Privacy Policy

Last Updated: October 6, 2025

Vaultica (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

1. Information We Collect

1.1 Account Information

• Authentication Data: Email address or phone number used for sign-in via Google OAuth
• Display Name: Name associated with your account
• User ID: Unique identifier for your account

1.2 Subscription Information

• Payment Data: Processed securely through Stripe (we do not store credit card information)
• Subscription Status: Active/inactive status, plan type, and pricing information

1.3 Communication Data

• Encrypted Messages: All messages are end-to-end encrypted before storage
• Message Metadata: Timestamps, sender/recipient identifiers
• Contact Information: Contact names and identifiers you add to your spaces

1.4 Technical Data

• Device Information: Device type, operating system version
• Log Data: Error logs and crash reports for app functionality
• Usage Data: Features used, session duration (for app improvement only)

2. How We Use Your Information

We use the collected information solely for the following purposes:

• App Functionality: To provide core messaging, encryption, and space management features
• Authentication: To verify your identity and secure your account
• Subscription Management: To process payments and manage your subscription status
• Service Improvement: To fix bugs, improve performance, and add new features
• Security: To detect and prevent fraud, abuse, and security incidents

3. End-to-End Encryption

Vaultica uses end-to-end encryption (E2EE) for all messages and sensitive data:

• Messages are encrypted on your device before being sent
• Only the intended recipient can decrypt the messages
• We cannot read your messages - they are encrypted with keys only you and your contacts possess
• Encryption keys are stored locally on your device and never transmitted to our servers in plain text

4. Data Storage and Security

4.1 Where We Store Data

• Firebase/Firestore: Encrypted messages, user profiles, and metadata
• Local Device Storage: Encryption keys, passcode, cached messages
• Stripe: Payment information (processed and stored by Stripe, not by us)

4.2 Security Measures

• End-to-end encryption for all messages
• Secure passcode protection for app access
• HTTPS/TLS for all data transmission
• Regular security audits and updates

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We only share data in the following limited circumstances:

• Service Providers: Firebase (Google Cloud) for hosting, Stripe for payments - both under strict data protection agreements
• Legal Compliance: When required by law, court order, or to protect our rights and safety
• With Your Consent: When you explicitly authorize us to share specific information

6. Data Retention

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion
• Messages: Stored encrypted until you delete them; we cannot access message contents
• Logs: Technical logs are retained for up to 90 days for debugging purposes

7. Your Rights and Choices

You have the following rights regarding your data:

• Access: Request a copy of your personal data
• Correction: Update or correct your account information
• Deletion: Request deletion of your account and associated data
• Data Portability: Request your data in a portable format

8. Children's Privacy

Vaultica is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

9. Third-Party Services

We use the following third-party services:

• Google Firebase: Authentication, database, and cloud functions
• Stripe: Payment processing
• Google OAuth: Sign-in functionality

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.

By using Vaultica, you acknowledge that you have read and understood this Privacy Policy.