Terms of Use
Last updated: June 2026
1. Acceptance
By accessing vaulty.world, the Vaulty Telegram bot, or the Vaulty Mini App ("the Services") you agree to these Terms. If you do not agree, do not use the Services.
2. Eligibility
You must be at least 18 years old and legally permitted to interact with crypto-assets in your jurisdiction. The Services are not offered to persons in jurisdictions where such offering would be unlawful, including (but not limited to) OFAC-sanctioned territories.
3. Nature of $VAULTY
$VAULTY is a community utility token on Solana. It is not a security, deposit, share, or regulated investment product. No yield is guaranteed; payouts are a function of on-chain Reserve performance and may be zero in any given period.
4. No financial advice
All content is informational only. We are not your broker, dealer, investment adviser, or fiduciary. Consult an independent professional before making any financial decision.
5. Self-custody
You retain sole control of your wallet and private keys. We cannot recover lost keys, reverse on-chain transactions, or restore tokens sent to incorrect addresses.
6. Prohibited use
- Money laundering, terrorism financing, sanctions evasion.
- Market manipulation, wash trading, or exploit attempts against the protocol.
- Reverse engineering of security-critical components.
7. Vaulty Wallet — self-custody digital account
Vaulty Wallet is a self-custody digital account built on Solana. You — and only you — control the private keys, the recovery phrase, and the funds. Vaulty does not hold, store, escrow, or have any technical ability to access your keys, recovery phrase, password, or assets. Keys are generated and encrypted locally in your browser or device; we never receive them on our servers.
- Your wallet public address functions as your Vaulty Account Number and may be displayed across the portal, Telegram Mini App, statements, and payouts.
- You are solely responsible for safeguarding your recovery phrase and password. Loss of either may result in permanent loss of funds. Vaulty cannot reset, recover, or restore them.
- Blockchain transactions are irreversible. You accept all network fees, slippage, congestion delays, and the risk of sending to wrong addresses or interacting with malicious contracts.
- Vaulty Wallet supports SOL and Solana SPL tokens. Asset coverage may expand over time; unsupported tokens sent to your address may be unrecoverable through our interface.
8. Linked external wallets
You may optionally link external wallets (e.g. Phantom, Solflare, or any Solana Wallet Standard provider) to your Vaulty profile for a unified experience. Linked wallets remain under the control of their respective providers and their terms apply. Vaulty does not custody, manage, or insure any linked wallet, and is not liable for losses, downtime, or compromises caused by external providers.
9. Vaulty Credit Rating
The Vaulty Credit Rating is a community profile indicator reflecting on-chain and platform activity. It is not a regulated credit score, lending decision, banking product, or consumer credit report under any jurisdiction (including the FCRA, UK CCA, or EU CCD). It does not create a lending relationship and grants no entitlement to credit, loans, or financial services. Wallet activity, balances, payouts and competition participation may in futurebe used to calculate or refine the rating; any material change to the methodology will be announced in advance on this site.
10. Competitions, rewards & payouts
- Payouts are dispatched on-chain to the Account Number associated with your Vaulty session at the time of award.
- You are responsible for keeping access to the receiving wallet; payouts sent to addresses you no longer control cannot be reversed.
- Reward eligibility may require holder verification, anti-bot checks, and compliance with competition rules published per event.
- Vaulty reserves the right to withhold rewards in cases of fraud, multi-accounting, sanctions exposure, or rule violations.
11. Access channels
These Terms apply uniformly across all access channels — the website, the user portal, the Vaulty Wallet interface (web and mobile), the Telegram bot, and the Telegram Mini App. Sensitive actions (signing, sending, key export) are always performed in the secure web flow; the Telegram view is read-mostly and never exposes secret material in links or messages.
11A. Data & Storage — Google Drive + optional Arweave
Vaulty operates a hybrid storage model designed to maximise both convenience and survivability without compromising the non-custodial guarantee. Wallet material is encrypted on the user's device and synchronised, by default, to a hidden, app-only folder on the user's own Google Drive (the Google "appDataFolder" scope), wrapped in an outer envelope keyed to the user's account. Users may additionally opt in to a one-time, pay-once Arweave backup of the same encrypted bundle, indexed by a minimal on-chain Solana account that stores only the Arweave transaction ID, the content hash, and primary/secondary flags. No keys, balances, or personal data ever touch the chain.
- Non-custodial by design. Vaulty does not hold, decrypt, or have any technical means to access the user's private keys, mnemonic, password, or the contents of any backup. All encryption, splitting, fetching, and reconstruction happens locally on the user's device.
- Primary sync — Google Drive App Folder. The folder is hidden from the user's normal Drive file list and Vaulty's OAuth grant is limited strictly to that scope. The encrypted blob is double-wrapped before it leaves the browser.
- Optional permanent backup — Arweave. A one-time fee (typically USD 0.05–0.10 per upload at the time of writing) publishes the encrypted bundle to Arweave's immutable network. There are no recurring charges and no subscription. Arweave operates independently of Vaulty under its own protocol terms; Vaulty makes no warranty regarding its continued availability.
