Privacy Policy
Effective Date: February 18, 2026 · Last Updated: February 18, 2026
VaultGuardian (“we,” “us,” or “our”) operates the website vaultdec.com (the “Site”). This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information. We are committed to transparency and to protecting your privacy.
We do not sell, share, or rent your personal information to third parties for their marketing purposes. Period.
1. Information We Collect
1.1 Account Information
When you create an account on our Site, we collect your name, email address, and a hashed password. If you sign in through a third-party provider (e.g., Google), we receive your name, email, and a provider-specific account identifier. We do not receive or store your third-party password.
1.2 Order & Payment Information
When you place a pre-order, we collect your shipping name and address and associate your order with your account. All payment processing is handled by Stripe. We store a Stripe session ID and payment ID to track your order status, but we never receive, process, or store your full credit card number, CVV, or bank account details. That data stays entirely within Stripe’s PCI-DSS-compliant infrastructure.
1.3 Automatically Collected Information
We use Google Analytics to understand how visitors use our Site. Google Analytics collects information such as your IP address (anonymized where required by law), browser type, device type, pages visited, time on page, and referring URL. This data is collected and processed by Google under its own privacy policy. We do not combine Google Analytics data with your account or order information.
1.4 Cookies
Our Site uses cookies for essential functionality (keeping you logged in) and for analytics (Google Analytics). You can manage your cookie preferences through our cookie consent banner or your browser settings. Disabling cookies may affect your ability to log in or complete a purchase.
2. How We Use Your Information
We use the information we collect to:
• Process and fulfill your pre-orders and orders
• Communicate with you about your order status, shipping updates, and product availability
• Send important product notifications, such as firmware updates or security advisories
• Maintain and improve the functionality and security of our Site
• Understand aggregate usage patterns through analytics to improve our Site and product
• Comply with legal obligations and enforce our Terms of Service
We will never use your information to send unsolicited marketing emails without your explicit consent. Transactional emails (order confirmations, shipping notifications, security advisories for purchased products) are not marketing.
3. Third-Party Services
We share personal information only with the following service providers, solely for the purposes described:
Payment processing. Stripe receives your payment card details directly — we never see or store them. Stripe is PCI-DSS Level 1 certified.
Website usage analytics. Google collects anonymized browsing data as described in Section 1.3. We do not share your account or order information with Google.
Secure cloud database infrastructure. Your account and order data is stored in a PostgreSQL database hosted by Neon. Neon acts as a data processor on our behalf and does not use your data for any independent purpose.
Website hosting and delivery. Vercel may process standard server logs (IP addresses, request timestamps) as part of delivering the Site to your browser.
We do not sell, rent, or share your personal information with any other third parties. We do not participate in data brokering or behavioral advertising.
4. Data Retention
We retain your account information for as long as your account is active or as needed to provide you with services. Order records are retained for a minimum of seven (7) years to comply with tax and accounting obligations. If you request deletion of your account, we will delete your personal data within thirty (30) days, except where we are required by law to retain it.
5. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information. Passwords are stored using bcrypt hashing and are never stored in plaintext. All data in transit is encrypted via TLS. Payment processing is handled entirely by Stripe’s PCI-DSS Level 1 certified infrastructure.
No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
6.1 All Users
• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct inaccurate personal information.
• Right to Deletion: You may request that we delete your personal information, subject to legal retention requirements.
6.2 California Residents
Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have additional rights:
• Right to Know: You may request the categories and specific pieces of personal information we have collected about you in the preceding twelve (12) months, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, legal compliance).
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
• Sale / Sharing of Personal Information: We do not sell or share your personal information as defined by the CCPA/CPRA. Because we do not sell or share personal information, a “Do Not Sell or Share My Personal Information” opt-out is not applicable.
To exercise any of these rights, please contact us at privacy@vaultdec.com. We will respond to verifiable requests within forty-five (45) days.
7. Do Not Track Disclosure
Some web browsers transmit “Do Not Track” (DNT) signals to websites. There is currently no universally accepted standard for how websites should respond to DNT signals. Our Site does not currently respond to DNT signals. However, we do not engage in cross-site tracking or behavioral advertising. Google Analytics may collect data as described in Section 1.3, which you can opt out of using the Google Analytics Opt-out Browser Add-on.
8. Children’s Privacy
Our Site and products are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@vaultdec.com.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this page and, where appropriate, by sending an email to the address associated with your account. We encourage you to review this page periodically. Your continued use of the Site after any changes constitutes your acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at: