Privacy Policy
1. Introduction
We respect your privacy. This Policy explains what information we process, why we process it, and what choices you have when using Vaulto services. This Privacy Policy applies to all Vaulto services including Vaulto Note and Vaulto Cards.
Our architecture is designed around encryption and privacy-by-design principles. In many cases, we cannot access decrypted note content.
2. Who We Are and Contact
Vaulto services are operated by Dmitrii Rusanov, who acts as a data controller for personal data processed to provide, secure, and improve the Service. If we provide enterprise features under a separate written agreement, we may act as a processor for certain customer data as described in that agreement.
Contact: support@vaultonote.com
3. Data We Process
A. Account Data
To provide the Service, we process account information such as email address, authentication provider identifiers, and security/session data.
B. User Content
The Service allows you to create notes, voice recordings, and flashcards. Due to encryption and privacy design, core content processing is primarily performed on your device and/or in encrypted form.
C. Technical and Billing Data
We may process technical, usage, device, and subscription/billing metadata (for example IP address, app version, quota counters, plan status, payment status, and anti-abuse/security logs) necessary to operate, secure, and improve the Service.
4. Why We Process Data
We process personal data to create and manage your account, provide requested features (including transcription), maintain security, prevent abuse, process payments/subscriptions, communicate service updates, comply with legal obligations, and enforce our Terms.
5. Legal Bases for Processing
Depending on your location and applicable law, we process personal data under one or more legal bases: performance of a contract (to provide the Service), your consent (where required), legitimate interests (security, abuse prevention, and product operations), and legal obligations.
6. Sharing and Disclosure
We may share personal data with service providers that support our operations (for example hosting, analytics, payment processing, customer support, and AI processing) under contractual confidentiality and data protection obligations.
We may also disclose data if required by law, legal process, or governmental request, and when necessary to protect rights, safety, and the integrity of the Service.
7. AI Processing and Third Parties
We use third-party AI providers solely for the purpose of transcribing your voice recordings and summarizing notes upon your request.
- Data is sent to the AI provider only to perform the specific task (e.g., transcription).
- User data is not used for training AI models.
Third-party providers may process data in jurisdictions different from yours. Where required, we apply contractual and organizational safeguards for cross-border transfers.
8. Encryption & Zero-Knowledge
For Vaulto Note, we implement end-to-end and client-side encryption for your notes.
- Encryption keys are derived from your credentials.
- These keys are never stored in a way that is accessible to our servers.
- Our service prevents us from reading or recovering the content of your notes.
We do not have access to decrypted note content.
9. Password Loss & Recovery
Because your encryption keys are tied to your credentials, resetting your password creates a new encryption identity. This security measure means that if you lose your password or encryption keys, the system cannot decrypt your old data.
Previously encrypted notes cannot be recovered.
10. Retention and Deletion
We retain personal data only as long as necessary for the purposes described in this Policy, including legal, tax, accounting, dispute-resolution, and security obligations.
Our servers store encrypted notes. Audio data is processed temporarily for transcription unless you explicitly choose to store it.
We may retain de-identified or aggregated information that does not reasonably identify you.
11. What We Do NOT Do
- We do not sell your data.
- We do not use your content for advertising purposes.
- We do not use your content to train AI models.
12. Your Rights and Choices
Depending on applicable law, you may have rights to access, correct, delete, restrict, object, or export your personal data, and to withdraw consent where processing relies on consent.
You can request account deletion and associated data deletion. For privacy requests, contact support@vaultonote.com.
13. U.S. State Privacy Disclosures
Subject to applicable U.S. state law, you may have rights to know, access, delete, correct, and obtain a copy of your personal data, and to appeal certain privacy request decisions. Vaulto does not sell personal data and does not share personal data for cross-context behavioral advertising as those terms are defined under applicable law.
14. International Transfers
Payments may be processed through Turkey-based banking or payment partners. Your data may be transferred to and processed in countries other than your own. Where required, we use appropriate transfer safeguards, such as contractual clauses and organizational measures.
15. Children's Privacy
The Service is not directed to children under 13 (or the minimum age required by local law). We do not knowingly collect personal data from children below the applicable minimum age.
16. Security Disclaimer
We use reasonable technical and organizational safeguards, but no system is completely secure. We cannot guarantee absolute security of data transmission or storage.
17. Changes to This Policy
We may update this Privacy Policy from time to time. Updated versions become effective when posted (or on the date stated in the update). The date at the top indicates the latest revision.
Where required by applicable law, we will provide additional notice of material changes.
18. Contact
Data controller/operator: Dmitrii Rusanov
For privacy-related inquiries, rights requests, or complaints, contact us at: support@vaultonote.com