Terms of Service

This may be modified at any time without further consent of the user.
Property of Nelson Cybersecurity LLC. Headquartered in Florida, hosted in New York.


We don't host any of our user's files, downloading via our API acts as a proxy and the files are never stored on the server's disk. Given this, you must contact the file host and notify them of the alleged infringement.


Account owners have the sole responsibility for their credentials, we are not responsible for the loss, leaking, and use of these credentials unless through a security breach on our platform. We make available numerous options to protect or recover your account, including 2FA and Password Resets. Accounts are for individual use only, any multiple-party use is prohibited and may result in the termination of your account.


You are responsible for the content uploaded or that communicates with KeyAuth. While we will remove illegal content if we're made aware of it, "KeyAuth" is provided immunity from any legal action held against anything uploaded by users on our service (KeyAuth 230 of the Communications Decency Act). Emails from law enforcement or legal counsel regarding illegal content using our service should be directed to EMAIL.

Acceptable Use

You agree to comply with all applicable legislation and regulations in connection with your use of KeyAuth, this is not limited to your local laws. The use of our service to host, transmit, or share any illegal data will result in an immediate termination of your account and a possible law enforcement notification. We also forbid any attempt to abuse, spam, hack, or crack our service without the written permission of Nelson Cybersecurity LLC. The following actions will result in account termination:

  • Attacks against our webserver, including DDoS attacks and exploitative attempts.

  • Creating a dispute after the refund period, seven days.

  • Attempting to libel KeyAuth to hurt its reputation.

  • Utilizing an unreasonable amount of server resources, i.e. creating hundreds of thousands of users.

  • Violating KeyAuth's open-source license, i.e monetarily benefitting from KeyAuth source by selling it as if you own it


It is pretty much necessary to store these details to fight fraudulent disputes. Otherwise, we'll have insufficient evidence to win the dispute. Also I highly recommend you use the password manager https://bitward.com. You can use Bitwarden for free on multiple devices, and you can also purchase their premium to unlock the ability to store 2FA codes in their browser extension or mobile app.

We collect the below-listed details. We'll try to keep this updated, you can also view https://github.com/KeyAuth/KeyAuth-Source-Code/blob/main/db_structure.sql

  • IP address used to register account, last IP address to login to account, and only if account logs are enabled on your account (they are by default), every IP address that has logged into your account in the past week is saved in database. Also, regardless of whether account logs are enabled, every IP address used to login to an account is sent to a private Discord webhook.

  • Passwords are hashed with BCrypt prior to being stored in the database. We do not log plain-text passwords. With today's technology, BCrypt passwords are considered unable to decrypt to their plain-text form.

  • Email used to register is stored in database, 2FA secret is stored if enabled.

  • Your customer's Windows SID (hwid) is stored in database if sent to our API, their IP address is stored, and their password is stored after being hashed with BCrypt. You're unable to get your customer's plain-text password from our server.

  • We use E-commerce platforms to handle our payments. From the orders on those platforms, we can identify which person made the order. Though, we do not store any of your payment information in our database.