1. Scope
This policy covers VaultProof's website, app, scanner, init, API, and provider routing services.
This Privacy Policy explains how VaultProof Inc. collects, uses, shares, and protects information when you visit the website, use the dashboard, run hosted init, download VaultProof files, use the scanner, or route provider calls through VaultProof.
If you use VaultProof for a company or organization, that organization may control some data in the account. Your use of VaultProof is also governed by the Terms of Service.
2. Data We Collect
We collect the data needed to operate and secure the service.
The exact data depends on how you use VaultProof. Most data falls into account, configuration, usage, billing, support, and device categories.
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email address, name if provided, authentication metadata, workspace membership, plan state, and account settings. | Login, account management, security, notifications, and support. |
| Configuration data | Project names, provider types, token prefixes, environment labels, allowed routes, budgets, alert settings, and dashboard preferences. | Provide key management, routing, policy controls, alerts, and user workflows. |
| Usage metadata | Provider, route, status code, timestamp, latency, error class, request ID, approximate volume, and operational logs. | Operate the service, debug issues, detect abuse, show activity, and support incident review. |
| Billing data | Plan, subscription status, customer ID, invoices, payment status, and billing contact details handled by our payment processor. | Process subscriptions, taxes, invoices, limits, and billing support. |
| Support data | Messages you send us, live chat conversations, screenshots, logs, issue details, abuse reports, and security reports. | Answer questions, investigate reports, fix issues, and improve documentation. |
| Device and site data | IP address, browser type, pages viewed, referrer, approximate location, and diagnostics from website and app analytics. | Security, fraud prevention, performance, analytics, and product improvement. |
3. Provider Data
Provider-key data is handled for key protection and runtime routing.
VaultProof is built to reduce where raw provider keys live. When you add a supported provider key or run hosted init, VaultProof may process provider key material, VaultProof-generated token values, provider-compatible base URLs, and metadata needed to route requests.
Setup
The init tool can detect supported keys, protect them, and write VaultProof values and base URLs into your app environment.
Runtime
When your app makes a provider request, VaultProof uses the required upstream credential to authenticate that request with the provider.
Logs
We record operational metadata such as route, status, timestamp, latency, and error information. We do not intentionally log raw provider keys.
4. How We Use Data
We use data to run, secure, support, bill, and improve VaultProof.
We process information only for practical service purposes and legal reasons.
- Provide the website, dashboard, hosted init, downloads, scanner, API, and provider routing services.
- Authenticate users, maintain sessions, manage accounts, and enforce workspace permissions.
- Route supported provider requests and show activity, usage, alerts, errors, and status information.
- Detect abuse, investigate suspicious usage, protect against fraud, and enforce the Terms.
- Process billing, invoices, plan limits, taxes, payment status, and related support requests.
- Provide customer support chat, respond to support requests, and connect conversations with account context when available.
- Send service messages, security notices, product updates, and support replies.
- Measure site and product usage so we can improve onboarding, documentation, reliability, and performance.
- Comply with law, legal process, and legitimate requests from users, providers, or authorities.
5. Sharing
We do not sell customer data.
We share information only when needed to provide the service, work with trusted vendors, protect users, comply with law, or complete a business transaction.
Service providers
We use vendors for hosting, authentication, database infrastructure, payments, analytics, email, monitoring, support, security, and similar operations.
Provider routing
When your app calls an upstream provider through VaultProof, the provider receives the request data needed to process that provider call.
Security and abuse
We may share or preserve information to investigate abuse, prevent harm, enforce our Terms, protect users, or coordinate with providers.
Legal and corporate events
We may disclose information when required by law, legal process, or as part of a merger, financing, acquisition, or sale of assets.
6. Retention
We keep data as long as needed for the service and legitimate operational needs.
Retention depends on the type of data, your plan, legal requirements, security needs, and whether the data is still needed for billing, support, audit, abuse prevention, or incident review.
- Account and configuration data is generally kept while the account or workspace is active.
- Usage, activity, and error metadata may be retained to power dashboard history, billing confidence, support, security review, and abuse detection.
- Billing records may be retained as required for tax, accounting, dispute, and payment compliance.
- Support, abuse, and security reports may be retained as needed to resolve the issue and protect the service.
- Backups and logs may remain for a limited period before they are overwritten or deleted through normal retention cycles.
You may request deletion of account data by contacting us or using available dashboard controls. Some information may remain where retention is required by law, security, fraud prevention, billing, dispute handling, or backup integrity.
7. Cookies and Analytics
VaultProof uses local storage, cookies, and analytics for service operation and improvement.
We use browser storage and similar technologies to keep users signed in, remember preferences, maintain security state, understand product usage, and improve onboarding and documentation.
| Tool | Use |
|---|---|
| Authentication storage | Stores session information so authenticated users can stay signed in and use the dashboard securely. |
| Local preferences | Stores interface preferences, dismissed notices, and other product state where useful. |
| Analytics | Measures pages, events, onboarding paths, and product usage. The site currently loads Google Analytics and Mixpanel. |
| Support chat | Loads Intercom Messenger when enabled for customer support conversations. Intercom may use browser storage to remember conversations and connect messages with account or contact context. |
You can control cookies and local storage through your browser settings. Blocking storage may break login, dashboard features, or preference-saving behavior.
8. Security
We use technical and operational controls to protect VaultProof data.
Security measures include access controls, encryption in transit, provider-key handling controls, logging, monitoring, and abuse prevention. No internet service can guarantee perfect security.
9. Your Choices
You can access, update, export, or request deletion of data.
Depending on your location and account role, you may have rights to request access, correction, deletion, export, restriction, or objection to certain processing.
- Update account and workspace settings in the dashboard where available.
- Rotate, revoke, or remove provider keys through VaultProof and the upstream provider.
- Export or review available activity and billing information from dashboard workflows where supported.
- Opt out of non-essential emails by using unsubscribe links or contacting us.
- Contact us for privacy requests, account deletion, or questions about data we process.
10. International Transfers
VaultProof may process data in the United States and other countries.
We and our vendors may process information in countries where we or they operate. Those countries may have data protection laws different from the laws where you live. Where required, we use appropriate safeguards for international transfers.
11. Children
VaultProof is not for children.
VaultProof is intended for users who are at least 18 years old, or the age of majority where they live. We do not knowingly collect personal data from children. If you believe a child has provided personal data to VaultProof, contact us.
12. Changes
We may update this Privacy Policy.
If we make material changes, we will provide reasonable notice by email, dashboard notice, website notice, or another appropriate method. Continued use after the effective date means the updated policy applies.
13. Contact
Questions about privacy?
Contact us at [email protected]. For security issues, use [email protected]. For abuse reports, use [email protected].