Privacy Policy

Effective date: April 1, 2026

1. Introduction

Vaulit (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use Vaulit (“Service”). Please read this policy carefully.

This Privacy Policy applies to residents of the United States, including California residents who have additional rights under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”).

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, and password when you register.
  • Documents you upload: Files, images, and scanned documents you store in Vaulit. These may contain sensitive personal information.
  • Payment information: Billing details processed by our payment provider (Stripe). We do not store full card numbers.
  • Communications: Messages you send to our support team.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, clicks, and session duration.
  • Device information: Browser type, operating system, IP address, and device identifiers.
  • Cookies and similar technologies: See Section 7 for details.
  • Log data: Server logs including request times, error reports, and referrer URLs.

2.3 Information from Third Parties

  • Authentication providers: If you sign in via Google or Apple, we receive basic profile information (name, email, profile picture).
  • Payment processors: Transaction status and billing address from Stripe.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Process your documents using OCR, auto-categorization, and semantic search
  • Send expiry alerts and service notifications
  • Process payments and manage subscriptions
  • Respond to support requests
  • Analyze usage patterns to improve product features (using anonymized/aggregated data)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not train AI models on your documents. Your uploaded content is processed solely to provide the Service features you use. It is never shared with third parties for advertising purposes.

4. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers: Third parties that help us operate the Service, including cloud storage (AWS S3), authentication (Clerk), payments (Stripe), analytics (PostHog), and AI services (Anthropic, Google Cloud). These providers are contractually bound to protect your data and may only use it to perform services on our behalf.
  • Legal requirements: When required by law, court order, or governmental authority, or to protect the rights, property, or safety of Vaulit, our users, or others.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to you.

5. Data Storage and Security

Your documents are stored encrypted at rest (AES-256) on AWS S3 infrastructure located in the United States. Data is transmitted over TLS 1.2 or higher. We use Supabase (PostgreSQL) for structured data with row-level security policies.

Despite our security measures, no system is completely secure. We encourage you to use a strong, unique password and to notify us immediately if you suspect unauthorized access.

6. Data Retention

We retain your personal information and documents for as long as your account is active. When you delete a document, it is removed from your vault and permanently deleted from our storage within 30 days. When you close your account, all associated data is deleted within 90 days, except where retention is required by law.

7. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential cookies: Required for the Service to function (authentication session, security tokens). Cannot be disabled.
  • Analytics cookies: Help us understand how users interact with the Service (PostHog). Used only with your consent.
  • Preference cookies: Remember your settings and preferences.

You can manage cookie preferences through the cookie consent banner or your browser settings. Disabling non-essential cookies does not affect your ability to use the Service.

8. California Privacy Rights (CCPA / CPRA)

California residents have the following rights under the CCPA/CPRA:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale/Sharing: Vaulit does not sell or share your personal information for cross-context behavioral advertising.
  • Right to Limit Sensitive Data Use: You may limit our use of sensitive personal information to what is necessary to provide the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, contact us at privacy@vaulit.app. We will verify your identity before processing requests. California residents may also designate an authorized agent to make requests on their behalf.

Categories of personal information collected in the past 12 months: Identifiers (name, email, IP address); commercial information (subscription records); internet activity (usage data, logs); and documents you choose to upload.

9. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at privacy@vaulit.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy with a new effective date. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related questions or to exercise your rights, contact our Privacy Team:

Email: privacy@vaulit.app
Response time: We respond to all privacy requests within 45 days.