Terms of Service

1. Service Description

HIPVerify ("the Service") is an independent pathway operator that issues Tier 1 HUMAN-PROOF credentials compatible with the Human Integrity Protocol ("HIP"). The Service verifies your identity through government-issued ID document scanning and biometric liveness detection, then issues a cryptographic credential stored in your browser.

HIPVerify is not the HIP protocol itself. It operates under HIP Charter Deployment Principle 5 (Permissionless Proliferation) as a third-party service. The HIP protocol itself collects no fees. This Service charges a one-time $1.00 fee to cover third-party identity verification costs — it is not a subscription. For the data-handling side of your relationship with HIPVerify (separate from these contractual terms), see the HIPVerify Privacy Policy.

2. Eligibility

You must be at least 13 years old and possess a valid, unexpired government-issued photo ID to use this Service. By using the Service, you represent that you meet these requirements. Users under 18 should ensure they have appropriate permission to make online purchases.

3. Verification Process

The verification process involves:

• Payment: A one-time fee of $1.00 USD processed through Stripe. This fee is non-refundable once identity verification has been initiated, except where required by law.
• Identity verification: You submit images of your government-issued ID and a live selfie. This verification is performed by our third-party provider, Didit. Your identity documents and biometric data are processed by Didit under their own privacy policy and are not stored by HIPVerify.
• Credential issuance: Upon successful verification, a cryptographic key pair is generated entirely in your browser. The private key never leaves your device. A one-way deduplication hash is stored server-side to enforce one credential per person.

4. One Credential Per Person

HIP enforces a one-credential-per-human principle. If your government ID has already been used to create a Tier 1 credential, you will not be able to create a second one. This is enforced through a one-way deduplication hash that cannot be reversed to recover your identity.

5. Your Credential

Your credential is your responsibility. It is stored in your browser's localStorage and can be backed up as a JSON file. HIPVerify does not have access to your private key and cannot recover or reissue your credential if lost. You are solely responsible for maintaining backup copies.

Anyone who possesses your credential file can sign attestations as you. Treat your credential backup file with the same care as a password.

6. Acceptable Use

You agree not to:

• Submit fraudulent, stolen, or altered identity documents.
• Attempt to create multiple credentials for the same person.
• Attempt to circumvent the deduplication system.
• Use the Service for any illegal purpose.
• Reverse-engineer, probe, or attack the verification infrastructure.

7. Fees and Refunds

The verification fee is $1.00 USD. Payment is processed by Stripe. If your identity verification fails due to a technical error on our side, you may contact us for a refund. If verification fails because your documents are invalid, expired, or do not match your selfie, the fee is non-refundable — the third-party verification cost has already been incurred.

8. Third-Party Services

This Service relies on:

• Didit for identity verification (document scanning, liveness detection, face matching). Didit processes your identity documents and biometric data under their own terms and privacy policy.
• Stripe for payment processing. Stripe processes your payment information under their own terms and privacy policy.
• Cloudflare for infrastructure (Workers, KV storage, Email Routing). Session data, deduplication hashes, and credential ID mappings are stored in Cloudflare KV.

HIPVerify is not responsible for the actions, privacy practices, or service availability of these third parties.

9. Disclaimers

The Service is provided "as is" without warranty of any kind. HIPVerify does not guarantee uninterrupted availability, that verification will succeed for all valid documents, or that credentials will be compatible with all future versions of the HIP protocol.

HIPVerify is not a financial service, identity provider, or certificate authority. A Tier 1 credential is a cryptographic attestation of human verification status within the HIP protocol — nothing more.

10. Limitation of Liability

To the maximum extent permitted by law, HIPVerify's total liability for any claim arising from use of the Service is limited to the amount you paid for the verification ($1.00 USD). HIPVerify is not liable for any indirect, incidental, consequential, or punitive damages.

11. Operator and Successor Entity

HIPVerify is operated by Peter Rieveschl as an individual at the time of this update. The HIPVerify name, brand, and pathway-operator code are owned by the operator personally; the protocol-layer code at github.com/human-integrity-protocol/hip-protocol is published openly under its repository licenses.

If HIPVerify's pathway operations are assigned to a limited-liability company or other successor entity formed to hold them — for example, a U.S.-formed LLC at the time of public launch — the successor will be bound by these terms with respect to credentials already issued under them, and any change in the operator entity will be noted with an updated effective date at the top of this page. The successor entity name, when formed, will appear in this section. Superseding terms, if any, will be published here before any new commitments are made under them.

12. Sunset and Continuity

If HIPVerify's pathway operations are wound down or its operations are sunset, the rights and obligations described in these terms will be handled as follows:

• Issued credentials. Credentials previously issued through HIPVerify continue to be cryptographically verifiable independent of HIPVerify's operational status. The HIP protocol's verification surface is designed to outlast any single pathway operator. Once the protocol's Steward Node tier is activated, the deduplication hashes and credential ID mappings necessary for ongoing protocol-layer verification can be migrated to Steward Nodes for continued public verification. Until that tier is activated, HIPVerify will publish a final read-only snapshot of the necessary protocol-facing fields (deduplication hashes, credential IDs, tier labels, issuance timestamps) to a public archive (such as a GitHub release or an Internet Archive snapshot) before any wind-down completes.
• Refund obligations. Pending refund requests outstanding at the time of a wind-down notice will be honored through a final accounting period of at least thirty (30) days following the notice. After that period, refund obligations under § 7 are extinguished.
• Notice. A wind-down or operator-transfer notice will appear at hipverify.org and on the HIP Protocol GitHub repository at least thirty (30) days before any non-reversible step is taken. Any updated terms that apply under a successor operator will be published here.

A pathway sunset does not retroactively withdraw a credential previously issued under the pathway. Under Charter Deployment Principle 5 (Permissionless Proliferation), anyone may build alternative Tier 1 pathway providers; HIPVerify is the first, not the only one. If HIPVerify's pathway operations are ever Suspended or Declassified per PATHWAY-SPEC-v1, alternative Tier 1 pathways operating under DP-5 may be established by other operators with their own terms.

13. Changes to These Terms

We may update these terms from time to time. Material changes will be noted with an updated effective date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated terms.

14. Contact

For questions about these terms, contact us through the HIP Protocol GitHub repository.