Terms of Service
The terms that apply when you use Whisp3r Auth as your identity provider.
About these terms
These Terms apply when you use Whisp3r Auth at auth.whisp3r.com. "Whisp3r Auth", "we", "us" means the operator of the service. "You" means the individual who creates a Whisp3r Auth account. "Authorized Application" means a third-party app you have permitted to sign you in via Whisp3r Auth.
Our privacy notice lives at /privacy. Our cookie policy lives at /cookies. Where this document and either of those conflict, the more user-favorable wording governs.
What the service does
Whisp3r Auth is an identity provider. You create one account; you use it to sign in to apps that have integrated with us using the OpenID Connect (OIDC) standard. When you authorize one of those apps, Whisp3r Auth issues a signed token containing the identity claims you consented to share.
Whisp3r Auth does not act on your behalf inside Authorized Applications. We only verify your identity to them. Each Authorized Application is governed by its own terms.
Who can use it
You must be at least thirteen years old to use Whisp3r Auth. If you create an account on behalf of an organization, you represent that you are authorized to bind that organization to these Terms.
Account responsibility
You are responsible for the activity that occurs on your account. Keep your password and second-factor device secure. Do not share credentials. Notify us promptly at auth@whisp3r.com if you suspect your account has been compromised.
You may register Authorized Applications from your dashboard. You are responsible for the accuracy of each application's metadata (name, redirect URIs, owner). Do not register applications that misrepresent their identity, purpose, or operator.
Acceptable use
By using Whisp3r Auth, you agree not to:
- Create accounts using identities other than your own.
- Use Whisp3r Auth to gain unauthorized access to any account or system, including by credential stuffing, brute force, or token theft.
- Interfere with or disrupt the service, including by probing for vulnerabilities other than through a coordinated disclosure email to auth@whisp3r.com.
- Use Whisp3r Auth in violation of any applicable law.
- Resell, sublicense, or attempt to reverse engineer the service.
Suspension and termination
You may close your account at any time from your security settings. Closure deletes your personal data, revokes outstanding OIDC tokens, and signs you out of every device.
We may suspend or terminate accounts that violate these Terms, that show indicators of abuse or compromise, or where required by law. Where time allows and where lawful, we will tell you why.
Disclaimers
The service is provided "as is" and "as available" without warranties of any kind, express or implied, including the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the service will be uninterrupted, error-free, or free of harmful components.
Limitation of liability
To the maximum extent permitted by law, our aggregate liability arising from or relating to the service will not exceed the greater of (a) one hundred US dollars (USD $100), or (b) the amount you paid us in the preceding twelve months. We are not liable for indirect, incidental, consequential, special, exemplary, or punitive damages, or for loss of profits, revenue, data, or goodwill.
Some jurisdictions do not allow the exclusion of certain warranties or the limitation of certain damages; in those jurisdictions, the foregoing limitations apply only to the maximum extent permitted.
Governing law
These Terms are governed by the laws of the State of Vermont, USA, without regard to conflict-of-laws principles. Any dispute will be resolved exclusively in the state or federal courts located in Vermont, and you consent to personal jurisdiction in those courts.
Nothing in this section deprives you of mandatory consumer protections available under the law of your country of residence.
Changes to these terms
We may update these Terms. The effective date at the top reflects the most recent revision. For material changes, we will email signed-in users and post a notice at sign-in. Continued use after the effective date constitutes acceptance.
Contact
Questions about these Terms? Email auth@whisp3r.com.