VaultApp

Privacy Policy

How we collect, use, and protect your personal data in compliance with UK GDPR and Data Protection Act 2018. Your privacy and security are our top priorities.

Last updated: 19 August 2025

This Privacy Policy explains how [VaultApp Ltd] ("VaultApp", "we", "us", "our") collects, uses, shares and protects your personal data when you visit vaultapp.co.uk or use our web application and related services (the "Service"). We comply with the UK General Data Protection Regulation, the Data Protection Act 2018, and other applicable UK privacy laws.

If anything is unclear, email privacy@vaultapp.co.uk.

1. Who we are and how to contact us

Data controller

VaultApp Ltd
Company number: 16555879
Registered office: 15 Haystack Avenue, Chippenham, Wiltshire, SN14 0FY
Email: privacy@vaultapp.co.uk

If you prefer to write by post, send to the registered office above, marked "FAO Privacy".

2. What this policy covers

This policy applies to:

  • Visitors to our marketing pages, for example Home, Features, Pricing, and Contact.
  • Individuals who create a VaultApp account, including family members, attorneys, executors, or other trusted contacts who are invited to access information.
  • People who communicate with us by email, form, or social media.
  • Prospective customers who receive marketing from us.

If you access VaultApp through an introducer or professional firm, that firm may also be a controller for its own purposes. This policy explains what we do with your data when you use our Service.

3. The data we collect

3.1 Information you provide to us

  • Account details, for example name, email address, password, phone number, country.
  • Profile and sharing settings, for example nominated family members or professionals and their contact details, plus permissions you set.
  • Vault content you choose to store, for example document metadata, categories, notes and attachments, which can include personal and financial information.
  • Support communications, for example queries, feedback, complaints.
  • Marketing preferences, for example your subscription status and communication choices.

3.2 Information we collect automatically

  • Device and log data, for example IP address, browser type, operating system, pages viewed, timestamps, and referrer.
  • Cookies and similar technologies, used to keep you signed in, remember preferences, improve performance, and measure usage. See section 11.

3.3 Information from third parties

  • Payment information from our payment provider, for example Stripe. We receive limited data such as card brand, last four digits, and transaction references. We do not store full card numbers.
  • Introducers or professional users may share your details with your permission so we can set up an account or invite you to collaborate.

3.4 Special category data

You may upload documents that contain special category data, for example health information. We process such information only because you choose to store it and share it with people you select. You can remove it at any time inside the app.

4. Purposes and lawful bases

We use your personal data only where the law allows. The table below summarises our purposes and lawful bases.

PurposeExamplesLawful basis
Provide and maintain the ServiceCreate your account, store and display your vault content, enable permissions and sharingPerformance of a contract
Security and account integrityAuthentication, optional multi factor, session management, fraud prevention, audit logsLegitimate interests in keeping accounts secure, and legal obligation where applicable
Emergency access featuresAllow your nominated contacts to view information when you activate emergency access, or when conditions you set are metPerformance of a contract, and in limited cases vital interests
Payments and subscriptionsProcess payments, manage billing, prevent fraudPerformance of a contract, legitimate interests
Customer supportRespond to queries, fix issues, improve usabilityLegitimate interests in running our business and helping users
Analytics on our siteUnderstand usage in order to improve features and performance, using aggregated or pseudonymous dataLegitimate interests, or consent where required
Marketing communicationsSend newsletters or product updates if you opt in, you can unsubscribe at any timeConsent
Price comparisons and switching that you requestSend the minimum needed data to a comparison or switching provider in order to fetch quotes, pre fill a switching form, record your selectionsPerformance of a contract, or legitimate interests in providing a requested tool, or consent where a partner will contact you directly

5. Sharing your information

We do not sell personal data. We share it only as described below.

5.1 Service providers acting as processors

We use trusted providers to deliver the Service, for example hosting, storage, authentication, payments, support, and analytics. These providers act on our instructions, do not use your data for their own purposes, and are bound by contract. Typical providers include:

  • Supabase for database and authentication.
  • Netlify for site hosting and delivery.
  • Stripe for payments.
  • Email and support tools, used to respond to your requests.

5.2 Selected partners when you ask us to

If you choose a comparison or switching feature, for example car insurance or energy tariffs, we will share only the minimum data needed to obtain quotes and show you options. We will identify the partner on the relevant form or page before you submit, you can decide whether to proceed. If the partner needs to contact you directly, or will process your data as an independent controller, we will ask for your consent and will name the partner. You can withdraw consent at any time, this does not affect processing before withdrawal.

