Privacy Policy

1. Data Storage and Telemetry

Vaultr is designed to function with minimal required data. We collect your email address purely for account authentication and recovery identification. The application does not bundle third-party product analytics, ad-tracking scripts, or invasive telemetry.

2. Processing of Vault Content

Any secret you save (such as passwords, API keys, or notes) is encrypted natively on your device before reaching the database infrastructure. We process these encrypted payloads strictly for storage and retrieval. Our servers cannot read the plaintext values of your secrets.

3. Third-Party Integrations

Depending on your configuration, Vaultr may interact with the Have I Been Pwned algorithm for breach monitoring. This integration sends a 5-character SHA-1 prefix of your password, preserving anonymity and ensuring the full hash is never exposed to the network.

4. Data Deletion

When items are deleted from your vault, they are removed from active queries. Complete purging of soft-deleted records depends on the specific retention rules defined by the environment host.

5. Updates to This Policy

We may periodically update this policy to reflect changes in how the software handles data. Major architectural changes involving data flow will be formally documented in the release changelogs.