Privacy Policy

1. Introduction

VaultX ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of your personal information when you use our website, mobile applications, and services (collectively, the "Service").

2. What Data We Collect

Information You Provide Directly

• Registration Information: Full name, email address, date of birth, phone number, password
• Identity Verification: Government-issued ID documents, selfie for facial recognition, proof of address
• Account Information: Country of residence, occupation, employment details, source of funds
• Payment Information: Bank account details, payment method information
• Communication: Messages sent through support channels, feedback, complaints

Information Collected Automatically

• Transaction Data: Send/receive addresses, transaction amounts, timestamps, transaction hashes
• Technical Information: IP address, device identifiers, browser type and version, operating system
• Usage Data: Pages visited, time spent on pages, clicks, interactions with features
• Location Data: Approximate location based on IP address (not precise geolocation)
• Device Information: Device type, hardware model, unique device identifiers

Information from Third Parties

• Identity verification providers (e.g., for KYC compliance)
• Blockchain analytics providers (for transaction monitoring)
• Credit reporting agencies (for fraud prevention)
• Law enforcement and regulatory authorities (upon legal request)

3. How We Use Your Data

We use the information we collect for the following purposes:

• Service Delivery: Creating and maintaining your account, processing transactions, delivering customer support
• Compliance & Legal: Know-your-customer (KYC) verification, anti-money laundering (AML) compliance, regulatory reporting, responding to legal processes
• Security: Detecting and preventing fraud, protecting against unauthorized access, monitoring for suspicious activity
• Customer Communications: Sending service updates, security alerts, promotional content (with your consent), responding to inquiries
• Analytics & Improvement: Analyzing user behavior, improving service quality, developing new features, conducting research
• Legal & Business Operations: Establishing, exercising, or defending legal claims; managing business operations

4. Data Sharing & Disclosure

We Do NOT Sell Your Data

VaultX does not sell, rent, or lease your personal information to third parties for their marketing purposes.

Data Sharing with Authorized Parties

We may share your information with:

• Service Providers: Payment processors, identity verification companies, cloud hosting providers, analytics services (all under strict data protection agreements)
• Legal Authorities: Law enforcement agencies, regulatory bodies, government authorities in response to valid legal requests, subpoenas, or court orders
• Compliance Partners: Blockchain analysis firms for AML/sanctions screening and transaction monitoring
• Business Transfers: In the event of merger, acquisition, bankruptcy, or sale of assets (with notice to you)
• Affiliates & Partners: Related companies and trusted partners involved in providing service enhancements

Regulatory Disclosure

We may be required to disclose your information to financial regulators, tax authorities, and anti-money laundering officers. We comply with all valid legal requests and regulatory demands.

5. Cookies & Tracking

Cookie Usage

VaultX uses the following types of cookies:

• Essential Cookies: Required for authentication, security, and basic service functionality. These cannot be disabled.
• Analytics Cookies: Track usage patterns and user behavior to improve the Service. You may opt out of these.
• Preference Cookies: Remember your settings and preferences (language, theme, etc.)
• Marketing Cookies: Used to display targeted advertisements. You may opt out of these.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, blocking essential cookies may impair service functionality.

Third-Party Tracking

We use Google Analytics and similar services to understand usage patterns. These services may set their own cookies and may share data with their affiliates. Please review their privacy policies for more information.

6. Data Retention

Retention Periods

• Active Account Data: Retained while your account is active and for 3 years after account closure
• Financial Records: Retained for 7 years in compliance with anti-money laundering regulations
• Transaction Data: Retained for 7 years for regulatory and audit purposes
• Identity Verification Documents: Retained for 5 years after account closure
• Backup Copies: May be retained for an additional 6 months for disaster recovery purposes

Deletion Requests

You may request deletion of your data, subject to legal and regulatory obligations. Certain data must be retained for compliance with AML, tax, and financial regulations.

7. Your Privacy Rights

Access & Portability

You have the right to request a copy of the personal information we hold about you and to receive it in a portable, machine-readable format.

Correction

You may request correction of inaccurate or incomplete information about you.

Deletion

You may request deletion of your data, subject to applicable legal and regulatory obligations.

Opt-Out

You may opt out of promotional communications, marketing cookies, and non-essential analytics tracking.

Data Subject Rights (GDPR, CCPA)

If you are subject to GDPR (European Union) or CCPA (California), you have additional rights including the right to restrict processing and object to processing of your data.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@vaultx.io with your request and proof of identity.

8. Security Measures

Technical Safeguards

• AES-256 encryption for data in transit and at rest
• SSL/TLS certificates for secure website connections
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Intrusion detection and prevention systems

Administrative Safeguards

• Access controls limiting employee access to personal data
• Background checks for all personnel with data access
• Data protection training for all employees
• Incident response procedures for potential breaches
• Regular policy review and updates

Data Breach Notification

In the event of a security breach involving your personal data, we will notify you without unreasonable delay, generally within 72 hours of discovery, through email or prominent website notice.

9. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not have data protection laws equivalent to your home country.

By using VaultX, you consent to the transfer of your information to countries outside your country of residence, including to the United States, for the purposes described in this Privacy Policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

VaultX Privacy Team
Email: privacy@vaultx.io
Mailing Address: VaultX Inc., 123 Blockchain Avenue, San Francisco, CA 94105, USA
Data Protection Officer: dpo@vaultx.io

Last Updated: April 2026