Privacy Policy
Last updated: March 2026
1. Information We Collect
We collect information you provide directly to us, including: name, email address, company information, digital asset files and metadata, AI prompts and outputs, and any other information you choose to provide through our platform.
We also automatically collect certain information when you use our Service, including: IP address, browser type, operating system, access times, and pages viewed. With your explicit consent, your IP address is recorded in chain-of-custody logs when you upload, download, or export assets to strengthen the evidentiary value of your ownership records.
2. How We Use Your Information
We use the information we collect to: provide, maintain, and improve our services; process transactions and send related information; generate verification certificates and documentation; monitor for misuse of your digital assets (if subscribed); send technical notices, updates, and support messages; and respond to your comments, questions, and requests.
3. File Storage & Retention
All digital asset files you upload to Vault Compound are stored in secure, encrypted cloud storage (Amazon S3). Files are retained indefinitely for as long as your account remains active. There is no automatic expiration or time-to-live policy — your files persist until you explicitly choose to delete them or close your account.
File metadata (including file name, type, size, ownership records, timestamps, and chain-of-custody logs) is stored in our database alongside S3 references. This metadata is retained for the same duration as the files themselves.
If you cancel your subscription, your files and metadata remain accessible in read-only mode for 90 days. After 90 days of account inactivity following cancellation, we reserve the right to permanently delete stored files, though we will provide advance notice before doing so.
4. Who Can Access Your Files
Access to your uploaded files is strictly controlled:
- You (the account owner) — Full access to view, download, export, and delete your own files through the Vault dashboard.
- Platform administrators — Limited access for operational purposes such as troubleshooting, abuse prevention, and legal compliance. Admin access is logged and auditable.
- No third parties — We do not share, sell, or grant access to your files to any third party unless required by law or with your explicit written consent.
File URLs are protected using time-limited presigned URLs that expire after 1 hour. Even if a URL is shared, it cannot be used to access the file after expiration. Files are not publicly browsable or discoverable.
5. File Deletion
You have the right to permanently delete any file you have uploaded at any time. When you delete an asset from your Vault:
- The file is permanently removed from cloud storage (S3). This is a hard deletion — the file bytes are irrecoverably destroyed.
- All associated database records (metadata, certificates, chain-of-custody logs) are also permanently deleted.
- Deletion is irreversible. Once deleted, we cannot recover the file or its associated records.
To request bulk deletion of all your data, contact us at [email protected]. We will process account-wide deletion requests within 30 days.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information and digital assets. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to user data is restricted to authorized personnel only. We regularly review and update our security practices. File access URLs are time-limited and cannot be used after expiration.
7. Information Sharing
We do not sell, trade, or otherwise transfer your personal information or digital assets to third parties without your consent, except: to comply with legal obligations; to protect our rights and safety; with service providers who assist in operating our platform (under strict confidentiality agreements); or in connection with a merger, acquisition, or sale of assets.
8. Your Rights
You have the right to: access your personal information; correct inaccurate data; request deletion of your data (including permanent file deletion from cloud storage); export your data in a portable format; opt out of marketing communications; and lodge a complaint with a supervisory authority.
9. Cookies
We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
10. Contact
For questions about this Privacy Policy, please contact us at [email protected].