Privacy Policy

At VaultKey, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our password management service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, and password when you create an account
• Payment Information: Billing address and payment method details for paid subscriptions
• Support Communications: Information you provide when contacting our support team

1.2 Vault Data

Your vault data (passwords, secure notes, and other stored items) is encrypted locally on your device before being transmitted to our servers. We use zero-knowledge encryption, meaning we cannot access your decrypted vault data. Only you have the encryption keys needed to decrypt your information.

1.3 Automatically Collected Information

• Device Information: Device type, operating system, and browser type
• Usage Data: Features used, login times, and general usage patterns
• IP Address: Used for security monitoring and fraud prevention

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send administrative messages, security alerts, and support communications
• Detect, prevent, and address fraud and security issues
• Comply with legal obligations

3. Zero-Knowledge Architecture

VaultKey is built on a zero-knowledge security model. This means:

• Your master password is never transmitted to or stored on our servers
• All vault data is encrypted locally using your master password before sync
• We cannot decrypt your vault data under any circumstances
• Even if our servers were compromised, your encrypted data would remain secure

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: Third parties that help us operate our service (payment processors, hosting providers)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement robust security measures including:

• AES-256 bit encryption for all vault data
• TLS 1.3 for all data in transit
• Regular third-party security audits
• SOC 2 Type II certification
• Multi-factor authentication options
• Intrusion detection and monitoring systems

6. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will delete your encrypted vault data within 30 days. Some information may be retained longer for legal compliance, fraud prevention, or legitimate business purposes.

7. Your Rights

Depending on your location, you may have the following rights:

• Access your personal information
• Correct inaccurate data
• Delete your account and data
• Export your data
• Object to certain processing
• Withdraw consent

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

9. Children's Privacy

VaultKey is not intended for children under 13. We do not knowingly collect information from children under 13. If we learn we have collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. Your continued use of VaultKey after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@vaultkey.io
• Address: VaultKey Inc., 123 Security Lane, San Francisco, CA 94105