Categories of partners may include price comparison providers, energy and telecoms switching services, insurers and brokers, and other financial or utility marketplaces. Partner identities may change over time. Current partners are listed on the relevant comparison page or form.

5.3 People you choose to share with

You can invite family members, attorneys, executors, or other trusted contacts. They can view only the items you permit.

5.4 Professional advisers, authorities, and corporate events

We may share limited data with our professional advisers, for example lawyers and accountants, for compliance and risk management. We may share data where required by law, to protect rights, or to respond to lawful requests. If we are involved in a merger, acquisition, or reorganisation, we will inform you and your data will remain protected under this policy or a similar successor policy.

6. International transfers

Our main operations are in the UK. Some providers may process data in the EEA or other countries. Where data is transferred outside the UK, we use appropriate safeguards, for example the UK Addendum to the EU Standard Contractual Clauses or other legally adequate mechanisms. Contact us for details of the safeguards that apply to your data.

7. Security

We take appropriate technical and organisational measures, including:

  • Encryption in transit using HTTPS and TLS, and encryption at rest provided by our infrastructure providers.
  • Access controls, authentication, and role based permissions.
  • Audit logging and monitoring.
  • Regular backups and tested recovery procedures.
  • Staff training and least privilege access.
  • Vendor due diligence and processor contracts.

No online service is 100 percent secure. If we believe your data is affected by a personal data breach that poses a risk to you, we will notify you and the ICO where required.

8. Data retention

We keep data only as long as needed for the purposes set out above. Typical periods are:

  • Account data and vault content, kept for the life of your account. When you close your account, we delete or anonymise your data within 30 to 90 days, except where we must keep limited records for legal or taxation purposes.
  • Support emails and tickets, usually up to 24 months.
  • Payment records, seven years for accounting and tax compliance.
  • Backups, retained for a limited rolling period, then overwritten.

You can delete vault items yourself at any time inside the app.

9. Your rights

You have rights under UK GDPR, subject to conditions. These include:

  • Access your personal data and receive a copy.
  • Correct inaccurate or incomplete data.
  • Erase your data in certain situations.
  • Restrict or object to certain processing.
  • Port your data to another provider, where technically feasible.
  • Withdraw consent where we rely on consent.
  • Complain to the UK Information Commissioner's Office.

How to exercise your rights

Email privacy@vaultapp.co.uk. We may ask for proof of identity before we act. We aim to respond within one month.

ICO contact details

www.ico.org.uk, 0303 123 1113, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

10. Children

VaultApp is intended for adults, 18 or over. If you believe a child has provided personal data to us, contact privacy@vaultapp.co.uk so we can delete it.

11. Cookies and similar technologies

We use essential cookies to run the Service and keep you signed in. We may use optional analytics cookies to understand how the site is used. You can control non essential cookies in your browser and, where available, through our cookie banner. If you block essential cookies, parts of the Service may not work.

If you use third party comparison widgets, they may set essential cookies to keep your session or carry your inputs between steps. We will seek consent for any non essential tracking used by such widgets.

12. Marketing

We send marketing only if you have opted in. You can opt out at any time by clicking "unsubscribe" or by updating your preferences. We may still send service messages, for example important notices about your account or changes to our terms.

We do not allow partners to send you their marketing unless you consent to this separately.

13. Automated decision making and profiling

VaultApp does not make decisions that have legal or similarly significant effects based solely on automated processing. If we introduce features that profile data to offer you products or services, for example to help you compare, we will explain the logic in plain English and your choices, and we will ask for consent where required.

14. Acting as a processor for business clients

If a business or professional firm uses VaultApp to manage data about its clients, we may act as a processor for that firm, and the firm will be the controller for those client records. In that case our Data Processing Addendum applies in addition to this policy. Contact us for a copy.

15. Third party links

Our site may contain links to third party websites. We are not responsible for their privacy practices or content. Read their policies before you provide personal data.

16. Changes to this policy

We may update this policy from time to time in order to reflect changes in law or changes in the Service. We will post the new version here and update the date at the top. If changes are significant, we will notify you by email or in the app.

Contact Our Privacy Team

If you have any questions about this Privacy Policy or how we handle your personal data, please don't hesitate to contact us.

Email Privacy TeamContact Support