These Terms & Conditions govern your use of TOTPX services, including our platform, APIs, applications, products, devices and integrations.
Last updated: 27 May 2026
TOTPX is operated by AnyWareX e.U., Mitte 26, 9125 Kühnsdorf, Austria. Contact: office@totpx.com.
These Terms apply to all users of the TOTPX website, app, APIs, trial accounts, free plans, paid subscriptions, company accounts, employee accounts, developer accounts and integrations, unless separate written terms apply.
TOTPX provides cloud-based token verification and authentication infrastructure. The service may include TOTP-based verification, standard token generator scenarios, presence verification, shared access functionality, API services, device management, product templates, software tokens, hardware tokens, logs, dashboards, integrations and IoT-related features.
The exact feature set, limits, support level and available integrations may depend on the selected plan, active add-ons, technical availability and product stage.
Information on the website, including descriptions of features, pricing or plans, is generally provided for information purposes and does not by itself constitute a binding offer. A contractual relationship may be formed when a user creates an account, books a plan, starts a subscription, accepts an invitation, activates a paid service or otherwise uses the platform under these Terms.
We may refuse, restrict or terminate registrations, subscriptions or access if required for security, legal, operational or abuse-prevention reasons.
The use of the TOTPX App and API services may require registration. Users must provide accurate information and keep account, company, billing and contact information up to date.
Users are responsible for keeping login credentials, API keys, device secrets, recovery information and access data confidential. All activities performed through an account, company account, employee account, API key, device identifier or integration endpoint are the responsibility of the respective account holder or organization.
TOTPX staff will never ask users to disclose passwords, raw secrets or security credentials through insecure channels. Users must notify us without undue delay if they suspect unauthorized access, credential loss, API key exposure or misuse.
TOTPX may support company accounts, private accounts, employee accounts, admin roles, developer roles and other user types. The organization or account owner is responsible for assigning roles, removing access when users leave the organization and ensuring that employees or invited users are authorized to use the platform.
Actions performed by invited users, employees, admins or API clients may be attributed to the organization or account under which they operate.
TOTPX may offer trial accounts, sandbox access, free plans, beta features or limited test environments. Trial and free features may differ from paid plans and may be changed, limited or discontinued.
Data created in trial, sandbox, beta or free environments may be deleted, limited, reset or archived after the relevant period ends or if the account remains inactive.
TOTPX may offer different subscription plans with different limits, features and billing cycles. Customers may be able to upgrade, downgrade or add modules such as additional access grants, extended logs, higher API limits, advanced integrations or enterprise features.
Plan changes may affect price, limits, available features, billing period and renewal date. Any unused prepaid amounts, credits or adjustments may be handled according to the checkout flow, app settings or individual agreement.
Within TOTPX, products may act as templates and devices may represent concrete instances. Products and devices may include identifiers, secrets, seed data, token settings, purposes, types, status values, ownership information and integration settings.
Users are responsible for configuring products, devices, token periods, digits, algorithms, identifiers, secrets, access rules and lifecycle states correctly. TOTPX does not guarantee that user-created configurations are suitable for a specific legal, industrial, physical security or business purpose.
Shared Access may use master devices and access grants. Access grants may include separate secrets, validity periods, temporary permissions, revocation options, usage restrictions and device relationships.
Customers are responsible for creating, limiting, monitoring and revoking access grants. Customers must ensure that shared access is granted only to authorized persons and for appropriate periods. Revoking a grant in TOTPX may not automatically reverse actions already performed in external systems.
Presence Verification is intended to support scenarios in which a token, QR code, device or verification event may indicate physical or contextual presence. Customers remain responsible for evaluating whether a specific configuration is sufficient for their security, compliance or operational requirements.
TOTPX does not guarantee that Presence Verification alone proves identity, legal attendance, employment time, access authorization or physical control over a location.
The TOTPX API may be used only for lawful and authorized verification scenarios. API access may be subject to usage limits, rate limits, subscription restrictions, fair-use requirements, anti-abuse mechanisms and technical security controls.
Users may not overload the API, bypass security mechanisms, scrape or extract data outside documented interfaces, attempt unauthorized access, misuse identifiers or tokens, interfere with other users or use the platform for unlawful, harmful, deceptive or abusive purposes.
We may temporarily throttle, block, delay or reject requests if usage appears excessive, abusive, insecure, automated in a harmful way or harmful to platform stability.
API keys, device identifiers, tokens, seeds, secrets and related credentials must be protected by the customer. Customers must not expose secrets in public repositories, client-side code, screenshots, public logs or unsecured channels.
If credentials are compromised, customers should rotate, revoke or regenerate them where possible and notify us if platform security may be affected.
TOTPX may be used with hardware devices, embedded systems, IoT devices, microcontrollers, sensors, locks, access systems, industrial components, external applications and customer-controlled systems.
Customers are responsible for the safety, legality, physical installation, firmware, network security, maintenance, power supply, fallback procedures and operation of such external systems. TOTPX provides verification infrastructure but does not control the final physical or digital action triggered by an integration.
TOTPX may integrate with or rely on third-party services, including payment providers, hosting providers, email providers, analytics tools, cloud infrastructure, notification services, hardware partners or external APIs.
Additional terms, privacy notices and availability conditions of third-party providers may apply. TOTPX is not responsible for third-party systems outside its reasonable control.