- Solana index pointer. A small (~128–256 byte, rent-refundable) Solana account records only the Arweave transaction ID, the bundle hash and primary/secondary flags. It is updated only when the backup itself changes; reads are off-chain and free.
- Fallback order. Google Drive is always tried first for speed. Arweave is consulted only if the Google copy is missing, corrupted, or expired, and never serves as the primary path. All network calls use short timeouts and exponential back-off, and integrity is verified against the on-chain hash before any blob is decrypted locally.
- Recovery responsibility. If the user loses access to both their Google account and any pay-once Arweave backup, and cannot present any other valid recovery material, the account cannot be restored — by the user, by Vaulty, or by any third party. Vaulty is not liable for outages, termination, or policy changes affecting Google, Arweave, or the Solana network.
11A-bis. Authentication methods (Google or Solana wallet)
Choose your path: enterprise-grade convenience with Google, or fully decentralized control with your Solana wallet. Both unlock the same Vaulty — always there, permanent, never lost.
- Continue with Google. Enterprise-grade security — fast, familiar access. Sign in with the Google account you already trust. Vaulty's scope is limited to a hidden, app-only Drive folder — we can't read your files, email, or contacts. Your encrypted wallet is wrapped with a key derived from your Google identity so even Drive admins can't open it.
- Sign in with Solflare or Phantom. Fully decentralized — no third-party identity provider. Vaulty asks your wallet to sign a one-time verification message — no transaction, no fees. Your public key becomes your profile, and the outer encryption key is derived deterministically from that pubkey. Nothing about you leaves the Solana network.
- Public-key-based profiles. For wallet sign-in (Solflare, Phantom), the user's Solana public key is the account identifier. No email, password, or external identity provider is collected. The outer encryption key is derived deterministically from that public key, on top of the user's unlock password. For Google sign-in the equivalent input is the OAuth identifier. The non-custodial guarantee and the double- encryption rule are identical for both methods.
- Login method is tied to the account. Always sign in the same way you first created the account. Google and wallet accounts are kept strictly separate — a Google-created Vaulty cannot be opened with a wallet, and vice versa. Storage, sync, multi-account, Portal, and Telegram integrations behave identically for both methods.
11B. Optional Secure Backup & Recovery (Shamir 2-of-3)
In addition to the Google + Arweave hybrid storage described above, Vaulty offers an optional Secure Backup & Recovery service ("Secure Backup") based on AES-256-GCM encryption combined with a 2-of-3 Shamir Secret Sharing split (the same primitive used by the SLIP-39 standard). Enabling Secure Backup is entirely at the user's discretion and is not required to operate a Vaulty Wallet.
- Non-custodial by design. Vaulty never holds, processes, or has the ability to decrypt your private keys, recovery phrase, password, AES key, or any single shard. All encryption, splitting, fetching, and reconstruction happens locally on your device.
- Storage providers. When you choose to distribute a shard, it is uploaded as an opaque encrypted blob to one of the following third-party storage networks: (i) Arweave(permanent decentralized storage; subject to the Arweave protocol terms and any operator-funded gateway used to submit the upload), (ii) IPFS via Pinata (pinned IPFS storage; subject to Pinata's terms of service), or (iii) a local file you save to a destination of your choosing (e.g. iCloud Drive, Google Drive, USB media, password manager). Each provider operates independently of Vaulty and is governed by its own terms and privacy policy. Vaulty makes no warranty regarding the continued availability of any third-party storage network.
- Fees. Where a permanent storage option (e.g. Arweave) is selected, a one-time network fee — typically in the range of USD 0.05 to USD 0.10 per shard at the time of writing — is incurred to publish the encrypted blob. There are no recurring charges and no subscription associated with Secure Backup. Local export and IPFS/Pinata options are provided free of charge to the user.
- Recovery responsibility. Recovery requires any 2 of the 3 generated shards plus successful identity verification on your device (WebAuthn / FIDO2 biometrics where supported, or password attestation). If you lose access to fewer than 2 valid shards and your password, the account cannot be restored — by you, by Vaulty, or by any third party.
- Disclaimer. Secure Backup is a self-custody safety net, not a guarantee of fund recovery. Vaulty is not liable for shards lost, destroyed, or compromised by the user, for outages or termination of any third-party storage network, or for any inability to reconstruct a wallet caused by tampered, corrupted, or insufficient shard material.
12. Disclaimer of warranties
Services are provided "as is" and "as available" without warranty of any kind. We disclaim all implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
13. Limitation of liability
To the maximum extent permitted by law, our aggregate liability for any claim relating to the Services shall not exceed USD 100.
14. Governing law
These Terms are governed by the laws of the British Virgin Islands, without regard to conflict of laws principles. Disputes shall be resolved by binding arbitration on an individual basis.
15. Contact
General support: hello@vaulty.world
Security & responsible disclosure: security@vaulty.world
Legal & contract matters: legal@vaulty.world

