Privacy Policy

Last updated: December 2025

At VaultScan, your privacy is fundamental to our service. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Password (securely hashed, we never see it)
• Google account info (if you use Google sign-in)

Scan History

For each scan, we save:

• Filename (not the file itself)
• Scan date and time
• Risk level detected
• Types of threats found

What We Do NOT Collect

• ❌ Your uploaded files (deleted immediately after scanning)
• ❌ File contents
• ❌ Cleaned file copies
• ❌ Email body content from .eml/.msg files

Payment Information

Payments are processed by Stripe. We do not store your credit card details. Stripe's privacy policy applies to payment data.

Usage Data

We automatically collect:

• IP address (for security)
• Browser type
• Pages visited
• Scan counts

2. How We Use Your Information

3. File Handling

Here's exactly what happens when you upload a file (image, PDF, or email):

1. File is uploaded to our secure server
2. File is scanned in memory (not saved to disk)
3. Scan results are generated
4. If you request a clean copy, it's generated on-demand
5. Original file is immediately deleted from memory
6. We save only the scan metadata (filename, threats found, date)

This process typically takes 1-3 seconds. Your file exists on our servers for only that brief moment.

4. Data Sharing

We do NOT sell your data. We only share data with:

• Stripe — Payment processing
• Supabase — Database and authentication
• GitHub Pages — Website hosting
• Render — API hosting

These providers are bound by their own privacy policies and data protection agreements.

5. Data Security

We protect your data with:

• HTTPS encryption for all connections
• Secure password hashing
• Files processed in memory only (never written to disk)
• Regular security reviews
• Limited access to production systems

6. Your Rights

You have the right to:

• Access — Request a copy of your data
• Correct — Update inaccurate information
• Delete — Request deletion of your account and data
• Export — Download your scan history
• Opt-out — Unsubscribe from marketing emails

To exercise these rights, contact support@vaultscan.app.

7. Cookies

We use cookies for:

• Essential cookies — Keep you logged in
• Analytics cookies — Understand how people use VaultScan (optional)

You can disable cookies in your browser settings, but some features may not work properly.

8. Data Retention

9. Children's Privacy

VaultScan is not intended for users under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Users

VaultScan is operated from the United States. If you're in the EU, UK, or elsewhere, your data may be transferred to the US. We comply with applicable data protection laws.

For EU users: You have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

11. Changes to This Policy

We may update this policy. Significant changes will be communicated via email. The "Last updated" date at the top reflects the current version.

12. Contact Us

Questions about privacy? Contact us:

• Email: support@vaultscan.app
• Website: vaultscan.app