Legal

Terms of Service

Effective date: June 21, 2026 · Last updated: June 21, 2026
Applies to: OakAuth mobile app (Android) and oakauth.app

Contents

Acceptance of these terms
What OakAuth is
Your account and enrollment
Acceptable use
Service availability
Your security responsibilities
Deregistration and termination
Intellectual property
Disclaimer of warranties
Limitation of liability
Indemnification
Governing law and disputes
Changes to these terms
Contact

1. Acceptance of these terms

By downloading, installing, or using the OakAuth mobile application or accessing oakauth.app, you agree to be bound by these Terms of Service ("Terms") and our Privacy Policy.

If you do not agree to these Terms, do not use OakAuth.

These Terms constitute a legally binding agreement between you and Oakinkin Labs ("we," "us," "our"), a company organized under the laws of the State of Delaware, United States.

2. What OakAuth is

OakAuth is an authentication application that allows enrolled users to approve or deny sign-in requests from connected services via push notification, and to generate one-time TOTP codes (RFC 6238) for offline fallback authentication.

OakAuth is not a replacement for strong passwords. It is a second factor that works alongside your password. It does not protect an account that uses a weak or reused password. OakAuth does not perform any security function beyond authentication — it is not a VPN, antivirus, firewall, or general security tool.

OakAuth is designed for internal use within Oakinkin Labs products and, where offered, for use within services operated by Oakinkin Labs managed clients. Access is granted by the administrator of the service you are trying to protect.

3. Your account and enrollment

Your OakAuth account is created by the administrator of the service you are enrolling with. You do not self-register directly with Oakinkin Labs; instead, you receive an enrollment QR code or token from your service administrator.

You are responsible for:

Keeping your enrolled device secure and not sharing access to it with others
Notifying your service administrator immediately if your device is lost, stolen, or compromised
Keeping your device's operating system updated to maintain hardware-backed key security
Registering a valid recovery email if you want to recover access without administrator assistance

4. Acceptable use

You agree not to use OakAuth to:

Approve sign-in requests that you did not initiate — if you receive an unexpected approval request, deny it and contact your administrator
Attempt to reverse-engineer, decompile, or tamper with the OakAuth application
Attempt to circumvent the Ed25519 signing requirement or any other security mechanism
Use OakAuth in any way that violates applicable local, state, national, or international laws
Automate or script approval responses without human review of each request

Security reminder: OakAuth shows you the service name, approximate location, and timestamp before you approve. Never approve a request you did not initiate. If in doubt, deny and re-attempt the sign-in yourself.

5. Service availability

We aim to keep OakAuth operational, but we do not guarantee uninterrupted service. OakAuth depends on infrastructure including our server and Firebase Cloud Messaging — any of which may experience downtime. OakAuth includes a TOTP fallback that functions entirely offline and does not depend on our server or FCM.

We reserve the right to suspend or discontinue OakAuth at any time, with or without notice, for maintenance, security reasons, or any other reason.

6. Your security responsibilities

Device lock screen: You must use a PIN, password, or biometric to lock your device. An unlocked device with OakAuth installed can be used to approve sign-in requests by anyone who picks it up.
Lost or stolen device: If your device is lost or stolen, immediately contact your service administrator to deregister it.
Biometric setup: OakAuth requires biometric confirmation before approving requests by default. Disabling this setting increases risk.
Recovery email: Set a recovery email address so you can regain access if your device is lost.

Oakinkin Labs is not responsible for unauthorized sign-in approvals resulting from your failure to secure your enrolled device.

7. Deregistration and termination

You can deregister at any time

You may remove your device from OakAuth at any time by using "Remove this device" in the app Settings screen. This immediately deactivates the device and deletes your FCM token and device key from our server.

We may deregister your device

Your service administrator may deregister your device at any time without notice. We may also deregister devices that have not been seen for an extended period or whose FCM tokens are no longer valid.

Termination of service

Your access to OakAuth is ultimately controlled by the administrator of the service you are enrolled with. All personal data associated with your account will be deleted in accordance with our Privacy Policy.

8. Intellectual property

OakAuth, its logo, design, code, and all associated materials are the property of Oakinkin Labs. "OakAuth," "Oakinkin," "Oakinkin Labs," and the circuit-tree-fingerprint mark are trademarks of Oakinkin Labs.

You are granted a limited, non-exclusive, non-transferable license to use the OakAuth app on your enrolled device for authentication purposes. This license does not include the right to reproduce, distribute, modify, or create derivative works of OakAuth.

9. Disclaimer of warranties

OakAuth is provided "as is" and "as available" without warranties of any kind, either express or implied. To the fullest extent permitted by applicable law, Oakinkin Labs disclaims all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

No authentication system provides absolute security. OakAuth significantly raises the bar for unauthorized sign-ins, but it does not eliminate all risk.

10. Limitation of liability

To the fullest extent permitted by applicable law, in no event shall Oakinkin Labs, its owner, officers, agents, or affiliates be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, use, goodwill, or other intangible losses, resulting from your use or inability to use OakAuth.

Our total liability to you for any claim arising out of or related to these Terms shall not exceed fifty US dollars ($50.00).

11. Indemnification

You agree to indemnify, defend, and hold harmless Oakinkin Labs and its owner from and against any claims, damages, obligations, losses, liabilities, costs, and expenses arising from: (a) your use of OakAuth; (b) your violation of these Terms; (c) your violation of any third-party right; or (d) any claim that your use of OakAuth caused damage to a third party.

12. Governing law and disputes

These Terms are governed by the laws of the State of Delaware, United States, without regard to its conflict of law provisions.

Any dispute that cannot be resolved informally shall be resolved by binding arbitration administered by the American Arbitration Association in accordance with its Commercial Arbitration Rules, with arbitration conducted in Delaware. You waive any right to a jury trial or participation in a class action lawsuit.

You may opt out of the arbitration clause within 30 days of first using OakAuth by emailing oakinkinlabs@gmail.com with the subject "Arbitration Opt-Out." If you opt out, disputes will be resolved in the state or federal courts located in Delaware.

13. Changes to these terms

We may update these Terms from time to time. We will provide at least 14 days' advance notice of material changes via the app or email. Your continued use of OakAuth after the effective date constitutes acceptance of the new Terms.

14. Contact

Questions about these Terms?

⚖️

Oakinkin Labs — Legal

Email: oakinkinlabs@gmail.com

State of incorporation: Delaware, United States

We aim to respond to all legal inquiries within 5 business days.