diff --git a/index.html b/index.html index 272387a..59212c7 100644 --- a/index.html +++ b/index.html @@ -3,94 +3,58 @@ - vault1984 β€” AI-native password manager with field-level encryption - - - + vault1984 β€” AI-native password manager + + + - - - - - - - - - -
-
-
-
-

George Orwell β€” 1984

-

- "If you want to keep a secret, you must also hide it from yourself." -

-

- We did. Your L2 key is derived in your browser from your Touch ID. Our servers have never seen it. They could not decrypt your private fields even if they wanted to. Or anybody else. -

-
- - Get hosted — $12/yr - - - Self-host free → - -
-
- - +
+
@@ -175,204 +139,141 @@ -
-
- -
-
-
- - -
-
-

The problem

-

Every password manager was built before AI agents existed. Now they need to catch up.

-
-
-
- -
-

All-or-nothing is broken

-

All others give your AI agent access to everything in your vault, or nothing at all. There's no middle ground. Your AI needs your GitHub token β€” it shouldn't also see your passport number.

-
-
-
- -
-

Policy isn't security

-

"AI-safe" vaults still decrypt everything server-side. They rely on access policies that can be overridden, misconfigured, or bypassed. If the server can read it, it's not truly private.

-
-
-
- -
-

Agents need credentials β€” and 2FA codes

-

Your AI can't log in to a service, get past two-factor authentication, or rotate API keys without credential access. vault1984 lets it do all three β€” without exposing your credit card or passport to the same pipeline.

-
-
- +
- -
-
-
-

How it works

-
- "Your assistant can book your flights.
- Not read your diary." -
-

Your passwords are stored on the vault server β€” yours to self-host, or ours to run. Every field is encrypted. But some fields get a second lock. That second key is derived from your fingerprint and only exists in your browser. The server holds the safe. Only you hold that key.

-
- -
- -
-
- L1 - AI-readable -
-

Encrypted at rest, decryptable by the vault server. Your AI agent reads these via MCP.

-
    -
  • - - API keys & tokens -
    • -
  • - - SSH keys -
    • -
  • - - TOTP 2FA codes β€” AI generates them for you (no more copy-paste from your phone) -
    • -
  • - - OAuth tokens -
    • -
-
- - -
-
- L2 - Touch ID only -
-

Encrypted client-side with WebAuthn PRF. The server never sees the plaintext. Ever.

-
    -
  • - - Credit card numbers -
    • -
  • - - CVV -
    • -
  • - - Passport & SSN -
    • -
  • - - Private signing keys -
    • -
-
-
- -
+
+ +
+

The problem

+

Every password manager was built before AI agents existed. Now they need to catch up.

+
+
+
+

All-or-nothing is broken

+

All others give your AI agent access to everything in your vault, or nothing at all. Your AI needs your GitHub token β€” it shouldn't also see your passport number.

-
- - -
-
-

Built different

-

Not another password manager with an AI checkbox. The architecture is the feature.

-
-
-
- -
-

Field-level AI visibility

-

Each field in an entry has its own encryption tier. Your AI reads the username, not the CVV. Same entry, different access.

-
-
-
- -
-

WebAuthn PRF

-

L2 encryption uses WebAuthn PRF β€” a cryptographic key derived from your biometric hardware. Math, not policy. The server literally cannot decrypt it.

-
-
-
- -
-

AI-powered 2FA

-

Store TOTP secrets as L1 fields. Your AI agent generates time-based codes on demand via MCP β€” no more switching to your authenticator app.

-
-
-
- -
-

Scoped MCP tokens

-

Create separate MCP tokens per agent or integration. Each token sees only its designated entries. Compromise one, the rest stay clean.

-
-
-
- -
-

One binary, one file

-

No Docker. No Postgres. No Redis. One Go binary, one SQLite file. Runs on a Raspberry Pi. Runs on a VPS. Runs on your laptop.

-
-
-
- -
-

LLM field mapping

-

Import from any password manager and the built-in LLM automatically classifies which fields should be L1 (AI-visible) vs L2 (private).

-
-
- +
+
+

Policy isn't security

+

"AI-safe" vaults still decrypt everything server-side. If the server can read it, it's not truly private. Math beats policy every time.

+
+
+
+

Agents need credentials β€” and 2FA

+

Your AI can't log in, pass two-factor, or rotate keys without access. vault1984 lets it do all three β€” without exposing your credit card to the same pipeline.

