Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use the Service, we collect:

• Email address — used for authentication, notifications and communications
• Encrypted vault data — the ciphertext of your vault contents (we cannot decrypt this)
• Vault metadata — vault names, unlock dates, creation timestamps (not encrypted)
• File metadata — file names, sizes and MIME types of attachments (not encrypted)
• Encrypted emergency override data — the ciphertext of your override question and hashed answer; both are encrypted in your browser with your passphrase before reaching us (we cannot read either)
• Invitation records — email addresses of people you invite to the Service

1.2 Information Collected Automatically

• Log data — IP address, browser type, pages visited and access timestamps
• Device information — operating system and browser version
• Usage data — features used, vault creation and access events
• Firebase Analytics data — aggregated, anonymised usage patterns

1.3 What We Do NOT Collect

We are committed to data minimisation. The following data is never collected:

• Your vault passphrase — it never leaves your device
• The plaintext contents of your vaults — we store only encrypted ciphertext
• Your emergency override question or answer in readable form — both the question text and the hashed answer are encrypted with your passphrase; we store only ciphertext
• Payment card details — handled directly by Stripe
• Sensitive personal data beyond what you choose to encrypt in your vaults

2. How We Use Your Information

• Providing and operating the Service — authentication, vault storage, access control
• Sending email notifications — vault access alerts, emergency override alerts, invitations
• Security and fraud prevention — detecting and preventing unauthorised access or abuse
• Service improvement — understanding usage patterns to improve features and reliability
• Legal compliance — meeting our obligations under applicable laws and regulations
• Customer support — responding to enquiries and resolving issues

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our legal bases for processing your personal data are:

• Contract performance — processing necessary to provide the Service you have requested
• Legitimate interests — security monitoring, fraud prevention and service improvement
• Legal obligation — compliance with applicable laws and regulations
• Consent — where you have given explicit consent, such as for marketing communications

4. Data Storage & Third-Party Services

The Sealed Vault uses the following third-party services to operate:

Google Firebase

Authentication, Firestore database, Cloud Storage and Hosting. Firebase stores your account data and encrypted vault data on Google's servers. Firebase is subject to Google's Privacy Policy and Terms of Service.

Gmail SMTP (via Firebase Extension)

Used to send email notifications. Email subject lines and recipient addresses are processed through Google's mail infrastructure.

Stripe

Payment processing for paid subscriptions. Stripe receives your email address and payment details (which we never see or store on our servers) to process subscription payments on our behalf. Stripe may offer Stripe Link, a feature that lets customers save payment details for faster checkout across merchants that use Stripe. If you opt in to Link, your saved payment information is managed by Stripe under Stripe's own Link Terms and Privacy Policy — receipts and payment confirmations may reference "Link" as the payment method even when a credit or debit card was used. Stripe is subject to Stripe's Privacy Policy at stripe.com/privacy.

Google Data Processing Agreement (DPA)

A separate Data Processing Agreement document is provided which links directly to Google's own DPA. Please refer to the standalone DPA document for full details.

Your encrypted vault data is stored in Google Firebase data centres. Data may be replicated to other regions for redundancy as per Firebase's infrastructure policies.

5. Data Retention

• Account data — retained for the lifetime of your account
• Vault data — retained until you delete the vault or close your account
• Email notification records — retained for 90 days in Firestore then deleted
• Access logs — retained for 12 months for security purposes
• Invitation records — retained for 12 months then deleted
• Deleted vault data — permanently removed within 30 days of deletion
• Account closure — all personal data deleted within 30 days of account closure

6. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate personal data
• Deletion — request deletion of your personal data and account
• Portability — receive your data in a structured, machine-readable format
• Restriction — request restriction of processing in certain circumstances
• Objection — object to processing based on legitimate interests
• Withdrawal of consent — withdraw consent at any time where processing is consent-based

7. Cookies & Tracking

• Authentication cookies — essential for maintaining your login session (Firebase Auth)
• Preference cookies — remembering your settings within the application
• Analytics cookies — Google Firebase Analytics for anonymised usage data

We do not use advertising cookies or third-party tracking for marketing purposes. You can control cookies through your browser settings, though disabling essential cookies may impair the functionality of the Service.

8. Children's Privacy

The Sealed Vault is not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take immediate steps to delete that information. If you believe a child under 18 has registered for the Service, please contact us immediately.

9. Authentication and Account Access

The Sealed Vault offers two methods for accessing your account. The authentication method you choose does not affect the zero-knowledge encryption of your vault contents.

9.1 Email and Password Authentication

When you create an account with email and password authentication, we store:

• Email address — used for account identification and communications
• Securely hashed password — using PBKDF2 with 200,000 iterations; we never see or store your password in plain text
• Account metadata — creation date, last sign-in timestamp

9.2 Google Sign-In (Single Sign-On)

When you create an account or sign in with Google, we receive from Google:

• Email address — your Google account email
• Basic profile information — name, profile picture if set
• Identity token — issued by Google to verify successful authentication

Google retains records of your sign-in activity with The Sealed Vault in accordance with Google's own privacy policies, which we do not control. Users seeking maximum privacy regarding their account access patterns may prefer email and password authentication.

9.3 Zero-Knowledge Encryption Applies Regardless of Sign-In Method

Your vault contents are encrypted on your device using AES-256-GCM with a key derived from a passphrase that only you know. This passphrase:

• Is never transmitted to our servers
• Is never stored in any form
• Cannot be recovered if lost
• Is required to decrypt your vault contents

Authentication grants access to your account; the passphrase grants access to your vault contents. These are independent. Compromising your authentication credentials would grant access to your account, but not to the encrypted contents of your vaults, which remain protected by your passphrase.

10. Security Measures

• AES-256-GCM encryption for all vault contents — client-side before upload
• PBKDF2 key derivation with SHA-256 and 200,000 iterations
• SHA-256 hashing for emergency override answers
• Firebase Security Rules restricting data access by authenticated user
• HTTPS/TLS encryption for all data in transit
• Firebase App Check to prevent unauthorised API access
• Access-controlled admin dashboard — only approved users can access the Service
• Email alerts for all vault access events including emergency overrides
• Zero-knowledge architecture — plaintext data never reaches our servers

Despite these measures, no security system is impenetrable. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law within 72 hours of discovery.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at contact@sealed-vault.com.

12. International Data Transfers

Your data may be transferred to and stored in countries outside your own, including the United States where Google Firebase's primary servers are located. These countries may have different data protection laws than your country. By using the Service, you consent to this transfer. We take steps to ensure adequate protections are in place through Google's standard contractual clauses and other appropriate safeguards.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email at least 14 days before the changes take effect. The updated Policy will be posted on our website with a new effective date. Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

14. Contact Us — Privacy Officer

For privacy-related enquiries, requests to exercise your rights, or to report a privacy concern, please contact our Privacy Officer: