Privacy Policy

Last Updated: January 22, 2026

1. Introduction

This Privacy Policy explains how Vaultlet ("we," "us," or "our") collects, uses, and discloses information about you when you use our application ""App") for storing application secrets and related services (collectively, the "Services").

We are committed to protecting your privacy and handling your data transparently and securely. We only collect the minimal information necessary to provide, secure, and improve our Services.

2. Information We Collect

We collect very limited information, which falls into two categories:

A. Information You Provide Directly:

  • Account Information: Your email address and a hashed version of your password when you create an account.
  • Secrets Data: The application secrets (e.g., API keys, passwords, tokens) that you choose to store within the App. This data is encrypted and we cannot access its plaintext content.
  • Communications: If you contact us for support, we collect your email address and the contents of your message.

B. Information Collected Automatically (Operational Data):

We automatically collect limited technical data necessary for the operation and security of our Services:

  • Log Data: Standard server logs including your IP address, browser type, pages visited, and the date and time of your access. Error logs, which may contain limited data about a malfunction (like an error code or a non-sensitive event ID) to help us diagnose problems.
  • Device Information: Basic information about the device and application you use to access our Services, such as operating system version and App version.
  • Usage Data: Aggregated, non-identifiable data about interactions with the App (e.g., feature usage counts) to understand how the Services are used.

We explicitly do not track browsing activity across other sites, use cookies for advertising, or collect any personal data beyond what is listed here.

3. How We Use Your Information

We use the information we collect solely for the following purposes:

  • To provide, operate, maintain, and secure the Services.
  • To authenticate your account and allow you access to your data.
  • To respond to your comments and support requests.
  • To monitor and analyze trends, usage, and activities (in aggregate form) to improve the Services.
  • To detect, prevent, and address technical issues, security vulnerabilities, or fraudulent activity.
  • To comply with legal obligations.

4. How We Share Your Information

We do not and will not sell, rent, or trade your personal information or your Secrets with any third parties for their commercial purposes.

We only share information in the following limited circumstances:

  • Service Providers: With trusted third-party vendors who perform services on our behalf (e.g., cloud hosting, database management, error reporting). These partners are contractually bound to protect your data and use it only as we instruct.
  • Legal Compliance: If required to do so by law or in response to a valid legal process (e.g., court order, subpoena).
  • Protection of Rights: To protect the rights, property, or safety of Vaultlet, our users, or the public as required or permitted by law.
  • Business Transfer: In connection with a merger, sale of company assets, financing, or acquisition of all or a portion of our business.

5. Data Security

The security of your data, especially your Secrets, is our top priority.

We implement industry-standard administrative, technical, and physical safeguards designed to protect your information.

Secrets are encrypted at rest and in transit. We utilize strong, modern encryption standards.

Zero-Knowledge Principle: We employ a zero-knowledge architecture for your Secrets. They are encrypted client-side with a key we do not possess. We cannot decrypt or access the plaintext content of your stored Secrets.

Access to our systems is strictly limited to authorized personnel who require it to operate the Services.

6. Your Data, Your Control

  • Access & Correction: You can access and update your account information (like your email) directly within the App's settings.
  • Data Deletion: You can delete your Secrets at any time. You may also delete your entire account, which will initiate the removal of your personal information and Secrets from our active systems. Some data may persist in secure backups for a limited period as part of our disaster recovery process before being purged.
  • Opt-Out: As we do not send marketing communications, there is no newsletter to opt-out of.

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

  • Account Data: Retained while your account is active.
  • Operational Logs (Error Logs, etc.): Typically retained for a short period (e.g., 30-90 days) for security and debugging purposes, unless a specific issue requires longer review.
  • Backups: Deleted data may remain in encrypted backups for a limited time as part of our standard security procedures.

8. International Data Transfers

Our Services are operated in the United States. If you are accessing the Services from outside this region, please be aware that your information may be transferred to, stored, and processed there. We ensure appropriate safeguards are in place for such transfers.

9. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at: contactus@sinkly.app