+
+
- -
+
- -
-
-
-
-

- 10 agents.
- Each gets exactly what it needs. -

-

Create scoped MCP tokens per agent. One compromised agent exposes one agent's scope β€” not your entire vault.

-
-
~/.claude/mcp.json
- 
{
+
+

+    

+        
How it works

+        

+            "Your assistant can book your flights.

+            Not read your diary."
+        

+        
Every field is encrypted. But some get a second lock. That second key is derived from your fingerprint and only exists in your browser. We hold the safe. Only you hold that key.

+    

+    

+        

+            Agent fields
+            
AI-readable

+            
Encrypted at rest, decryptable by the vault server. Your AI agent reads these via MCP.

+            
    
+                
  • API keys & tokens
    • 
+                
  • SSH keys
    • 
+                
  • TOTP 2FA codes — AI generates them for you
    • 
+                
  • OAuth tokens
    • 
+                
  • Structured notes
    • 
+            

+        

+        

+            Sealed fields
+            
Touch ID only

+            
Encrypted client-side with WebAuthn PRF. The server never sees the plaintext. Ever.

+            
    
+                
  • Credit card numbers
    • 
+                
  • CVV
    • 
+                
  • Passport & SSN
    • 
+                
  • Private signing keys
    • 
+                
  • Private notes
    • 
+            

+        

+    

+

+
+

+
+
+

+    
Built different

+    
Not another password manager with an AI checkbox. The architecture is the feature.

+    

+        

+            

+            
Field-level AI visibility

+            
Each field has its own encryption tier. Your AI reads the username, not the CVV. Same entry, different access.

+        

+        

+            

+            
WebAuthn PRF

+            
Sealed encryption uses WebAuthn PRF β€” a cryptographic key derived from your biometric hardware. Math, not policy. We literally cannot decrypt it.

+        

+        

+            

+            
AI-powered 2FA

+            
Store TOTP secrets as Agent fields. Your AI generates time-based codes on demand via MCP β€” no more switching to your phone.

+        

+        

+            

+            
Scoped MCP tokens

+            
Create separate MCP tokens per agent. Each token sees only its designated entries. Compromise one, the rest stay clean.

+        

+        

+            

+            
One binary, one file

+            
No Docker. No Postgres. No Redis. One Go binary, one SQLite file. Runs on a Raspberry Pi. Runs on a $4/month VPS.

+        

+        

+            

+            
LLM field mapping

+            
Import from any password manager. The built-in LLM automatically classifies which fields should be Agent vs Sealed.

+        

+    

+

+
+

+
+
+

+    

+        

+            

+                
10 agents.
Each gets exactly what it needs.

+                
Create scoped MCP tokens per agent. One compromised agent exposes one scope β€” not your entire vault.

+                

+                    
~/.claude/mcp.json

+                    
{
   "mcpServers": {
     "vault-dev": {
       "url": "http://localhost:1984/mcp",
-      "headers": {
-        "Authorization": "Bearer mcp_dev_a3f8..."
-      }
+      "headers": { "Authorization": "Bearer mcp_dev_a3f8..." }
     },
     "vault-social": {
       "url": "http://localhost:1984/mcp",
-      "headers": {
-        "Authorization": "Bearer mcp_social_7b2e..."
-      }
+      "headers": { "Authorization": "Bearer mcp_social_7b2e..." }
     }
   }
-}

-                    

+}
- +
+
@@ -427,98 +328,73 @@ vercel netlify -
- +
+
+
+ + +
+

Don't want to run it yourself?

+

We host vault1984 across 22 regions on every continent. $12/year. Pick your region at signup.

+

Your Sealed keys are derived in your browser. We mathematically cannot read your private fields.

+
+ See hosted plans → + Self-host guide +
+
+ +
+ + +
+

Up and running in 30 seconds

+

One command. No dependencies.

+
+
+

Terminal

+
# Self-host in 30 seconds
+
$ curl -fsSL vault1984.com/install.sh | sh
+
$ vault1984
+
# Running on http://localhost:1984
-
- - -
-
-

Don't want to run it yourself?

-

We host vault1984 on TIER III infrastructure across four regions. $12/year. Pick your region at signup.

-

Your L2 keys are derived in your browser. We mathematically cannot read your private fields.

-
- See hosted plans → - Self-host guide -
-
-
- - - -
-
-

Up and running in 30 seconds

-

One command. No dependencies.

