Privacy Policy

1. Scope

Vault3R is a password manager application available for Windows and Android. This Privacy Policy explains what data the application and website process and how.

2. Data stored in the app

All vault data (passwords, usernames, URLs, notes, Secure Notes) is encrypted with AES-256-GCM and stored locally on your device:

• Windows: %AppData%\Vault3R\
• Android: app-private storage (not accessible to other apps).

We do not upload, collect, or have access to your vault contents during normal app operation.

3. Data collected by the app

Vault3R does not collect any of the following:

• Personal information (name, email, phone number)
• Location data
• Device identifiers for advertising purposes
• Usage analytics or telemetry
• Contacts, photos, or other media

4. License activation

When you activate a license, the following data is transmitted to our server:

• License key – the activation token you received after payment.
• Hardware ID – a device-specific identifier used to bind the license to one device.

This data is used solely for license verification and is not shared with third parties.

5. Cloud Sync

Vault3R includes an optional Cloud Sync feature for transferring vault data between devices.

• Vault data is encrypted end-to-end before leaving the device.
• The encrypted blob is uploaded to an ephemeral relay server and held for a maximum of 5 minutes.
• The relay server deletes the blob immediately after it is downloaded or after timeout.
• We cannot decrypt the vault data on the relay server because we do not have the encryption key.
• Cloud Sync is optional – it only runs when you explicitly choose "Send Vault" or "Receive Vault".

6. Autofill service (Android)

Vault3R provides an Android Autofill service that suggests stored credentials in apps and browsers.

• The Autofill service operates entirely on-device.
• No credential data is transmitted to any external server via the Autofill service.
• The service matches login fields against locally stored vault entries.

7. Payment & licensing system

For payment verification and license handling we may process:

• MEMO / Payment ID – a session identifier linking a transaction to license generation.
• Transaction hash – the public transaction identifier on the Stellar network.
• Amount and timestamp – to confirm the payment.
• License key – the generated activation token.
• Hardware ID – used to bind the license to a device upon activation.

8. What we don't do

• We do not use cookies for profiling or advertising.
• We do not add marketing trackers or analytics SDKs.
• We do not share your data with third parties for advertising.
• We will never ask for your wallet private keys.

9. Server logs

Like most web services, the server may store standard technical logs (e.g., IP address, User-Agent, request time) for security and service reliability. We do not use this data for marketing or profiling.

10. Blockchain

Stellar transactions are public and immutable. This means transaction data (amount, time, memo) may be visible in blockchain explorers. This is inherent to blockchain technology and outside our control.

11. Data retention

• Vault data: stored locally until you delete it. We never have a copy.
• License records: retained as long as the license is active.
• Cloud Sync blobs: deleted within 5 minutes, never retained.
• Server logs: rotated periodically (typically 30 days).

12. Data deletion

You can delete all your vault data at any time by uninstalling the application or deleting the vault file. For license-related data deletion requests, contact us at support@vault3r.pl.

13. Children's privacy

Vault3R is not directed to children under 18. We do not knowingly collect personal information from children.

14. Changes to this policy

We may update this Privacy Policy. The "Last updated" date at the top indicates the latest revision. Continued use of Vault3R indicates acceptance of changes.

15. Contact

For privacy-related questions:

• Email: support@vault3r.pl
• Website: get.vault3r.pl