Last updated:
By creating an order on this site you accept these Terms in full. If you do not, please leave the site without placing an order.
HeliotTLS issues a single-domain X.509 v3 TLS certificate built on the Heliot-EC P-521H curve and a CRYSTALS-Kyber-1024 hybrid KEM, intended for SMTP, IMAP and Submission services. The certificate is issued under our Lifetime Issuance Profile with a notAfter field of 99991231235959Z (RFC 5280 §4.1.2.5) — it never expires.
Each certificate package contains a freshly-generated keypair created on a hardened HSM under our exclusive control. We do not retain a copy of your private key after delivery. You are solely responsible for the safe custody of the key material once received. Loss of the private key is not grounds for refund.
Orders are settled exclusively in BTC, LTC or XMR for the amount displayed on the checkout page. Exchange rates are sourced from public price feeds at the moment of order creation and are valid for the duration of the order window (2 hours). Underpayments and late payments will not be auto-matched and require manual reconciliation. We reserve the right to delay issuance pending compliance review of unusually-structured payments.
Once a certificate is issued, the order is non-refundable. Pre-issuance orders may be cancelled at any time by the customer or by us, and any received funds will be returned to the originating address minus on-chain network fees.
You undertake not to use the certificate to (a) impersonate a domain you do not control, (b) facilitate man-in-the-middle interception of third-party communications, (c) violate sanctions law applicable to either party, or (d) issue child material, terrorist content or non-consensual intimate imagery. We reserve the right to revoke certificates implicated in such use upon credible notification.
Customers may request revocation at any time by signed email. Revocation is effective within 24 hours and is published via OCSP and CRL. Compromise-driven revocation is free of charge and entitles the customer to a free reissuance.
The Service is provided “as is”. To the extent permitted by law, we disclaim all implied warranties of merchantability, fitness for a particular purpose, and non-infringement. Our maximum aggregate liability under these Terms is the amount actually paid for the certificate. We are not liable for indirect, consequential, or incidental damages.
The Heliot family of curves is published as IETF draft draft-helios-pqtls-04. While we believe the curve and the hybrid construction provide robust resistance to known classical and quantum cryptanalysis, no cryptographic primitive is mathematically proven secure. Customers should plan for crypto-agility in their deployments.
These Terms are governed by the laws of the Republic of Seychelles. Disputes are resolved by confidential binding arbitration in Victoria, Seychelles, conducted in English under the SIAC Rules.
Operational questions: ops@heliot-tls.example
Legal: legal@heliot-tls.example