vaultaris0.1.7
Sign inOpen dashboard
LEGAL · PRIVACY

Privacy Policy

Last updated: May 27, 2026 · Applies to vaultaris.net and the Vaultaris Cloud service.

Vaultaris ("we", "us", "our") respects your privacy. This Privacy Policy explains what personal data we collect, how we use it and the choices you have. It applies to the Vaultaris marketing site, documentation, the hosted Cloud product and self-hosted license administration. If a separate Data Processing Agreement applies to your subscription, the terms of that agreement take precedence in the event of conflict.

1. Data we collect

We collect the minimum data needed to operate the Service:

  • Account data — email, display name and, when applicable, billing contact details you provide when signing up or purchasing a license.
  • Authentication data — hashed credentials, WebAuthn public keys and TOTP secrets (encrypted at rest) you register to access your account.
  • Usage & diagnostic data — IP address, user-agent, request timestamps and feature usage we record to secure, debug and improve the Service.
  • Customer data — content you store in your tenant (users, groups, roles, configuration). You are the controller of this data; we act as processor.
  • Payment data — handled by our payment processor. Vaultaris never receives or stores full card numbers.

2. How we use data

  • To provide, secure and improve the Service.
  • To authenticate users, prevent fraud and detect abuse.
  • To bill paid subscriptions and send transactional emails (account, invoice, security and incident notifications).
  • To respond to support requests you initiate.
  • To comply with our legal obligations.

We do not sell personal data. We do not use customer data to train machine-learning models. We do not show third-party advertising inside the Service.

3. Legal bases (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to deliver the Service you purchased.
  • Legitimate interest — to secure the Service, prevent abuse and operate our business.
  • Legal obligation — to comply with applicable tax, accounting and law-enforcement requirements.
  • Consent — where consent is the appropriate basis (e.g. optional marketing emails); you can withdraw consent at any time.

4. Sharing & subprocessors

We share personal data only with subprocessors that help us operate the Service, under contracts that bind them to confidentiality and adequate protection. Current categories include:

  • Cloud infrastructure providers (compute, database, storage).
  • Payment processor for billing and invoices.
  • Transactional email provider for account and security notifications.
  • Customer-support and ticketing tooling.

We do not transfer personal data outside the European Economic Area without appropriate safeguards (such as Standard Contractual Clauses).

5. Retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to satisfy legal, tax and accounting obligations. Backups and audit logs may persist for up to 24 months. You can request deletion of your account data at any time, subject to the retention exceptions above.

6. Security

We use industry-standard safeguards including TLS in transit, encryption of sensitive fields at rest, role-based access controls, audit logging and least-privilege production access. No system is perfectly secure; if we become aware of a breach that affects your data, we will notify you without undue delay as required by applicable law.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, delete or restrict our use of your personal data, and to object to certain processing. To exercise these rights email contact@vaultaris.net. We will respond within the timeframe required by applicable law. If you are in the EEA or UK you also have the right to lodge a complaint with your supervisory authority.

8. Cookies & similar technologies

The Vaultaris marketing site uses only strictly necessary cookies for session management. We do not set advertising or cross-site-tracking cookies. The hosted Cloud product uses first-party cookies and similar technologies to keep you signed in and to remember basic preferences.

9. Children

The Service is not directed to children under the age of sixteen (16). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the most recent revision. We will notify you of material changes via email or an in-product notice.

11. Contact

For questions, requests or complaints about this policy, contact contact@vaultaris.net.