VaultCare

Privacy Policy

VaultCare is designed to be offline-first and zero-knowledge by default. This policy explains what we collect, why we collect it, and how we protect it.

Effective date: January 27, 2026

Privacy by design

You can use VaultCare locally without creating an account. When you enable cloud features, the app encrypts documents and sensitive metadata on your device before upload. We are not able to read your document contents.

Data we collect

  • Account and authentication data, such as your email address and login provider, when you sign in.
  • Profile and billing data, such as your plan, billing status, and provider customer or subscription identifiers.
  • Encrypted vault data, including encrypted document blobs, encrypted metadata, wrapped encryption keys, and integrity hashes.
  • Device records, such as the device name you provide and the last time it was seen.
  • Operational and billing event logs needed to process subscriptions, troubleshoot issues, and keep the service secure.

How we use data

  • To provide the core product experience, including encrypted backup and sync.
  • To manage subscriptions and entitlement status.
  • To operate, secure, and improve the reliability of the service.
  • To respond to support requests and account deletion requests.

Encryption and security

VaultCare uses a client-side encryption model. Sensitive document metadata and document content are encrypted locally before being sent to our backend. We store only encrypted payloads along with the information required to sync them across your devices.

Important

If you lose your vault credentials or reset them, previously encrypted data may no longer be recoverable.

Service providers

We rely on trusted infrastructure and billing partners to operate the service. These providers process limited data on our behalf in order to support authentication, storage, and payments.

  • Supabase for authentication, database, and encrypted storage.
  • Google for optional Google sign-in.
  • Stripe and RevenueCat for subscription management and billing events.
  • Vercel for hosting the VaultCare website.

Data retention

We retain account data while your account is active and as needed to provide the service. You can request account deletion at any time. When a deletion request is completed, we delete or de-identify the data associated with your account, except where we are required to keep it for legal, security, or fraud-prevention reasons.

Your choices

  • Use the app in local-only mode without creating an account.
  • Sign out at any time from within the app.
  • Request account deletion through our public account deletion page.
Request account deletionView Terms of Use

Contact

For privacy questions or requests, contact us at privacy@vaultcare.app.