Privacy Policy

Last Updated: October 6, 2025

Vaultica ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

1. Information We Collect

1.1 Account Information

• Authentication Data: Email address or phone number used for sign-in via Google OAuth
• Display Name: Name associated with your account
• User ID: Unique identifier for your account

1.2 Subscription Information

• Payment Data: Processed securely through Stripe (we do not store credit card information)
• Subscription Status: Active/inactive status, plan type, and pricing information

1.3 Communication Data

• Encrypted Messages: All messages are end-to-end encrypted before storage
• Message Metadata: Timestamps, sender/recipient identifiers
• Contact Information: Contact names and identifiers you add to your spaces

1.4 Technical Data

• Device Information: Device type, operating system version
• Log Data: Error logs and crash reports for app functionality
• Usage Data: Features used, session duration (for app improvement only)

2. How We Use Your Information

We use the collected information solely for the following purposes:

• App Functionality: To provide core messaging, encryption, and space management features
• Authentication: To verify your identity and secure your account
• Subscription Management: To process payments and manage your subscription status
• Service Improvement: To fix bugs, improve performance, and add new features
• Security: To detect and prevent fraud, abuse, and security incidents

3. End-to-End Encryption

Vaultica uses end-to-end encryption (E2EE) for all messages and sensitive data:

• Messages are encrypted on your device before being sent
• Only the intended recipient can decrypt the messages
• We cannot read your messages - they are encrypted with keys only you and your contacts possess
• Encryption keys are stored locally on your device and never transmitted to our servers in plain text

4. Data Storage and Security

4.1 Where We Store Data

• Firebase/Firestore: Encrypted messages, user profiles, and metadata
• Local Device Storage: Encryption keys, passcode, cached messages
• Stripe: Payment information (processed and stored by Stripe, not by us)

4.2 Security Measures

• End-to-end encryption for all messages
• Secure passcode protection for app access
• HTTPS/TLS for all data transmission
• Regular security audits and updates

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We only share data in the following limited circumstances:

• Service Providers: Firebase (Google Cloud) for hosting, Stripe for payments - both under strict data protection agreements
• Legal Compliance: When required by law, court order, or to protect our rights and safety
• With Your Consent: When you explicitly authorize us to share specific information

6. Data Retention

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion
• Messages: Stored encrypted until you delete them; we cannot access message contents
• Logs: Technical logs are retained for up to 90 days for debugging purposes

7. Your Rights and Choices

You have the following rights regarding your data:

• Access: Request a copy of your personal data
• Correction: Update or correct your account information
• Deletion: Request deletion of your account and associated data
• Data Portability: Request your data in a portable format
• Opt-Out: Unsubscribe from promotional communications (we don't send marketing emails currently)

8. Children's Privacy

Vaultica is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Third-Party Services

We use the following third-party services:

• Google Firebase: Authentication, database, and cloud functions (Privacy Policy)
• Stripe: Payment processing (Privacy Policy)
• Google OAuth: Sign-in functionality (Privacy Policy)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an in-app notification for material changes

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your CCPA rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing

---

By using Vaultica, you acknowledge that you have read and understood this Privacy Policy.