Privacy Policy

At Vaulternal, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our blockchain-based digital legacy storage service.

1. Information We Collect

1.1 Personal Information

We collect information that you provide directly to us, including:

• Name and contact information (email address, phone number)
• Account credentials and authentication data
• Payment information (processed securely through Stripe, our payment processor)
• Digital assets and messages you choose to store in your vault (encrypted client-side before transmission)
• Trigger conditions and beneficiary information

1.2 Automatically Collected Information

When you use our service, we automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, interaction patterns)
• Blockchain transaction data related to your vaults
• Performance metrics and error logs

1.3 Zero-Knowledge Architecture

Due to our zero-knowledge encryption design, we do not have access to the plaintext contents of your vault files, encryption keys, or recovery phrases. All file encryption occurs client-side in your browser before data is transmitted to our servers.

2. How We Use Your Information

2.1 Purposes

We use the collected information to:

• Provide, maintain, and improve our services
• Process transactions and manage your vaults
• Execute trigger conditions as specified by you
• Send administrative information and updates
• Respond to comments, questions, and support requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations and enforce our terms

2.2 Legal Basis for Processing (GDPR)

3. Data Storage and Security

3.1 Encryption

Your vault data is encrypted client-side before transmission using:

• AES-256-GCM symmetric encryption for file contents
• secp256k1-ECIES asymmetric key exchange for multi-party access
• Zero-knowledge architecture ensuring we cannot access your plaintext data
• End-to-end encryption for all sensitive data

3.2 Security Measures

We implement industry-standard security measures including:

• AES-256 encryption for data at rest and in transit
• Multi-factor authentication options
• Secure key management systems
• Continuous monitoring for suspicious activities

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information:

• With your designated beneficiaries when trigger conditions are met
• With service providers who assist in our operations (under strict confidentiality agreements)
• When required by law or to respond to legal process
• To protect our rights, privacy, safety, or property
• With your consent or at your direction

4.1 Sub-Processors

We use the following third-party service providers to operate our service:

• Stripe — Payment processing. Stripe processes your payment data under their own privacy policy.
• Cloud hosting provider — Infrastructure hosting for our encrypted data storage.

A full list of sub-processors is available on request at .

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

• Access your personal information
• Correct inaccurate or incomplete data
• Request deletion of your personal data (subject to legal requirements)
• Export your vault data in a portable format
• Opt-out of marketing communications

5.2 Blockchain Considerations

Please note that due to the immutable nature of blockchain:

• Some metadata cannot be modified once written to the blockchain
• Encrypted vault contents remain under your sole control
• Where full erasure of on-chain data is technically impossible, we implement erasure through cryptographic key deletion, rendering the data permanently inaccessible

5.3 California Residents (CCPA)

We do not sell, share, or rent personal information as defined under the California Consumer Privacy Act (CCPA). California residents may exercise their rights under the CCPA by contacting us at .

6. International Data Transfers

Your information may be transferred to and processed in countries other than your own. When transferring data outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your personal data.

7. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information.

8. Third-Party Services

Our service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any information.

9. Data Retention

We retain personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. See the retention periods specified in Section 2.2 above. Vault data on the blockchain is retained according to your specified conditions.

10. Cookies and Tracking

We use cookies and similar technologies as described in our Cookie Policy. Non-essential cookies (such as analytics) are only set after obtaining your explicit consent through our cookie consent banner.

11. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our service. Your continued use after such modifications constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

• Email:
• Data protection inquiries:

For GDPR-specific rights and information, please see our GDPR Compliance page.

This document is provided in English. In case of any discrepancy between translated versions and the English original, the English version shall prevail.

Last updated: February 20, 2026