Terms of Service

1. Acceptance of Terms

By accessing or using YapID ("Service", "we", "us", "our") at id.yaphub.xyz, or by integrating YapID into your platform, you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

These Terms apply to all users of YapID, including individuals who use YapID to authenticate on third-party platforms, and developers who integrate YapID into their applications.

2. Description of Service

YapID is a privacy-first anonymous authentication service. The Service allows users to create and maintain a persistent anonymous digital identity using a 12-word BIP-39 passphrase, without providing any personal information such as an email address, phone number, or legal name.

What the Service provides:

• Generation of a unique anonymous identity derived from a 12-word passphrase
• Authentication tokens (JWT) that can be verified by third-party platforms
• Session management including the ability to logout from all devices
• Premium status verification for connected YAP services
• An SDK and API for developers to integrate YapID authentication

What the Service does not provide:

• Password recovery or account recovery of any kind
• Storage of personal information
• Customer support that can verify or reset your identity

3. Your Account & 12-Word Passphrase

You are solely responsible for:

• Storing your 12-word passphrase securely (we recommend writing it on paper and storing it in a safe place)
• Never sharing your 12-word passphrase with anyone, including YapID staff
• Any and all activity that occurs under your YapID account
• Understanding that losing your passphrase means permanent loss of access to your account

Your passphrase and how it works:

Your 12 words are used to derive an Ed25519 cryptographic keypair entirely within your browser. Only a cryptographic proof (signature) is sent to our servers — your actual words never leave your device. The server stores only a SHA-256 hash of your derived public key, which cannot be reversed to reveal your 12 words.

Because we have zero knowledge of your passphrase, we cannot help you recover access to your account if you lose your 12 words. This is by design and is the foundation of our privacy model.

4. Privacy & Data

YapID is built around a principle of collecting the absolute minimum data necessary to provide the Service. Our full Privacy Policy is available at id.yaphub.xyz/privacy.

What we store:

• A SHA-256 hash of your public key (cannot be reversed)
• Session identifiers and their expiration timestamps
• Refresh token identifiers (not the tokens themselves)
• One-time nullifiers to prevent replay attacks
• Premium status linked to your anonymous account ID

What we never store:

• Your 12-word passphrase
• Your IP address
• Your email address, name, or any personal identifiers
• Device fingerprints or user agent strings
• Location data of any kind

What third-party platforms receive:

When you authenticate on a third-party platform using YapID, that platform receives only your anonymous accountId (a UUID) and your premium status (boolean). No name, no avatar, no personal data is ever transmitted.

GDPR:

Because we store no personal data, there is technically nothing to delete under GDPR. However, you may request deletion of your account hash and associated session data by logging out of all devices, which effectively terminates your presence in our database.

5. Developer Integration

If you integrate YapID into your platform ("Developer"), you agree to the following additional terms:

Permitted use:

• Using the YapID API and SDK to authenticate users on your platform
• Verifying YapID tokens via the /api/verify endpoint
• Using the YapID button and SDK in commercial and non-commercial projects

Prohibited use:

• Using YapID to build a competing anonymous authentication service for commercial purposes (see License section)
• Attempting to correlate or de-anonymize YapID users
• Storing YapID tokens longer than necessary for session management
• Misrepresenting YapID's capabilities or privacy guarantees to your users

Developer responsibilities:

Developers are responsible for clearly informing their users that YapID is being used for authentication and for complying with all applicable privacy laws in their jurisdiction.

6. Acceptable Use

You may not use YapID to:

• Engage in any illegal activity or facilitate illegal activities
• Attempt to circumvent, reverse-engineer, or compromise the security of the Service
• Create multiple accounts for the purpose of abusing any platform that uses YapID
• Use automated means to create large numbers of YapID accounts
• Interfere with or disrupt the integrity or performance of the Service
• Attempt to gain unauthorized access to the Service or its systems

We reserve the right to revoke access to accounts that violate these terms. Because we do not store personal data, enforcement is limited to blocking specific account hashes.

7. Premium Features

Premium status on YapID is linked to a YAP Premium subscription purchased through yaphub.xyz. Premium features within the YapID ecosystem are subject to the terms and conditions of the YAP service.

YapID itself is and will remain free to use for authentication purposes. Premium status only affects optional features within connected YAP services and does not restrict your ability to use YapID for authentication.

8. Intellectual Property

YapID is licensed under the Business Source License 1.1 (BSL 1.1). The source code is available at github.com/YapID.

Under BSL 1.1:

• You may read, audit, and verify the source code
• You may use YapID for personal and non-commercial projects
• You may not operate a competing commercial authentication service based on our code without a commercial license
• The license automatically converts to Apache 2.0 on January 1, 2030

For commercial licensing inquiries, contact us at Support Chat.

9. Disclaimers & Limitations of Liability

To the maximum extent permitted by law, YapID and its operators shall not be liable for:

• Loss of access to your account due to loss of your 12-word passphrase
• Any damages arising from unauthorized access to your account
• Any indirect, incidental, special, consequential, or punitive damages
• Any loss of data, revenue, or profits arising from use of the Service

Our total liability to you for any claims arising from the use of the Service shall not exceed €100 EUR.

10. Termination

You may stop using YapID at any time. Because we store no personal data linked to you, there is no formal account deletion process. Logging out of all devices via the "Logout from all devices" feature effectively removes your active sessions from our system.

We reserve the right to suspend or terminate access to the Service for accounts that violate these Terms. Given our privacy model, such actions are limited to blocking specific account identifiers.

We may discontinue the Service at any time with reasonable notice. In such an event, we will provide at least 90 days notice via the YapID website.

11. Changes to Terms

We may update these Terms from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page and, where possible, by posting a notice on the YapID website.

Continued use of the Service after changes take effect constitutes acceptance of the new Terms.

12. Contact

For questions about these Terms, please contact us at:

• Email: Support Chat
• GitHub: github.com/YapID
• Website: id.yaphub.xyz

These Terms are governed by applicable law. Any disputes shall be resolved through good-faith negotiation before pursuing other remedies.