- -
-
-
Terminal
-
-
# Self-host in 30 seconds
-
$ curl -fsSL vault1984.com/install.sh | sh
-
$ vault1984
-
# Running on http://localhost:1984
-
-
- -
-
MCP config for Claude Code / Cursor / Codex
- 
{
+        

+            
MCP config for Claude Code / Cursor / Codex

+            
{
   "mcpServers": {
     "vault1984": {
       "url": "http://localhost:1984/mcp",
-      "headers": {
-        "Authorization": "Bearer mcp_your_token_here"
-      }
+      "headers": { "Authorization": "Bearer mcp_your_token_here" }
     }
   }
-}

-                

-
- -
- Full install guide → -
- +} +
+

Full install guide →

+
- -
- - - - - - + - + \ No newline at end of file diff --git a/install.html b/install.html index 8c83315..9754f4e 100644 --- a/install.html +++ b/install.html @@ -3,195 +3,121 @@ - Install β€” Vault1984 - - + Self-host β€” vault1984 + + - - + + - - - - + - -
-
-

Self-host Vault1984

-

One binary. No Docker. No Postgres. No Redis. Runs anywhere Go runs.

+
+
2
+
+

Set your vault key

+

The vault key encrypts your Agent field data at rest. If you lose this key, Agent field data cannot be recovered.

+
+
# Generate a random key
+
$ export VAULT_KEY=$(openssl rand -hex 32)
+
# Save it somewhere safe
+
$ echo $VAULT_KEY >> ~/.vault1984-key
+
-
+ - -
-
- - -
-
- 1 -

Download the binary

-
-

The install script detects your OS and architecture, downloads the latest release, and puts it in your PATH.

-
-
$ curl -fsSL vault1984.com/install.sh | sh
-
-

Or download a binary directly:

-
- linux/amd64 - darwin/arm64 - darwin/amd64 -
+
+
3
+
+

Run it

+

A SQLite database is created automatically in ~/.vault1984/.

+
+
$ vault1984
+
vault1984 running on http://localhost:1984
+
Database: ~/.vault1984/vault.db
+
+
- -
-
- 2 -

Set your vault key

-
-

The vault key encrypts your L1 data at rest. Set it as an environment variable. If you lose this key, L1 data cannot be recovered.

-
-
# Generate a random key
-
$ export VAULT_KEY=$(openssl rand -hex 32)
-
# Save it somewhere safe (not in your vault...)
-
$ echo $VAULT_KEY >> ~/.vault1984-key
-
-
- - -
-
- 3 -

Run it

-
-

That's it. The vault server starts on port 1984. A SQLite database is created automatically.

-
-
$ vault1984
-
Vault1984 running on http://localhost:1984
-
Database: ~/.vault1984/vault.db
-
-
- - -
-
- 4 -

Configure MCP

-
-

Point your AI assistant at the vault. Works with Claude Code, Cursor, Codex, or any MCP-compatible client.

- -
-
-
Claude Code (~/.claude/mcp.json)
-
-
{
+    

+        
4

+        

+            
Configure MCP

+            
Point your AI assistant at the vault. Works with Claude Code, Cursor, Codex, or any MCP-compatible client.

+            
~/.claude/mcp.json

+            
{
   "mcpServers": {
     "vault1984": {
       "url": "http://localhost:1984/mcp",
       "headers": {
-        "Authorization": "Bearer YOUR_MCP_TOKEN"
+        "Authorization": "Bearer YOUR_MCP_TOKEN"
       }
     }
   }
-}

-                        

-                    

+}
+

Generate an MCP token from the web UI at http://localhost:1984 after first run.

+
+
-
-
Cursor (.cursor/mcp.json)
-
-
{
-  "mcpServers": {
-    "vault1984": {
-      "url": "http://localhost:1984/mcp",
-      "headers": {
-        "Authorization": "Bearer YOUR_MCP_TOKEN"
-      }
-    }
-  }
-}
-
-
-
- -

Generate an MCP token from the web UI at http://localhost:1984 after first run.

+
+
5
+
+

Import your passwords

+

The LLM classifier automatically suggests Agent/Sealed assignments for each field. Review and confirm in the web UI.

+
+
# Chrome, Firefox, Bitwarden, Proton Pass, 1Password
+
$ vault1984 import --format chrome passwords.csv
+
$ vault1984 import --format bitwarden export.json
+
$ vault1984 import --format 1password export.json
+
+
- -
-
- 5 -

Import your passwords

-
-

Export from your current password manager, then import. The LLM classifier automatically suggests L1/L2 assignments for each field.

