Privacy Policy

Last Updated: 19 May 2026

Vaultlet LLC ("Vaultlet," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document management platform.

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Documents: Files you upload to our platform, including identity documents, financial records, and other personal files
  • Profile Information: Optional details you add to your profile
  • Communications: Messages you send to our support team

Information Collected Automatically

  • Device Information: Browser type, operating system, and device identifiers
  • Usage Data: Pages visited, features used, and interaction patterns
  • Log Data: IP address, access times, and referring URLs

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process and store your documents securely
  • Enable document sharing features you request
  • Send service-related communications
  • Respond to your inquiries and support requests
  • Detect and prevent fraud or security issues
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

  • Contract: Processing necessary to provide our services to you
  • Consent: Where you have given explicit consent for specific processing
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Legal Obligation: Where required by applicable law

4. Your Rights

For All Users

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your documents and data
  • Withdraw consent for optional processing

Additional Rights for EEA Users (GDPR)

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Additional Rights for California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us using the information provided below.

5. Data Security

We implement appropriate technical and organizational measures to protect your documents and personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments
  • Secure data centers

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. You may delete your documents at any time. If you close your account, we will delete your personal information within 30 days, except where retention is required by law.

7. Data Sharing

We do not sell your personal information. We may share information with:

  • Service Providers: Third parties that help us operate our platform (hosting, authentication, analytics). The processors we currently use include:
    • PostHog (PostHog Inc.) - product usage analytics. We use PostHog's EU-hosted infrastructure (eu.i.posthog.com), so analytics data is stored in the European Union. PostHog acts as a data processor on our behalf under GDPR Article 28. See the PostHog Privacy Policy and our Cookie Policy for the storage keys involved and how to opt out.
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize sharing

8. International Data Transfers

Your information may be transferred to and processed in the United States or other countries. For transfers from the EEA, we use appropriate safeguards such as Standard Contractual Clauses.

9. Children's Privacy

Vaultlet is not intended for users under 16 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Vaultlet LLC 148 South Jackson Street, Denver, CO 80209 USA

For GDPR-related inquiries, you may also contact your local data protection authority.

logo
Store and share your important documents with confidence. Vaultlet keeps your files secure, organized, and accessible whenever you need them.
© Copyright 2026 Vaultlet LLC