Legal

Privacy Policy

The short version: your vault belongs to you. Your photos, item names, stories, and locations are encrypted, never sold, and never used to train models.

Effective May 1, 2026Last reviewed Apr 22, 2026Version 2.3View change history

1. Plain-language summary

Smart Vault is a household memory app. To do that we need to remember a few things on your behalf — what you saved, where you put it, and when to remind you. Everything else is optional.

You own your vault. Export it any time, in plain JSON + photos. Delete it any time.
Photos stay on your device for Visual ID. The on-device fingerprint is a small string we sync — never the photo itself.
Hidden Vault is sealed. Hidden items are stored in a separate path, never appear in search, family, notifications, or analytics.
No selling, no ads, no model training. We make money from your subscription. That’s it.

2. What we collect

Three buckets, each with a clear reason:

Data	Why	Purpose
Account identifiers Email, Apple/Google ID, hashed password	Sign in, sync your vault across devices, receipts.	Service
Vault content Item names, photos, locations, notes, stories, voice memos, timeline events	This is the product. Stored in your account, encrypted at rest.	Service
Hidden Vault content Same fields, separate storage path	Stored at users/{id}/hidden/… Never indexed for search, never in analytics.	Service
Visual ID fingerprint ~64-byte string per item	Lets you scan an item to find it. Computed on device. The photo never leaves.	Service
Subscription state RevenueCat entitlement, Stripe customer, plan, renewal date	To unlock Premium / Family features and process payments.	Service
Diagnostic events Crashes, errors, performance, anonymized feature counts	To fix bugs and improve performance.	Product
Email preferences Digest, monthly insights, product updates	To send the calm, opt-out emails you asked for.	Communication

What we don’t collect

Your contacts, calendar, or health data.
Your location in the background — only when you tap “Save location” on an item.
Photos for ML training. On-device Visual ID never uploads images to our servers.
Audio recordings server-side. Voice memos sync as encrypted blobs only you can read.

3. How we use it

We use your data to operate the product, secure your account, process payments, and send you emails you opted into. We do not use it to profile, sell, or train. Specifically:

Operate the service: sync your vault, render the dashboard, send reminders.
Secure your account: detect anomalous sign-ins, rate-limit auth, handle support.
Improve the product: aggregated, anonymized usage counts (e.g. “X% of users used Visual ID this week”). Hidden items are excluded from every metric.
Communicate: receipts (always), digest + insights + product updates (each opt-out independently).

4. Who we share with

A short list of subprocessors, each with a defined role and signed DPA:

Vendor	Role	Region
Supabase	Auth, primary database, encrypted file storage	US-East
Stripe	Payments, subscription billing, customer portal	US
RevenueCat	Cross-platform entitlement state	US
Resend	Transactional email (receipts, password reset)	US
Sentry	Error monitoring (PII scrubbed)	US / EU
PostHog (self-hosted)	Product analytics, feature flags	EU
Cloudflare	CDN, DDoS, image optimization	Global

We never share your vault content with advertisers, data brokers, or AI labs. We do not sell or rent your personal data, full stop.

5. Hidden Vault items

Hidden items live in a sealed-off path and have stronger guarantees than the rest of the vault:

Never appear in search results, smart nudges, family vault, room map, or insights.
Never trigger any push or local notification.
Excluded from every analytics event — counted only in aggregate.
Auto-locked after 30 seconds in the background.
Require a fresh Face ID / passcode to re-enter — auth never persists.

6. Retention & deletion

Active accounts: we keep your vault as long as the account is open.
Account deletion: 30-day grace period (so a misclick doesn’t lose everything), then permanent deletion within 7 days. Backups age out within 35 days.
Diagnostic events: 90-day rolling window. Older events are aggregated to anonymous counts only.
Email logs: 180 days, then deleted. Bounce + complaint records persist (deliverability hygiene).

7. Your rights

Depending on where you live, you may have the right to access, export, correct, or delete your personal data. You can act on most of these from inside the app (Profile → Privacy → Export / Delete). For everything else, email[email protected] and we’ll respond within 30 days.

8. Children

Smart Vault is not directed at children under 13 (or 16 in some jurisdictions). We do not knowingly collect personal data from minors. Family vaults can include children only with the account owner’s acknowledgement and only as read-only or limited contributor roles configured by the parent.

9. International transfers

Our primary database lives in US-East. EU users have data routed via Cloudflare and cached in EU edges, but the system of record sits in the US. We rely on the EU-US Data Privacy Framework and standard contractual clauses with each subprocessor listed above.

10. Changes to this policy

Material changes (new subprocessors, scope expansions, retention shortenings) are announced 30 days before they take effect via in-app banner and email. Minor clarifications are versioned and dated at the top of this page.

11. Contact

Questions? Write to [email protected]. For everything else, [email protected] will route appropriately.