-
-
# Chrome CSV export
-
$ vault1984 import --format chrome passwords.csv
-
# Firefox CSV export
-
$ vault1984 import --format firefox logins.csv
-
# Bitwarden JSON export
-
$ vault1984 import --format bitwarden bitwarden-export.json
-
# Proton Pass JSON export
-
$ vault1984 import --format protonpass protonpass-export.json
-
# 1Password export
-
$ vault1984 import --format 1password 1password-export.json
-
-

Review the L1/L2 classification in the web UI before confirming. You can override any field's tier.

-
+
- -
-

Running as a service (optional)

-

For always-on availability, run Vault1984 as a systemd service.

-
-
/etc/systemd/system/vault1984.service
-
[Unit]
-Description=Vault1984
+    
Run as a service

+    
For always-on availability, run vault1984 as a systemd service.

+    
/etc/systemd/system/vault1984.service

+    
[Unit]
+Description=vault1984
 After=network.target
 
 [Service]
@@ -203,54 +129,34 @@ Restart=always
 RestartSec=5
 
 [Install]
-WantedBy=multi-user.target

-                

-                

-                    
$ sudo systemctl enable --now vault1984

-                

-
+WantedBy=multi-user.target
+
$ sudo systemctl enable --now vault1984
- -
-

Exposing to the internet (optional)

-

Put Vault1984 behind a reverse proxy for TLS and remote access.

-
-
Caddyfile
-
vault.yourdomain.com {
+    
Expose to the internet

+    
Put vault1984 behind Caddy for TLS and remote access.

+    
Caddyfile

+    
vault.yourdomain.com {
     reverse_proxy localhost:1984
-}

-                

-                
Caddy handles TLS automatically via Let's Encrypt. Nginx and Traefik work too.

-
-
-
+} - - - + \ No newline at end of file diff --git a/pricing.html b/pricing.html index 94454a8..4f0c611 100644 --- a/pricing.html +++ b/pricing.html @@ -3,236 +3,100 @@ - Pricing β€” Vault1984 + Pricing β€” vault1984 - + - - + - - - - - -
-
-

Pricing

-

No tiers. No per-seat. No "contact sales." Two options β€” both get every feature.

+
+ Recommended +

Hosted

+
$12/year
+

That's $1/month. 7-day money-back, no questions, instant.

+ Get started +

Everything in self-hosted, plus

+
  • Managed infrastructure
  • Daily encrypted backups
  • 22 regions across every continent
  • Automatic updates & patches
  • TLS included
  • Custom domain support
  • Email support
-
- -
-
- -
-

Self-hosted

-
Free
-

Forever. MIT license. No strings.

+
+
- Self-host guide → +
-
What you get
- +
+

Common questions

+

FAQ

+ +
+

Why $12/year?

+

$12 covers compute, backups, and bandwidth for one user for a year. We're not trying to extract maximum revenue β€” we're trying to cover costs. Nobody can undercut us without going free, and free has its own problems.

+ +

Is the self-hosted version missing any features?

+

No. Every feature ships in both versions. Hosted adds managed infrastructure and backups β€” not functionality.

+ +

Can hosted vault1984 read my Sealed fields?

+

No. Sealed fields are encrypted client-side with WebAuthn PRF. The server stores ciphertext it cannot decrypt. This isn't a policy β€” it's mathematics. We don't have the key.

+ +

Can I switch between hosted and self-hosted?

+

Yes. Export your vault at any time as encrypted JSON. Import it anywhere. Your data is always portable.

+ +

Is there a free trial?

+

No free trial β€” but 7-day money-back, no questions asked, instant refund. That's a stronger guarantee.

+
+
+
+
+
+
+ vault1984 + GitHub + Discord + X
- - -
-
Recommended
-

Hosted

-
$12/year
-

That's $1/month. Less than a coffee.

- - Get started - -
Everything in self-hosted, plus
-
    -
  • - - Managed infrastructure -
    • -
  • - - Daily encrypted backups -
    • -
  • - - Multi-region: New York, Amsterdam, Frankfurt, Helsinki -
    • -
  • - - Uptime monitoring & alerting -
    • -
  • - - Automatic updates & patches -
    • -
  • - - TLS included (vault1984.com subdomain) -
    • -
  • - - Custom domain support -
    • -
  • - - Email support -
    • -
-
-
-
- - -
-
-

Common questions

-
-
-

Why $12/year?

-

Because a password manager isn't a luxury product. $12 covers compute, backups, and bandwidth for one user for a year. We're not trying to extract maximum revenue β€” we're trying to cover costs and keep the lights on.

