Skip to main content
Token Vault

Last updated: February 2026

Terms of Service

Acceptance of Terms

By accessing or using Token Vault, you agree to be bound by these Terms of Service. If you do not agree, do not use the service.

Description of Service

Token Vault is a credential management platform for AI agents. The service provides:

  • Encrypted storage for API keys and OAuth tokens
  • An MCP proxy for secure agent connections
  • Scoped, time-limited credential grants for AI agents
  • A webhook kill switch for instant credential revocation

Token Vault operates in two modes:

  • Webhook Mode: Credentials are stored on your own infrastructure. Token Vault stores only operational metadata and acts as a broker between your agents and your self-hosted vault.
  • Platform Mode: Credentials are encrypted using AES-256-GCM and stored on Token Vault's infrastructure (Google Cloud Firestore). No credentials are stored in plain text.

Account Registration and Security

You may create an account using Google authentication via Firebase. You are responsible for:

  • Maintaining the security of your account and any associated authentication credentials
  • All activity that occurs under your account
  • Safeguarding any vault keys, agent API keys, and webhook pairing codes generated through the service
  • Notifying us promptly at [email protected] if you become aware of any unauthorised access to your account

You must not share your account credentials or agent API keys with unauthorised parties.

Acceptable Use Policy

You agree to use Token Vault only for lawful purposes. You must not:

  • Store credentials obtained through unauthorised means
  • Use the service to facilitate unauthorised access to third-party systems
  • Attempt to reverse-engineer, decompile, or circumvent the encryption or security mechanisms of the service
  • Use the service in any way that could damage, disable, or impair its operation
  • Probe, scan, or test the vulnerability of the service without prior written consent
  • Exceed any rate limits or usage quotas applied to your account
  • Use the service to store content unrelated to API credentials or authentication tokens (such as general file storage)

Credential Storage and Shared Responsibility

Platform Mode: Credentials stored in Platform Mode are encrypted using AES-256-GCM before being written to our database. While we take reasonable measures to protect encrypted data at rest and in transit, you acknowledge that:

  • You are responsible for the security of any credentials before they are submitted to Token Vault
  • You are responsible for managing which agents have access to your credentials via grant scopes
  • If you lose access to your account, we may not be able to recover your credentials
  • Encryption reduces but does not eliminate all risk of data exposure

Webhook Mode: In Webhook Mode, credentials remain on your infrastructure. You are solely responsible for the security, availability, and backup of your self-hosted credential store. Token Vault's role is limited to brokering authenticated requests between agents and your webhook endpoint.

Both Modes: Agent grants are scoped and time-limited by design. You are responsible for reviewing and revoking grants as appropriate. The webhook kill switch provides a mechanism for instant credential revocation, but its effectiveness in Webhook Mode depends on the availability of your infrastructure.

Limitation of Liability

To the maximum extent permitted by law:

  • Token Vault is provided on an “as is” and “as available” basis without warranties of any kind, whether express or implied.
  • We do not warrant that the service will be uninterrupted, error-free, or completely secure.
  • We are not liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the service.
  • Our total liability for any claim arising from these terms or the service shall not exceed GBP 10.
  • We are not liable for any loss or damage resulting from unauthorised access to your credentials where such access was caused by your failure to maintain account security.
  • We are not liable for the actions, availability, or security of any third-party services accessed using credentials stored in Token Vault.

Nothing in these terms excludes or limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by law.

Data Handling and Encryption

Credentials stored in Platform Mode are encrypted using AES-256-GCM. No credentials are stored in plain text. All data in transit between your browser, agents, and our servers is protected by TLS 1.3. For full details of how we handle your data, see our Privacy Policy.

Service Availability and Uptime

We aim to maintain high availability but do not guarantee any specific uptime percentage. The service may be temporarily unavailable due to:

  • Scheduled maintenance (we will make reasonable efforts to provide advance notice)
  • Unplanned outages on our infrastructure providers (Google Cloud Platform, Cloudflare)
  • Security incidents requiring immediate remediation

In Webhook Mode, the availability of credential retrieval depends on the availability of your self-hosted webhook endpoint. Token Vault is not responsible for downtime caused by your infrastructure.

Termination

You may delete your account at any time. Upon account deletion:

  • Your account data will be removed within 30 days
  • In Platform Mode, your encrypted credential data will be permanently deleted
  • In Webhook Mode, metadata stored by Token Vault will be deleted; credentials on your infrastructure are unaffected

We may suspend or terminate your account if you violate these terms, with reasonable notice where possible. In cases of serious or repeated violations, we may terminate access immediately without notice.

We recommend exporting or backing up any critical credentials before deleting your account.

Intellectual Property

Token Vault, including its design, code, documentation, and branding, is the intellectual property of Conor Grant. You retain ownership of all credentials and data you store using the service.

Changes to Terms

We may update these terms from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page. For significant changes, we will make reasonable efforts to notify you via email. Continued use of the service after changes constitutes acceptance of the updated terms. If you do not agree with the changes, you should stop using the service and delete your account.

Governing Law

These terms are governed by and construed in accordance with the laws of Northern Ireland and the United Kingdom. Any disputes arising from these terms or your use of the service shall be subject to the exclusive jurisdiction of the courts of Northern Ireland.

Contact Information

For questions about these terms, contact us at [email protected].