Certain services, limits, logs, integrations, add-ons or advanced features may require a paid subscription. Prices, taxes, billing cycles, renewal rules and available payment methods are shown during checkout or inside the TOTPX App.
Payments may be processed through third-party payment providers such as PayPal. Payment data and payment methods may be processed under the terms and privacy policies of the respective payment provider.
Invoices, payment confirmations, subscription status and billing information may be made available through the app, by email or through the relevant payment provider.
If a payment fails, is reversed, disputed or remains overdue, we may restrict or suspend access to paid features, API usage, logs, add-ons or the account until payment is completed. Customers remain responsible for outstanding amounts, chargebacks, taxes and fees caused by failed or unauthorized payments.
We may change prices, plan structures or feature limits from time to time. For existing paid subscriptions, material price changes will generally be communicated in advance through the app, website, email or billing provider, unless the change is caused by taxes, third-party fees, regulatory requirements or a separately agreed contract.
We aim to provide a reliable service, but uninterrupted availability cannot be guaranteed. Maintenance, updates, infrastructure issues, third-party provider issues, security measures or force majeure events may temporarily affect service availability.
Planned maintenance may be announced where practical. Emergency maintenance may be performed without prior notice if required to protect security, availability, data integrity or platform stability.
Support availability, response times, support channels and personal assistance may vary depending on the selected plan, the type of request and operational capacity. Support may be limited for free, trial, sandbox or beta accounts.
Customers should report reproducible errors with sufficient information, such as affected account, device, endpoint, timestamp, request example, response code and steps to reproduce. Customers must cooperate reasonably when troubleshooting issues caused by their own configuration, network, hardware, firmware, API client or third-party systems.
Support may not cover customer hardware defects, unsupported firmware, external software, local network issues, custom third-party integrations, misuse, unauthorized modifications or on-site work unless separately agreed.
Customers must ensure that their use of TOTPX complies with applicable laws, contractual obligations, internal policies, security requirements and the rights of third parties.
Customers are responsible for backups, internal access rules, device ownership, employee access, data exports, endpoint security, correct integration logic, physical safety of connected systems and the consequences of actions triggered by their own systems.
Users must not use TOTPX for unauthorized access, unlawful surveillance, credential abuse, fraud, malware, denial-of-service activity, security bypassing, harassment, harmful automation or any scenario that violates applicable law or third-party rights.
Users must not upload, transmit or store content or data that is illegal, harmful, infringing, malicious or intended to disrupt the platform.
Verification requests, device identifiers, timestamps, request metadata, success or failure results, API events, security events, account events and related platform data may be processed to provide the service, prevent abuse, improve security, support troubleshooting and maintain platform integrity.
Retention periods may depend on the selected plan, legal requirements, security needs, product settings and technical configuration. Details are described in the Privacy Policy.
Where supported, customers may export available account data, device data, product configurations, logs or billing information during the active contract period. Customers are responsible for exporting data before deleting an account or terminating a subscription.
After termination, cancellation, inactivity or account deletion, data may be deleted, anonymized or archived after a reasonable retention period unless legal, security, billing or operational reasons require longer storage.
If data, configurations, integration URLs, device names, identifiers or account activity appear to violate law, third-party rights, platform rules or security requirements, we may restrict, block, remove or disable the affected data, device, integration, API key or account.
TOTPX, its software, website, app, APIs, documentation, designs, trademarks, logos and platform concepts are protected by intellectual property rights. Customers receive a limited, non-exclusive, non-transferable right to use the service during the active subscription or permitted access period.
Customers may not copy, resell, reverse engineer, sublicense, redistribute or make the service available as a competing platform unless expressly permitted by written agreement.
Customers retain rights to their own data. By using the platform, customers grant us the rights necessary to host, process, transmit, secure and display that data for the purpose of providing the service.
Feedback, suggestions or feature ideas may be used to improve TOTPX without creating an obligation to compensate the person providing the feedback.
Non-public technical, business, security or pricing information exchanged in connection with TOTPX should be treated as confidential unless it is already public, independently developed or lawfully received from a third party.
To the maximum extent permitted by applicable law, TOTPX is not liable for indirect, incidental or consequential damages, including loss of profit, loss of data, business interruption, lost revenue, reputational damage or damages caused by customer-controlled hardware, software, integrations, APIs, network infrastructure or third-party systems.
Customers remain responsible for implementing appropriate redundancy, monitoring, backups, fallback procedures and security controls for critical environments.
Users may terminate their account or subscription according to the options available in the TOTPX App, through the billing provider or through an agreed support process. Non-use of the service does not automatically constitute termination.
We may suspend or terminate access if an account, API key, device or integration causes security risks, violates these Terms, violates applicable law, overloads the service, endangers other users or systems, remains unpaid or is used abusively.
We may transfer rights and obligations related to the service, in whole or in part, to another legal entity, successor, affiliate or service operator if this is necessary for business continuity, restructuring, sale, merger or operational reasons, provided that user rights are not unreasonably impaired.
TOTPX may evolve over time. Features, plans, limits, integrations, documentation and these Terms may be updated. If changes materially affect existing customers, we will make reasonable efforts to provide notice through the website, the app, email or billing provider.
Continued use of the service after changes become effective constitutes acceptance of the updated Terms.
These Terms are intended for a service operated from Austria. Unless mandatory law provides otherwise, Austrian law shall apply. The competent court should be determined according to the applicable legal framework and final company setup before commercial publication.
Questions regarding these Terms may be sent to:
office@totpx.com