Privacy Policy for Vault Verse

Welcome to Vault Verse ("we," "us," or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, Vault Verse (the "Application"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Effective Date" of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Application depends on the content and materials you use, and includes:

Information You Provide to Us

• Account Registration Data: When you register for an account, we may collect your name, email address, and a securely hashed version of your master password. Your master password is used to encrypt and decrypt your vault data locally on your device.
• Google Sign-In Data: If you choose to sign in with Google, we collect your Google account email and display name. We do not store your Google password. Authentication is handled securely through Google's OAuth 2.0 protocol.
• Vault Data: Information you store within the Application, including workspace details (names, descriptions, logos, websites, colors), tab details (titles, ranks), account credentials (titles, domains, usernames, passwords, labels, associated account types), custom field data you create (which may include sensitive information depending on what you store), reminders, events, and notes. This data is primarily stored locally on your device and optionally in Firebase Firestore if you enable cloud sync.
• Settings and Preferences: Information related to your notification preferences (email, push, sound, vibration, timing) and reminder settings.

Information Collected Automatically

• Usage Data / Activity Logs: We may automatically collect information about your interactions within the Application, such as modules accessed, pages visited, and time spent on certain features (`activity_logs` table). This data is used internally to understand usage patterns and improve the Application and is associated with your user ID.
• Device Information: We may collect basic device information necessary for the Application to function correctly, such as operating system type, needed for database setup and potentially for push notifications.

Information from Other Sources

• Configuration Data: The Application may periodically fetch configuration data (like predefined account types and fields) from a secure external source to keep definitions up-to-date. This process does not involve sharing your personal vault data.
• Cloud Sync/Backup Data: If you choose to enable cloud synchronization or backup features using Firebase Firestore, we will store your encrypted vault data in Firebase Cloud Firestore. Your data is encrypted using AES-256 encryption before being stored in the cloud. We also support Google Drive backup for exporting your vault data. These features require explicit user authorization and can be disabled at any time in the app settings.
• Firebase Services: The Application uses Firebase Authentication for secure user authentication, Firebase Cloud Messaging for push notifications, and Firebase Analytics to understand app usage patterns (no personally identifiable information is sent to Firebase Analytics).

2. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to:

• Create and manage your account.
• Securely store, encrypt, and manage your vault data (credentials, notes, etc.) locally on your device based on your input.
• Provide the core functionality of the password manager and secure vault.
• Enable synchronization of your data across devices if you choose to use a cloud sync feature.
• Send you push notifications or email notifications based on your settings (e.g., for reminders, security alerts if implemented).
• Monitor and analyze usage and trends to improve your experience with the Application (using internal activity logs).
• Maintain and update Application configuration (like account types).
• Respond to your support requests or inquiries.
• Ensure the security and integrity of our Application.
• Comply with legal obligations.

3. Disclosure of Your Information

We understand the sensitivity of the data you store in Vault Verse. We do not sell your personal information.

Your core vault data (like stored passwords and custom fields) is encrypted locally on your device using your master password and is not accessible to us or shared with third parties, except in the following limited circumstances:

• With Your Consent or Direction: If you choose to enable cloud synchronization or backup, your *encrypted* vault data will be transferred to and stored with Firebase Firestore or Google Drive. Your data is encrypted using AES-256 before cloud storage. We do not have access to the decryption key (your master password or security hash).
• Service Providers: We may share information with third-party vendors and service providers that perform services for us or on our behalf, such as:
  • Google Firebase services (Authentication, Firestore, Cloud Messaging, Analytics) for app functionality, authentication, cloud storage, and push notifications.
  • Google Drive API for optional backup features.
  • Sentry for crash reporting and error monitoring (anonymized data only).
  These providers only receive the information necessary to perform their designated functions and are not permitted to use your information for their own purposes.
• By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

4. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information and the data stored within Vault Verse. Key security aspects include:

• Local Storage: Your vault data is primarily stored in a local SQLite database on your device using the sqflite plugin.
• Encryption: Your vault data is encrypted locally using AES-256 encryption algorithms derived from your master password or security hash. Your master password is never stored in plain text; we store only a securely hashed version for verification. Sensitive fields are encrypted before storage both locally and in the cloud.
• Biometric Authentication: The app supports fingerprint and face recognition for quick, secure access to your vault.
• Secure Transmission: All data transmitted between your device and cloud services uses secure protocols (HTTPS/TLS 1.2 or higher).
• Firebase Security Rules: Cloud-stored data is protected by Firebase Security Rules that ensure users can only access their own data.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

You are responsible for keeping your master password confidential and choosing a strong, unique password.

5. Data Retention

We will retain your information stored locally on your device for as long as you use the Application or until you delete the data or the Application itself. If you delete the Application, the local database containing your vault data will typically be removed by the operating system.

If you use cloud sync via Firebase Firestore, your encrypted data will remain in Firebase according to your account settings. You can permanently delete your cloud data through the app's settings menu. Google Drive backups remain in your Google Drive until you manually delete them.

Firebase Analytics data is retained according to Google's data retention policies (typically 2-14 months). Crash reports in Sentry are retained for 90 days.

6. Your Choices and Rights

• Access and Correction: You can access, review, and update most of your vault data directly within the Application at any time.
• Deletion: You can delete individual items, workspaces, or your entire vault data through the Application's features. The app includes a Trash/Archive feature for recovering accidentally deleted items. Deleting the Application from your device will remove the locally stored data.
• Notifications: You can manage your push notification preferences within the Application's settings.
• Data Portability: You can export your vault data in JSON or CSV format via the backup feature. You can also create encrypted backups to Google Drive.
• Cloud Sync Control: You can enable or disable cloud synchronization at any time through the app settings. Disabling sync will stop uploading new data to the cloud but will not delete existing cloud data unless you explicitly request deletion.

7. Children's Privacy

The Application is not intended for use by children under the age of 13 (or equivalent minimum age depending on jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

8. Third-Party Websites and Services

The Application may contain links to third-party websites (e.g., in stored account data) or integrate with third-party services (like cloud sync providers). We are not responsible for the privacy practices or the content of these third-party services. We encourage you to read their privacy policies.

9. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy within the Application or on our website and updating the "Effective Date" at the top. Your continued use of the Application after the effective date constitutes your acceptance of the amended policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

• Email: info@dvayweb.com
• App Version: 2.0.0

© 2026 Vault Verse. All rights reserved.