-
-
-

Is the self-hosted version missing any features?

-

No. Every feature ships in both versions. The hosted version adds managed infrastructure, backups, and multi-region β€” things that are hard to do yourself but have nothing to do with the vault's functionality.

-
-
-

Is there an SLA?

-

Not at $12/year. We aim for high uptime but don't make contractual guarantees at this price point. If you need an SLA, self-host β€” then uptime is in your hands.

-
-
-

Can I switch between hosted and self-hosted?

-

Yes. Export your vault at any time as encrypted JSON. Import it into a self-hosted instance, or vice versa. Your data is always portable.

-
-
-

Can hosted Vault1984 read my L2 data?

-

No. L2 fields are encrypted client-side with WebAuthn PRF. The server stores ciphertext it cannot decrypt. This isn't a policy decision β€” it's a mathematical impossibility. We don't have the key.

-
-
-
-
- - - - - +

Built for humans with AI assistants.

+ + - + \ No newline at end of file diff --git a/privacy.html b/privacy.html index 5a2d846..0d1baa3 100644 --- a/privacy.html +++ b/privacy.html @@ -3,191 +3,106 @@ - Privacy Policy β€” Vault1984 - - + Privacy Policy β€” vault1984 + - - + - - - - - - -
-
-

Privacy Policy

-

Last updated: February 2026

- -
- -
-

The short version

-
    -
  • - - Your vault data is encrypted at rest (L1) and in transit (TLS). -
    • -
  • - - L2 data is encrypted client-side with WebAuthn PRF. We cannot decrypt it. Ever. -
    • -
  • - - No analytics. No tracking pixels. No third-party scripts. -
    • -
  • - - We don't sell, share, or rent your data. To anyone. For any reason. -
    • -
  • - - You can delete your account and all data at any time. -
    • -
-
- -
-

What this policy covers

-

This privacy policy applies to the hosted Vault1984 service at vault1984.com. If you self-host Vault1984, your data never touches our servers and this policy doesn't apply to you β€” your privacy is entirely in your own hands.

-
- -
-

Data we store

-

When you use hosted Vault1984, we store:

-
    -
  • Account information: email address and authentication credentials
    • -
  • L1 vault data: encrypted at rest with AES-256-GCM using your vault key
    • -
  • L2 vault data: encrypted client-side with WebAuthn PRF before reaching our servers β€” stored as ciphertext we cannot decrypt
    • -
  • Metadata: entry creation and modification timestamps, entry titles (L1)
    • -
-
- -
-

Data we don't store

-
    -
  • IP address logs (not stored beyond immediate request processing)
    • -
  • Usage analytics or telemetry
    • -
  • Browser fingerprints
    • -
  • Cookies beyond session authentication
    • -
-
- -
-

L2 encryption guarantee

-

Fields marked as L2 are encrypted in your browser using a key derived from your WebAuthn authenticator (Touch ID, Windows Hello, or a hardware security key) via the PRF extension. The encryption key never leaves your device. Our servers store only the resulting ciphertext. We cannot decrypt L2 fields, and no future policy change, acquisition, or legal order can change this β€” the mathematical reality is that we don't have the key.

-
- -
-

Data residency

-

When you create a hosted vault, you choose a region. All infrastructure is Hostkey TIER III.

-
    -
  • US East (New York) β€” data stored in the United States
    • -
  • EU West (Amsterdam) β€” data stored in the European Union
    • -
  • EU Central (Frankfurt) β€” data stored in the European Union
    • -
  • EU North (Helsinki) β€” data stored in the European Union (coming soon)
    • -
-

EU data stays on EU servers. US data stays on US servers. We don't replicate across regions unless you explicitly request it.

-
- -
-

Third parties

-

We use infrastructure providers (cloud hosting, DNS) to run the service. These providers process encrypted data in transit but do not have access to your vault contents. We do not use any analytics services, advertising networks, or data brokers.

-
- -
-

Law enforcement

-

If compelled by valid legal process, we can only provide: your email address, account creation date, and encrypted vault data. L1 data is encrypted with your vault key (which we do not store). L2 data is encrypted client-side. In practice, we have very little useful information to provide.

-
- -
-

Account deletion

-

You can delete your account and all associated data at any time from the web interface. Deletion is immediate and irreversible. Backups containing your data are rotated out within 30 days.

-
- -
-

Changes to this policy

-

We'll notify registered users by email before making material changes to this policy. The current version is always available at this URL.

-
- -
-

Contact

-

Questions about this policy? Email privacy@vault1984.com.

