. Account & Authentication
HIPKit endpoints accept two forms of authentication:
- API keys issued via the HIPKit app and bound to your credential. The raw key is shown to you exactly once at creation; HIPKit stores only a SHA-256 hash and cannot recover the raw key after that moment. You may deactivate an API key at any time; deactivation is permanent.
- Signed AppAuth canonicals — request bodies signed by your credential's private key in the browser and verified server-side via Ed25519.
You are responsible for keeping your API keys confidential and for promptly deactivating any key that has been exposed or is no longer needed.
5. Pricing, Credits, and Subscriptions
HIPKit is offered both as one-time credit packs and as recurring monthly subscriptions, with current pricing published at hipkit.net/#pricing. Pricing is in U.S. dollars and is subject to change; any change to pricing applies prospectively to new purchases and to renewals after the change.
- Credits. Credits purchased as one-time packs do not expire. Credits are consumed when you invoke metered HIPKit features (for example, creating an attestation through the API). Credits are non-transferable between credentials.
- Subscriptions. Monthly subscription plans grant a monthly credit allotment that is restored at each billing cycle. Unused subscription credits do not roll over between cycles. Cancellation takes effect at the end of the then-current billing period; you retain access through that period.
- "Unlimited" tiers. Where a plan is described as "unlimited", HIPKit reserves the right to apply reasonable abuse-mitigation rate limits to protect infrastructure. These limits are not designed to constrain ordinary professional use.
6. Refunds
Payment is processed by Stripe. HIPKit's refund posture:
- Credit packs. Unused credits in a one-time credit pack may be refunded on request within 14 days of purchase. Credits already consumed are non-refundable.
- Subscriptions. Subscription fees are non-refundable for the current billing period; cancellation prevents future renewals but does not retroactively refund the current period.
- Technical-error refunds. If a technical error on HIPKit's side caused your charge to fail to deliver the credits you paid for, contact us and we will issue a refund or credit at our discretion.
- Failed third-party verifications. Charges that include third-party costs already incurred (for example, Tier 1 identity verification through hipverify.org) follow that operator's refund policy and are not refundable by HIPKit.
To request a refund, email support@hipkit.net from the email address you provided at checkout.
7. Acceptable Use
You agree not to:
- Submit attestations for content you do not have the right to attest, or for content created by another party that you are misrepresenting as your own.
- Use HIPKit to attest content that is unlawful, infringes intellectual property rights, defames any person, or violates applicable law.
- Attempt to create multiple credentials for the same person, or otherwise circumvent the protocol's one-credential-per-human deduplication enforcement.
- Probe, scan, reverse-engineer, or attack the HIPKit infrastructure, or attempt to access endpoints, accounts, or data that do not belong to you.
- Use HIPKit to mass-generate fraudulent provenance for content created by automated systems while misrepresenting that content as human-created.
- Resell, sublicense, or repackage HIPKit's paid features as a competing service without prior written agreement.
- Use HIPKit in any manner that would expose HIPKit's infrastructure providers (Cloudflare, Stripe) to liability or breach of their own terms.
HIPKit may suspend or terminate access for any account that materially violates this section. Where the violation involves fraudulent attestations, HIPKit may also flag the affected attestation records via the protocol's /dispute-proof mechanism.
For copyright takedown notices and the counter-notice procedure under the Digital Millennium Copyright Act, see the HIPKit DMCA Policy.
8. User Content & Attestations
HIPKit is a hashing-and-signing tool, not a hosting service. The files you attest are not uploaded to HIPKit — only their cryptographic fingerprints, your signatures, your classifications, and any optional thumbnails you choose to publish. Specifically:
- You retain all rights, title, and interest in the underlying creative works you attest. HIPKit claims no ownership of, and no license to, the underlying files themselves — because HIPKit does not receive the files.
- By creating an attestation through HIPKit, you grant HIPKit a worldwide, royalty-free, perpetual, non-exclusive license to store and serve the attestation record (content hash, classification, signature, optional thumbnail, manifest, and related metadata) for the purposes of operating the protocol's verification surface and HIPKit's portfolio, certificate, and badge features.
- You represent and warrant that you have the right to attest each file you submit and that the attestation does not infringe any third party's rights.
