01Introduction
Vaulnox ("we," "us," or "our") operates the Vaulnox mobile application and website at vaulnox.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy.
02Information We Collect
We collect information you provide directly to us, including:
- Account Information: Name, email address, and password when you register.
- Identity Verification: Government-issued ID and selfie photos required for KYC compliance.
- Transaction Data: Wallet addresses, transaction amounts, and blockchain activity.
- Device Information: Device identifiers, operating system, and app version for security and support purposes.
- Communications: Messages you send to our support team.
03How We Use Your Information
We use the information we collect to:
- Create and manage your account and wallet
- Process transactions and send related notifications
- Verify your identity and comply with legal obligations (AML/KYC)
- Provide customer support
- Detect, investigate, and prevent fraud and security incidents
- Improve and develop our Service
- Send service-related communications (not marketing without consent)
04Data Security
We implement industry-standard security measures to protect your information, including:
- MPC (Multi-Party Computation): Wallet private keys are never stored in a single location. Key shares are distributed across secure enclaves.
- Encryption at rest and in transit: All sensitive data is encrypted using AES-256 at rest and TLS 1.3 in transit.
- Post-Quantum Cryptography: We use ML-DSA-44 (FIPS 204) for transaction signing, providing protection against quantum computing threats.
- Biometric Authentication: Face ID / Touch ID for local device access.
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
05Third-Party Services
We work with trusted third-party providers to deliver our Service:
- Dynamic.xyz: MPC wallet infrastructure and authentication. Your wallet key shares are managed through Dynamic's secure WAAS (Wallet-as-a-Service) platform.
- Bridge.xyz: Fiat-to-crypto conversion and ACH payment processing.
- Ramp Network: Card payment processing for crypto purchases.
- AWS (Amazon Web Services): Cloud infrastructure and secure enclave hosting.
Each third party has their own privacy policy governing their data handling. We share only the minimum data necessary for each service to function.
06Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. We also retain data as required by applicable law (including AML/KYC regulations, which typically require 5 years of transaction records). When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
07Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention obligations.
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing of your data for certain purposes.
To exercise any of these rights, contact us at customerservice@vaulnox.com. We will respond within 30 days.
08Google API Data Usage
Our app uses Google APIs to enable wallet key share backup to your personal Google Drive. This section discloses how we handle data received from Google in compliance with the Google API Services User Data Policy, including the Limited Use requirements.
Data Received from Google:
- Your Google account email address and profile name (used to verify identity during backup).
- OAuth access token scoped to
https://www.googleapis.com/auth/drive.file(access only to files created by our app).
How We Use Google Data:
- We use the
drive.filescope exclusively to create and update one encrypted backup file in your Google Drive. This file contains your encrypted MPC wallet key share — without it, recovery is impossible on a new device. - We do not read, modify, or delete any other files in your Google Drive.
- We do not use Google account information for advertising or marketing purposes.
Sharing of Google Data:
- We do not share Google account data or your Google Drive data with any third party.
- The encrypted backup file is written to your own Google Drive — we never have access to your Google Drive on our servers.
- Dynamic.xyz (our wallet infrastructure provider) participates in the encryption process but does not receive your Google credentials or Drive access.
Deletion of Google Data:
- You can revoke our Google Drive access at any time via Google Account Permissions. Note: revoking access does not delete the backup file already in your Drive; you can delete it manually.
- When you delete your Vaulnox account, we will disconnect your Google account link. The backup file in your Drive will remain until you manually delete it.
Limited Use Compliance: Our use of data received from Google APIs adheres to the Google API Services User Data Policy Limited Use requirements. We use Google user data only to provide the backup and recovery feature described above, and not for any other purpose.
09Contact Us
If you have questions or concerns about this Privacy Policy, or wish to exercise your data rights, please contact us:
Vaulnox
Email: customerservice@vaulnox.com
Website: https://vaulnox.com