Privacy Policy

This Privacy Policy describes how information is handled when you use Vault App's website, applications, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

General Remarks

Vault App has no technical means to access your encrypted passwords, secure notes, credit card information, or other items stored in your vault. The Service is built on a zero-knowledge architecture, which means only you know what is stored in your vault.

In cryptography, zero-knowledge refers to being able to prove you know something without revealing what that is. This zero-knowledge password manager keeps the proof that you have the key, but not the key itself. No one else can see your passwords, credit card details, or secure notes.

Your master password is never held by the Service. Your encrypted data remains secure even if network infrastructure were compromised.

Information Processed by the Service

In addition to vault data—which remains unreadable to anyone but you—the following information may be processed when you use the Service:

Account information

When you create an account, information necessary to operate the Service is collected, such as your username and account credentials. Your account password is hashed before storage. A cryptographic salt used for encryption key derivation is also associated with your account.

Website and application usage

When you visit the website or use the applications, certain technical information may be collected automatically. This may include your IP address, browser type, device type, operating system, pages visited, and similar diagnostic information.

Analytics tools may be used to understand how the Service is used and to improve performance, reliability, and user experience. Analytics data is generally aggregated and does not include the contents of your vault.

Service operation data

Limited metadata needed to operate the Service may be processed, such as account identifiers, subscription type, timestamps related to account activity, and information about whether the application is functioning correctly. This information supports maintenance, security, and reliability of the Service.

Information That Remains Inaccessible

Because of the zero-knowledge architecture, the following remain inaccessible to anyone but you:

  • Your master password
  • Your encryption keys
  • Passwords, secure notes, or credit card details stored in your vault
  • Contents of encrypted fields within your vault items

Activity Log and Password History

Vault App may offer features that help you review account and vault activity, such as log-ins, password changes, and related events. Activity information is associated with your account and is intended to help you stay informed about use of your vault.

Where password history is available, it allows you to view recent password changes for an item. This information is accessible only to you and remains protected by the same encryption and access controls that apply to your vault.

How Information Is Used

Information processed by the Service is used to:

  • Provide, operate, and maintain the Service
  • Authenticate users and secure accounts
  • Monitor performance, diagnose issues, and improve reliability
  • Deliver Service-related notices and support communications
  • Comply with legal obligations and protect the security of the Service

Personal information is not sold.

Password Sharing

Password sharing is intentionally not supported by Vault App. This design helps ensure that each user maintains exclusive control over their credentials and sensitive information, reducing risks associated with shared access.

Third-Party Infrastructure

Trusted third-party providers may be used to help operate the Service, such as hosting, infrastructure, analytics, and email delivery providers. These providers may process limited personal data solely to operate the Service.

Vault data stored through the Service remains encrypted. Third-party infrastructure providers cannot decrypt or access the contents of your vault without your master password and encryption keys.

Data Retention

Personal data associated with active accounts is retained for as long as your account remains active, unless you request deletion or deletion is required by law.

Retaining account-related data while your account is active helps ensure that encrypted vault data associated with your account is not lost due to premature deletion of necessary account records.

Security

Administrative, technical, and organizational measures are designed to protect personal data and the integrity of the Service. Vault data is encrypted on your device using AES-256-GCM before it is stored or synchronized.

No method of transmission or storage is completely secure. Absolute security cannot be guaranteed.

Your Choices

You may stop using the Service or delete your account at any time, subject to any technical or legal limitations on deletion.

Because your master password and vault contents remain under your exclusive control, account recovery without your master password is not possible. You are responsible for maintaining access to your master password and any recovery methods you configure.

Children's Privacy

The Service is intended for individuals who are at least 18 years old. Personal information is not knowingly collected from children under 18.

Changes to This Policy

This Privacy Policy may be updated from time to time. Material changes will be posted on this page. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy, contact support@vault0.app.