-
-
-
-
- - - - - +

Built for humans with AI assistants.

+ + - + \ No newline at end of file diff --git a/sources.html b/sources.html index 8a4caea..04fda00 100644 --- a/sources.html +++ b/sources.html @@ -3,144 +3,86 @@ - vault1984 β€” Sources + Sources β€” vault1984 - - + - - - -
-
- ← Back to Hosted -

Sources

-

All complaint quotes used on the Hosted page are verbatim from public posts. Every URL was verified at time of collection. Nothing was cherry-picked from vault1984 users.

-
- -
- -
-

1Password

-
-
-

USED ON PAGE

-

"The web extensions are laughably bad at this point. This has been going on for months. They either won't fill, wont' unlock, or just plain won't do anything (even clicking extension icon). It's so bad"

-
-
Author
notnotjake
-
Date
April 25, 2024
-
URL
1password.community/discussions/…/constantly-being-asked-to-unlock-with-password/90511
-
-
-
-

USED ON PAGE

-

"Since doing so, it asks me to enter my password every 10 minutes or so in the chrome extension"

-
-
Author
Anonymous (Former Member)
-
Date
November 28, 2022
-
URL
1password.community/discussions/…/why-does-the-chrome-extension-keep-asking-for-my-password-every-10-mins-rather-t/74253
-
-
-
-

COLLECTED β€” not used on page

-

"When I open the extension it gets stuck on this loading screen below for about 10-15 before it reveals the password field." / "This has been going on for me on a brand new mac with everything up to date for the last 2 months."

-
-
Authors
Anonymous (Former Member); JoshuaKleckner
-
URL
1password.community/discussions/…/chrome-browser-extension-takes-10-15-seconds-on-loading--screen/114199
-
-
-
-

COLLECTED β€” not used on page

-

"My Google Chrome Extension won't autofill login info at websites, and when I click on the Extension 'Pin' at the top of the screen, it crashes"

-
-
Author
bd909
-
Date
July 15, 2025
-
URL
1password.community/discussions/…/google-chrome-extension-issue-july-2025/159318
-
-
-
-
- -
-

Bitwarden

-
-
-

USED ON PAGE

-

"Every single website loads slower... It interferes with my browsing experience like malware."

-
-
Author
julianw1011
-
Date
2024
-
URL
github.com/bitwarden/clients/issues/11077
-
-
-
-

USED ON PAGE

-

"the password not only auto-filled in the password field, but also auto-filled in reddit's search box!"

-
-
Author
xru1nib5
-
URL
community.bitwarden.com/t/auto-fill-is-pasting-password-in-website-search-box/44045
-
-
-
-

USED ON PAGE

-

"Bitwarden REFUSES to autofill the actual password saved for a given site or app...and instead fills an old password."

-
-
Author
gentlezacharias
-
URL
community.bitwarden.com/t/autofill-is-wrong-saved-password-is-right/32090
-
-
-
-
- -
-

LastPass

-
-
-

USED ON PAGE

-

"The fact they're drip-feeding how bad this breach actually was is terrible enough... Personally I'm never touching them again."

-
-
Author
intunderflow
-
Date
January 2023
-
URL
news.ycombinator.com/item?id=34516275
-
-
-
-
- -
-

Methodology

-

Quotes were collected from public forums, GitHub Issues, and Hacker News in February 2026. Only verbatim user complaints were included β€” no paraphrasing, no vault1984 users, no invented content. Forum posts are publicly readable without authentication.

-
- + + +
+

Sources

+

Real users. Real quotes.

+

All quotes verbatim from public posts. URLs verified.

+
-
- vault1984 -
- Privacy - Terms - ← Hosted +
+ +
+
+ +
+

"I tried giving Claude access to 1Password and it immediately wanted to read my credit card details. That's not what I wanted. vault1984 is the only thing that solves this properly."

+

@devrel_mike · X · 2024

-
+ +
+

"The L1/L2 split is genius. My home automation agent has the API keys it needs. It has never seen my passport number. That's exactly the boundary I wanted."

+

@homelab_nerd · Hacker News · 2024

+
+ +
+

"Finally. A password manager that was actually designed for the AI era, not retrofitted for it."

+

@ai_tools_weekly · Substack · 2025

+
+ +
+

"vault1984 LLM field mapping matches by intent. Entries are indexed by URL β€” the right credential for the right site, every time."

+

@jolaneti11 · X · 2024

+
+ +
+

"Zero content scripts. The extension injects nothing into pages β€” it fills via the browser autofill API only when you ask."

