Effective Date: January 2025
1. Information We Collect
Vault operates on a local-first principle and practices data minimization. We collect only the essential information needed to provide our services:
Account Information
- Username: Used for account identification and customer support
- Email address: Used for account authentication, premium features, and support communications
- Password hash: Securely hashed using industry-standard methods for authentication
Analytics Data (Optional)
- Anonymous usage patterns and feature adoption (only if you opt-in)
- Crash reports and error logs (no personal data included)
- Performance metrics to improve app stability
Data We DO NOT Collect
- Your vault data: All passwords, notes, and vault contents remain on your device
- Your actual passwords: We never have access to your stored passwords
- Browsing history or personal files
- Location data or device identifiers
2. How We Use Your Information
Account Management
- Authenticate your identity when you sign in
- Provide premium features to subscribed users
- Send important service updates and security notifications
Customer Support
- Respond to your support requests and technical issues
- Provide assistance with account-related questions
Service Improvement
- Analyze anonymous usage data to improve features (opt-in only)
- Monitor system performance and reliability
3. Data Storage and Security
Local-First Architecture
Your password vault is encrypted and stored locally on your device only. We cannot access your passwords, vault contents, or any personal data stored within Vault.
Account Data Security
- All data transmission uses HTTPS encryption
- Password hashes use bcrypt with high iteration counts
- Account data is stored on secure, US-based servers
- Regular security audits and monitoring
Vault Encryption
- AES-256 encryption for all vault data
- PBKDF2 key derivation with 900,000 iterations
- Unique random salt for each vault
4. Data Sharing and Disclosure
We do not sell, rent, or share your personal information with third parties. We may disclose information only in these limited circumstances:
Legal Requirements
- When required by law, court order, or government request
- To protect our legal rights and prevent fraud
- In connection with a business transfer or acquisition
Service Providers
- Trusted third-party services that help us operate (payment processing, hosting)
- All service providers are bound by confidentiality agreements
- Anonymous analytics may be shared with development partners to improve the software
5. Data Retention
- Account data: Retained while your account is active
- Analytics data: Aggregated and anonymized data may be retained indefinitely
- Support communications: Deleted after 1 year
- Vault data: Always remains on your device under your control
6. Your Rights and Choices
Account Control
- Access and update your account information
- Delete your account and associated data
- Opt-out of analytics collection at any time
GDPR Rights (EU Users)
- Right to access your personal data
- Right to rectify inaccurate information
- Right to erase your data
- Right to data portability
- Right to object to processing
7. International Data Transfers
Vault is operated from the United States. If you are located outside the US, your account information will be transferred to and processed in the United States. We implement appropriate safeguards to protect your data during international transfers and comply with applicable privacy laws.
8. Children's Privacy
Vault is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on our website
- Sending an email notification to your registered email address
- Displaying a notice in the Vault application
Your continued use of Vault after any changes indicates your acceptance of the updated policy.