Back to VaultPurge
VaultPurge

Privacy Policy

Last updated: March 22, 2026

1. Introduction

VaultPurge ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website vaultpurge.com and use our zero-knowledge services.

Our architecture is designed around the principle of technical inability: we possess no technical means to access your unencrypted file data. We comply with the General Data Protection Regulation (GDPR) for users in the European Union and associated international privacy standards.

2. Information We Collect

2.1 Information You Provide

  • Email Address: Used for account identity and transactional notifications.
  • Account Information: Hash-based identifiers used for zero-knowledge authentication.
  • Payment Information: Processed securely through our payment provider (Stripe/LemonSqueezy); we never see your raw card details.

2.2 Information About Your Files

Zero-Knowledge Architecture: Your files are encrypted on your local device before upload. We store only encrypted binary blobs and cannot access your file contents.

We collect non-PII metadata required for service operation:

  • Encrypted file name hash
  • Encrypted size and upload timestamp
  • User-defined retention schedules (TTL)

3. Legal Basis for Processing (GDPR Article 6)

If you are in the European Economic Area (EEA), we process your data based on:

  • Contractual Necessity: To provide our secure storage and automated shredding services.
  • Legitimate Interests: To protect our platform from fraud and unauthorized access.
  • Legal Obligation: To comply with Article 17 (Right to Erasure) reporting requirements.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

Service Providers:

  • Cloud Infrastructure: Cloudflare R2 (Encrypted storage blobs).
  • Authentication: Wasp Auth (Hash-based identity).
  • Payments: Stripe / LemonSqueezy (Transactional processing).
  • Analytics: Vercel Analytics (Aggregated, non-identifiable usage data).

5. Your GDPR Rights (Article 15-22)

Under the GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Erasure (Article 17): This is our core service—you can trigger the permanent destruction of your data at any time.
  • Right to Portability: Export your encrypted vault data.
  • Right to Restrict Processing: Pause your account and data usage.

6. Contact Us

For any questions regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at:

privacy@vaultpurge.com

Return to VaultPurge