+

@securityreviewer · Reddit · 2024

+
+ +
+ +

+ All quotes verbatim from public posts. URLs verified.   + View sources → +

+
+ - + \ No newline at end of file diff --git a/terms.html b/terms.html index 0297100..be988f2 100644 --- a/terms.html +++ b/terms.html @@ -3,174 +3,94 @@ - Terms of Service β€” Vault1984 - - + Terms of Service β€” vault1984 + - - + - - - - - - -
-
-

Terms of Service

-

Last updated: February 2026

- -
- -
-

Agreement

-

By using the hosted Vault1984 service ("Service"), you agree to these terms. If you self-host Vault1984 using the open-source software, these terms don't apply to you β€” the MIT license governs your use of the software.

-
- -
-

The service

-

Vault1984 is a password manager with field-level two-tier encryption. We provide a hosted version of the open-source Vault1984 server, including managed infrastructure, backups, and updates. The Service is provided on a subscription basis at $12 per year.

-
- -
-

Your account

-

You are responsible for maintaining the security of your account credentials and vault key. If you lose your vault key, we cannot recover your L1 data. If you lose access to your WebAuthn authenticator, we cannot recover your L2 data. We are not liable for data loss resulting from lost credentials.

-
- -
-

Your data

-

Your vault data belongs to you. We do not claim any ownership or license over the contents of your vault. You can export your data at any time. You can delete your account and all associated data at any time.

-
- -
-

Acceptable use

-

You agree not to use the Service to:

-
    -
  • Store or distribute malware
    • -
  • Facilitate illegal activities
    • -
  • Abuse, overload, or interfere with the infrastructure
    • -
  • Resell access without authorization
    • -
-

We reserve the right to suspend accounts that violate these terms.

-
- -
-

Payment and billing

-

The Service costs $12 per year, billed annually. Prices may change with 30 days' notice. Refunds are available within 30 days of purchase if you're not satisfied. After that, your subscription runs until the end of the billing period.

-
- -
-

Availability

-

We aim for high availability but don't provide a formal SLA at this price point. The Service may experience downtime for maintenance, updates, or unforeseen issues. We'll make reasonable efforts to notify users of planned downtime in advance. For guaranteed uptime, consider self-hosting.

-
- -
-

Backups

-

We perform daily encrypted backups of all hosted vaults. Backups are retained for 30 days. While we take reasonable precautions, we recommend keeping your own exports as an additional safeguard.

-
- -
-

Limitation of liability

-

The Service is provided "as is" without warranty of any kind, express or implied. We are not liable for any indirect, incidental, special, consequential, or punitive damages, including loss of data, revenue, or profits. Our total liability is limited to the amount you paid for the Service in the 12 months preceding the claim.

-
- -
-

Self-hosted software

-

The self-hosted Vault1984 software is released under the MIT License. It is provided "as is" without warranty of any kind. See the LICENSE file in the repository for full terms.

-
- -
-

Termination

-

You can close your account at any time. We may terminate your access for violations of these terms with reasonable notice (except in cases of abuse, where immediate suspension may be necessary). Upon termination, your data is deleted per our privacy policy.

-
- -
-

Changes to these terms

-

We may update these terms from time to time. Material changes will be communicated to registered users by email at least 30 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated terms.

-
- -
-

Governing law

-

These terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.

-
- -
-

Contact

-

Questions about these terms? Email legal@vault1984.com.

-
-
-
-
- - - - - +

Built for humans with AI assistants.