- Optional thumbnails you publish are public. Do not publish thumbnails of content you do not have the right to publish.
9. Permanence of Attestations
Attestations, series, and collections are written to a public verification surface. They cannot be deleted on request. This is a fundamental property of a verification protocol: a record that disappears when convenient is not a verification. The HIP protocol provides retirement (marking a credential or record as superseded) but not deletion.
Before you publish an attestation, confirm that you are willing for the content hash, classification, signature, optional thumbnail, and timestamp to remain part of the public record indefinitely.
10. Intellectual Property
The HIPKit name, brand, logos, site copy, and product designs are owned by Peter Rieveschl. The HIPKit code at github.com/tadortot/hipkit-net is published under its repository license; the HIP protocol code is published under the hip-protocol repository license set.
These Terms grant you a limited, revocable, non-exclusive, non-transferable license to use HIPKit's hosted product as offered, subject to these Terms. They do not grant you rights to HIPKit's name, brand, or any feature of the product beyond use of the hosted service.
11. Third-Party Services
HIPKit relies on the following third parties:
- Stripe for payment processing. Your payment information is handled by Stripe under its own terms and privacy policy. See stripe.com/legal.
- Cloudflare for infrastructure (Pages, Workers, KV, Email Routing). HIPKit's data is processed through Cloudflare's network under its own terms. See cloudflare.com/terms.
- hipverify.org for Tier 1 credential issuance. If you obtained your credential through the Tier 1 pathway, that issuance is governed by hipverify.org's own terms and privacy policy.
- Didit (transitively, via hipverify.org) for identity verification. HIPKit has no direct relationship with Didit; Didit's handling of your identity documents is governed by its agreement with hipverify.org.
HIPKit is not responsible for the actions, terms, privacy practices, or service availability of these third parties.
12. Disclaimers
HIPKit is provided "as is" and "as available", without warranty of any kind, express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted availability, or accuracy.
HIPKit is not a certificate authority, a financial service, a notary, an identity provider, a legal document service, or a regulator. A HIP attestation is a cryptographic record of a content fingerprint, a credential, and a timestamp — nothing more. It is not by itself proof of authorship, copyright, ownership, factual accuracy, or any other legal status, and it does not substitute for legal advice or formal registration where applicable law requires those.
HIPKit does not guarantee that any specific feature will continue to be offered, that pricing will not change, or that credentials issued today will be compatible with all future versions of the HIP protocol.
13. Limitation of Liability
To the maximum extent permitted by applicable law, HIPKit's total aggregate liability to you for any claim arising out of or related to your use of HIPKit is limited to the total amount you paid HIPKit in the twelve (12) months preceding the event giving rise to the claim.
To the maximum extent permitted by applicable law, HIPKit is not liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including without limitation lost profits, lost data, loss of goodwill, or loss of business opportunity, even if HIPKit has been advised of the possibility of such damages.
Some jurisdictions do not allow the exclusion or limitation of certain damages; in those jurisdictions the foregoing limitations apply to the maximum extent permitted.
14. Indemnification
You agree to indemnify and hold harmless HIPKit, its operator, and its infrastructure providers from any claim, loss, liability, or expense (including reasonable attorneys' fees) arising out of (a) your breach of these Terms, (b) your violation of applicable law, or (c) your submission of attestations for content you did not have the right to attest.
15. Changes to These Terms
We may update these Terms from time to time. Material changes will be noted with an updated effective date at the top of this page. Continued use of HIPKit after changes constitutes acceptance of the updated Terms. If you do not agree to a change, your remedy is to stop using HIPKit.
16. Termination
You may stop using HIPKit at any time. Stopping use does not entitle you to a refund of fees already paid except as specified in §6 (Refunds).
HIPKit may suspend or terminate your access for material breach of these Terms (including §7 Acceptable Use), for fraud, for non-payment, or where required by law. On termination, sections 8 (Permanence-related obligations), 10 (Intellectual Property), 12 (Disclaimers), 13 (Limitation of Liability), 14 (Indemnification), and 17 (Contact) survive.
17. Contact
For questions about these Terms, contact support@hipkit.net or open an issue on the HIP Protocol GitHub repository. For privacy-specific inquiries, see the HIPKit Privacy Policy.