Plain-language summary
Use the app responsibly, protect your account, and only store sensitive data after understanding the risks. Create A Thing is an organizing workspace with optional encrypted secure text labels. It is not a bank, payment processor, PCI-certified card vault, or audited password manager. Public Things are meant to be viewable by others and may be copied into their workspaces.
1. Acceptance of Terms
By creating an account, signing in, clicking an acceptance checkbox, or using Create A Thing, you agree to these Terms of Service and the Privacy Policy. If you do not agree, you may not use the service.
You must accept these terms before creating your first root Thing. Continued use after an update means you accept the updated terms, unless additional consent is required by law or by the product.
2. Service Description
Create A Thing lets users create nested Things, labels, notes, files, background images, and structured records. Some Things may be marked secure so text labels and descendants are treated as sensitive.
The service is an evolving MVP. Features, security controls, storage limits, file handling, search behavior, secure-label behavior, and availability may change as the product matures.
3. Account Responsibilities
You are responsible for maintaining control of your account, email, devices, browser sessions, passwords, and recovery material. You must provide accurate account information and notify us promptly if you suspect unauthorized access.
If a secure-label password or unlock material is used, losing it may make encrypted text labels permanently unrecoverable. Account recovery does not guarantee encrypted-label recovery.
4. Secure Text Labels
Sensitive data includes passwords, app passwords, API keys, recovery codes, private notes, identity data, financial data, card details, and anything that may cause harm if disclosed.
Secure text labels are encrypted in your browser before they are saved. You should put sensitive text only in secure text labels. Do not place secrets in Thing names, slugs, breadcrumbs, normal labels, background images, file names, search terms, or other surfaces that may be displayed, indexed, previewed, or logged.
Files and background images are protected by authenticated account access and storage rules, but they are not currently end-to-end encrypted. File labels are disabled inside secure Things until encrypted file uploads are supported.
5. Payment and Card Data
Create A Thing is not a payment processor, bank, card issuer, or PCI DSS-certified card-storage provider. You must not store CVV/CVC codes, PINs, magnetic-stripe data, authentication data, or any payment information that applicable law or card-network rules prohibit you from storing.
If you store virtual-card references, you are responsible for determining whether that use is appropriate and lawful. The safer product pattern is to store references such as nickname, issuer, last four digits, expiration reminder, and related platform, not full payment authentication data.
6. Security Limits
We aim to use authentication, database access controls, client-side encryption for secure text labels, least-privilege storage policies, and reasonable operational safeguards. These controls reduce risk but do not eliminate it.
No internet service or browser application can promise absolute security. Data may be exposed through device compromise, stolen sessions, weak passwords, phishing, browser extensions, provider incidents, user mistakes, software defects, or other events outside our control.
7. Acceptable Use
You may not use the service to store or distribute illegal content, stolen credentials, malware secrets, fraud materials, unlawful payment data, content you do not have the right to store, or data that violates another person's rights.
We may suspend, restrict, or terminate access if we reasonably believe the service is being misused, abused, attacked, used unlawfully, or used in a way that creates risk for the service or other users.
8. Disclaimers
The service is provided on an "as is" and "as available" basis. To the fullest extent permitted by law, we disclaim warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, error-free operation, and complete security.
These terms do not provide legal, financial, compliance, payment-card, or security advice. You should obtain professional guidance before using the service for regulated, business critical, or high-risk data.
9. Limitation of Liability
To the fullest extent permitted by law, Create A Thing and its owner will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for loss of data, profits, business, goodwill, credentials, accounts, or funds arising from use of the service.
Some jurisdictions do not allow certain limitations, so parts of this section may not apply to you. In that case, liability is limited to the maximum extent permitted by applicable law.
10. Public Things and Copying
If you mark a Thing public, that Thing, its public child Things, and its non-secure text labels may be viewable by other users or visitors. Public Things must not contain secrets, private personal data, payment authentication data, confidential files, or content you do not have permission to share.
Public discovery and copying are paused for the launch version. If these features are enabled later, copies may not include every original detail, such as files, backgrounds, secure labels, encrypted labels, or private descendants.
11. Changes
We may update these terms as the product, security model, providers, laws, or business needs change. Material changes should be reflected by a new effective date and may require renewed acceptance.