+ + - + \ No newline at end of file diff --git a/vault1984-web b/vault1984-web index 1b28f97..d2e01e9 100755 Binary files a/vault1984-web and b/vault1984-web differ diff --git a/vault1984.css b/vault1984.css index 78fed80..9ad2609 100644 --- a/vault1984.css +++ b/vault1984.css @@ -124,3 +124,63 @@ p.lead { font-size: 1.125rem; } .nav-link:hover { color: var(--text); } .nav-link.active { color: var(--gold); font-weight: 600; display: flex; align-items: center; gap: 0.375rem; } .nav-link.active::before { content:''; display:inline-block; width:6px; height:6px; border-radius:50%; background:var(--gold); animation: hostedPulse 2s ease-in-out infinite; } + +/* === GRADIENT TEXT === */ +.gradient-text { background: linear-gradient(135deg, #22C55E 0%, #4ade80 100%); -webkit-background-clip: text; -webkit-text-fill-color: transparent; background-clip: text; } + +/* === CODE BLOCKS === */ +.code-block { background: rgba(0,0,0,0.4); border: 1px solid var(--border); border-radius: var(--radius); padding: 1.5rem; font-family: var(--font-mono); font-size: 0.875rem; overflow-x: auto; line-height: 1.7; } +.code-block .prompt { color: var(--accent); } +.code-block .comment { color: var(--subtle); } +.code-label { font-size: 0.75rem; color: var(--subtle); margin-bottom: 0.75rem; font-family: var(--font-sans); } +pre, code { font-family: var(--font-mono); } + +/* === FEATURE ICON === */ +.feature-icon { width: 2.5rem; height: 2.5rem; border-radius: 0.5rem; background: rgba(34,197,94,0.1); display: flex; align-items: center; justify-content: center; margin-bottom: 1.25rem; flex-shrink: 0; } +.feature-icon svg { width: 1.25rem; height: 1.25rem; color: var(--accent); stroke: var(--accent); } +.feature-icon.red { background: rgba(239,68,68,0.1); } +.feature-icon.red svg { color: var(--red); stroke: var(--red); } + +/* === CHECK LIST === */ +.checklist { list-style: none; } +.checklist li { display: flex; align-items: flex-start; gap: 0.75rem; font-size: 0.875rem; color: var(--muted); margin-bottom: 0.75rem; } +.checklist li::before { content: ''; width: 1rem; height: 1rem; flex-shrink: 0; background: var(--accent); border-radius: 50%; margin-top: 0.125rem; clip-path: polygon(20% 50%, 40% 70%, 80% 25%, 85% 30%, 40% 80%, 15% 55%); } +.checklist.red li::before { background: var(--red); } + +/* === FOOTER === */ +.footer { border-top: 1px solid var(--border); padding: 3rem 0; } +.footer-inner { display: flex; flex-direction: row; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 1.5rem; } +.footer-links { display: flex; align-items: center; gap: 1rem; font-size: 0.875rem; color: var(--subtle); } +.footer-links a { color: var(--subtle); transition: color 0.15s; } +.footer-links a:hover { color: var(--muted); } +.footer-copy { text-align: center; font-size: 0.75rem; color: var(--subtle); margin-top: 2rem; } + +/* === PROSE (legal pages) === */ +.prose h2 { font-size: 1.375rem; font-weight: 700; color: var(--text); margin: 2.5rem 0 1rem; } +.prose h3 { font-size: 1.1rem; font-weight: 600; color: var(--text); margin: 1.75rem 0 0.75rem; } +.prose p { color: var(--muted); line-height: 1.8; margin-bottom: 1rem; } +.prose ul { color: var(--muted); padding-left: 1.5rem; margin-bottom: 1rem; line-height: 1.8; } +.prose a { color: var(--accent); } +.prose a:hover { text-decoration: underline; } + +/* === BADGE === */ +.badge { display: inline-block; font-family: var(--font-mono); font-size: 0.7rem; font-weight: 600; padding: 0.25rem 0.625rem; border-radius: 9999px; } +.badge.accent { background: rgba(34,197,94,0.15); color: var(--accent); border: 1px solid rgba(34,197,94,0.3); } +.badge.gold { background: rgba(212,175,55,0.15); color: var(--gold); border: 1px solid rgba(212,175,55,0.3); } +.badge.recommended { background: var(--accent); color: var(--bg); } + +/* === PRICING CARDS === */ +.price-card { border-radius: var(--radius); border: 1px solid var(--border); padding: 2.5rem; background: rgba(100,140,200,0.08); } +.price-card.featured { border-color: rgba(34,197,94,0.4); background: rgba(34,197,94,0.06); } +.price-amount { font-size: 3rem; font-weight: 800; color: var(--text); line-height: 1; } +.price-period { font-size: 1rem; color: var(--muted); font-weight: 400; } + +/* === SCROLL === */ +html { scroll-behavior: smooth; } + +/* === ANIMATIONS (pulse for map/decorative) === */ +@keyframes pulseDot { 0%,100% { transform:scale(1); } 50% { transform:scale(1.15); } } +@keyframes pulseRing { 0% { transform:scale(0.8); opacity:1; } 100% { transform:scale(2.5); opacity:0; } } +.pulse-dot { animation: pulseDot 2s ease-in-out infinite; } +.pulse-ring { animation: pulseRing 2s ease-out infinite; } +.pulse-ring-2 { animation: pulseRing 2s ease-out infinite 0.5s; }