Privacy Policy
Effective date: April 2026
Your data is encrypted in your browser with a key generated on your device before it reaches VaultPass. We store only the scrambled result (ciphertext). To deliver your vault to your heir automatically, we hold the encrypted heir and sentinel shards and combine them only when the dead man's switch fires.
How We Use Your Data
We use your email address to: authenticate your account, send check-in reminders, send warning emails when the dead man's switch approaches, and deliver the vault access token to your heir when triggered. We use payment status to maintain subscription access. We do not sell, share, or use your data for advertising, analytics, or any purpose beyond providing the VaultPass service.
Data Storage & Security
Encrypted vault data is stored on Supabase infrastructure exclusively within the European Economic Area. All data in transit is protected with TLS 1.3. Encryption at rest uses AES-256. We do not store payment card details — all card processing is handled by Stripe under their PCI-DSS compliance.
Cookies
We use only essential authentication cookies required to keep you logged in. No tracking cookies. No advertising. No third-party analytics that identify you personally. We do not use Google Analytics, Meta Pixel, or any behavioural tracking tools.
Data Retention
Your encrypted vault data is retained for the duration of your active subscription plus 90 days after cancellation. You may request immediate deletion at any time. When you delete your account, all data is permanently and irreversibly removed from our systems within 7 days.
To exercise any GDPR right, email [email protected]. We respond within 30 days.
Last updated: April 2026 · VaultPass · Warsaw, Poland · EU