This may be modified at any time without further consent of the user.
Property of Nelson Cybersecurity LLC. Headquartered in Florida, hosted in New York.
VAuth is an open-source service, the source can be found at https://github.com/VAuth/VAuth-Source-Code . You are NOT allowed to sell VAuth source or sell subscriptions using the VAuth source. The source code is for personal and educational use only! Failure to abide by this will result in a DMCA takedown request.
We do not host any user files. Instead, we allow our users to download via our API which acts as a proxy. The files are never stored on our server. Given this information, if you are the owner of any copyrighted material that is found on VAuth; you must contact the file host and notify them of the alleged infringement.
Account owners have the sole responsibility for their credentials. VAuth is not responsible for the loss, leaking and/or use of user credentials unless through a security breach on our platform. We make available numerous options to protect your account, including 2FA. Accounts are for individual use only, any multiple-party use is prohibited and may result in the termination of your account (without refund).
If you are experiencing any issues while making a payment, you did not receive your subscription after payment, or you have a question about a payment please create a ticket via discord https://discord.gg/VAuth. Please do this BEFORE creating a dispute on your payment platform.
If you would like to purchase a subscription for another user you may do so by entering their username at checkout on https://shop.VAuth.cc/ or https://paddle.VAuth.cc/. Please DO NOT login to anyones account that is NOT yours. Any third-party use on an account may result in termination of your VAuth account.
You are responsible for the content uploaded or that communicates with VAuth. While we will remove illegal content if we're made aware of it, "VAuth" is provided immunity from any legal action held against anything uploaded by users on our service (VAuth 230 of the Communications Decency Act). Emails from law enforcement or legal counsel regarding illegal content using our service should be directed to [email protected].
You agree to comply with all applicable legislation and regulations in connection with your use of VAuth, this is not limited to your local laws. The use of our service to host, transmit, or share any illegal data will result in an immediate termination of your account and a possible law enforcement notification. We also forbid any attempt to abuse, spam, hack, or crack our service without the written permission of Nelson Cybersecurity LLC. The following actions will result in account termination:
Attacks against our webserver, including DDoS attacks and exploitative attempts.
Creating a dispute after the refund period, seven days (or thirty days if you paid via Paddle)
Attempting to libel VAuth to hurt its reputation.
Utilizing an unreasonable amount of server resources, i.e. creating hundreds of thousands of users.
Violating VAuth's open-source license, i.e monetarily benefitting from VAuth source by selling it as if you own it
It is pretty much necessary to store these details to fight fraudulent disputes. Otherwise, we'll have insufficient evidence to win the dispute. Also I highly recommend you use the password manager https://bitwarden.com. You can use Bitwarden for free on multiple devices, and you can also purchase their premium to unlock the ability to store 2FA codes in their browser extension or mobile app.
We collect the below-listed details. We'll try to keep this updated, you can also view https://github.com/VAuth/VAuth-Source-Code/blob/main/db_structure.sql
IP address used to register account, last IP address to login to account, and only if account logs are enabled on your account (they are by default), every IP address that has logged into your account in the past week is saved in database. Also, regardless of whether account logs are enabled, every IP address used to login to an account is sent to a private Discord webhook.
Passwords are hashed with BCrypt prior to being stored in the database. We do not log plain-text passwords. With today's technology, BCrypt passwords are considered unable to decrypt to a plain-text form.
Email (hashed with SHA1, not plain-text) used to register is stored in database, 2FA secret is stored if enabled.
Your customer's Windows SID (hwid) is stored in database if sent to our API, their IP address is stored, and their password is stored after being hashed with BCrypt. You're unable to get your customer's plain-text password from our server.
List of dependencies
E-commerce systems Sellix https://sellix.io/privacy and Paddle https://www.paddle.com/privacy used to process payments
Cloudflare used to proxy traffic, offer DDoS protection, and collect analytics on page views https://www.cloudflare.com/privacy
Have I Been Pwned used to send only the first five characters of SHA1 hashed password to their API to see if it's been in a data breach https://haveibeenpwned.com/privacy
ip-api used to query approximate location of IP address & whether the IP address is from a known VPN https://ip-api.com/docs/legal
Bunny CDN used for custom domains (panel.VAuth.win & api.VAuth.win) to proxy traffic & offer DDoS protection https://bunny.net/privacy/