Terms of Service

These Terms of Service ("Terms") govern your access to and use of Vendor Access Vault and related pages, tools, and content operated by ORYGN LLC (the "Service").

By accessing or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.

Vendor Access Vault is an account-based web application that lets teams store vendor credentials with server-side AES-256-GCM encryption, gate access through approval workflows with auto-expiry, and maintain an append-only audit log of credential, vendor, and access-request activity.

We may change, suspend, restrict, or discontinue any part of the Service at any time, with or without notice.

You may use the Service only if you have the legal capacity to enter into these Terms and are authorized to act on behalf of any organization for which you create an account, invite members, or store credentials. You represent that the credentials you store, the vendor relationships you describe, and the personal information of teammates you invite are information you have the right to handle through the Service.

You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You agree to notify us promptly if you suspect unauthorized access to your account.

We strongly encourage enabling two-factor authentication, applying the principle of least privilege when assigning roles to teammates, and rotating credentials regularly. You are responsible for reviewing the audit log to detect anomalous activity in your organization.

The Service is provided for informational and operational utility purposes only. It does not provide legal advice, compliance certification, audit attestation, or professional security assurance.

Storing data in the Service does not by itself make your organization compliant with SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, or any other framework. Compliance is a property of your overall program (the controls you implement, the audits you complete, and the evidence you produce), not of any single tool. Any output, export, label, or feature of the Service is not a substitute for legal review, independent audit, or professional judgment.

You understand and agree that AES-256-GCM, bcrypt password hashing, and TOTP two-factor authentication are widely used cryptographic primitives, but no cryptographic system is unbreakable. Future discoveries, implementation flaws, dependency vulnerabilities, or operational mistakes could affect the confidentiality, integrity, or availability of stored data.

You also understand and agree that role-based access controls, just- in-time approval workflows, and the audit log are designed to surface activity and constrain authority, but they cannot prevent every misuse, particularly by someone with legitimate credentials acting in bad faith. You are solely responsible for who you grant access to, what role you assign them, and how you respond to audit- log signals.

You are responsible for maintaining your own backups of any data you consider critical and for verifying the integrity of any export, credential, or audit record before relying on it.

You agree not to use the Service to:

• Violate any law, regulation, court order, contract, or third-party right.
• Store, share, or process credentials, secrets, or data you are not authorized to handle.
• Attempt to interfere with, disrupt, disable, overburden, or compromise the Service or any other user's use of the Service.
• Probe, scrape, reverse engineer, or bypass protective measures except as expressly allowed by applicable law.
• Impersonate another person or organization, or misrepresent your authority to act on behalf of an organization.
• Use the Service in connection with malware, abusive automation, unlawful surveillance, credential theft, or harmful conduct.

The Service relies on third-party providers for hosting, database, email delivery, bot protection, and (optionally) authentication. We do not control these providers and are not responsible for their availability, content, security practices, or data handling practices.

Your use of third-party services that we integrate with may also be subject to their own terms and privacy policies. The current list of providers is described in our Privacy Policy.

As between you and ORYGN LLC, you retain ownership of the data you store in the Service, including vendor metadata, credentials, access-request content, and audit-log entries that pertain to your organization.

You grant ORYGN a limited, worldwide, non-exclusive, royalty-free license to host, store, transmit, encrypt, decrypt, display, and process your data solely as necessary to operate the Service for you, and to maintain backups and security records as described in our Privacy Policy.

The Service itself, including its design, software, source code, text, graphics, branding, compilations, and other materials, is owned by ORYGN LLC or its licensors and is protected by applicable intellectual property laws.

The Service is currently offered free of charge and provided as-is. Features may change without notice, behaviors may change, and the Service may have bugs, incomplete capabilities, or temporary outages. We do not guarantee that the Service will be uninterrupted, error-free, secure, or available at any particular time or location.

Free access is not a perpetual or irrevocable offer. We reserve the right to introduce paid tiers in the future. If we do, we will provide notice in the Service before any change affects your existing organizations.

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY LAW, ORYGN LLC DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, AND QUIET ENJOYMENT.

WITHOUT LIMITING THE FOREGOING, ORYGN LLC DOES NOT WARRANT THAT THE SERVICE WILL PROTECT AGAINST EVERY ATTACK VECTOR, MEET YOUR LEGAL, SECURITY, FORENSIC, OR COMPLIANCE NEEDS, PRESERVE DATA INTEGRITY IN EVERY CASE, OR PROVIDE A COMPLETE RECORD OF EVERY EVENT IN YOUR ORGANIZATION.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ORYGN LLC AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AFFILIATES, CONTRACTORS, AND LICENSORS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS INTERRUPTION, ARISING OUT OF OR RELATING TO THE SERVICE OR THESE TERMS.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF ORYGN LLC FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE SERVICE OR THESE TERMS WILL NOT EXCEED ONE HUNDRED U.S. DOLLARS (USD $100) OR THE AMOUNT YOU PAID US TO USE THE SERVICE IN THE TWELVE MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, WHICHEVER IS GREATER.

You agree to defend, indemnify, and hold harmless ORYGN LLC and its officers, directors, employees, affiliates, contractors, and licensors from and against claims, liabilities, damages, losses, and expenses, including reasonable attorneys' fees, arising out of or related to the data you store in the Service, your use of the Service, your violation of these Terms, or your violation of any law or third-party right.

You may stop using the Service at any time. Owners may delete their organizations from the settings page; non-owner members may leave an organization from the same page.

We may suspend or terminate your access to the Service at any time, with or without notice, if we believe you have violated these Terms, created risk for the Service or others, or if suspension or termination is otherwise necessary to operate or protect the Service.

These Terms are governed by the laws of the State of Texas, without regard to conflict of laws rules.

Except where prohibited by applicable law, any dispute arising out of or relating to these Terms or the Service will be brought exclusively in the state or federal courts located in Texas, and you consent to the personal jurisdiction of those courts.

If any provision of these Terms is held invalid or unenforceable, the remaining provisions will remain in full force and effect.

Our failure to enforce any provision of these Terms is not a waiver of that provision or any other provision.

These Terms, together with any policies expressly incorporated by reference (including the Privacy Policy), constitute the entire agreement between you and ORYGN LLC regarding the Service.

If you have questions about these Terms, please contact:

ORYGN LLC

Email: [email protected]