Introduction At MyVault, we take your privacy extremely seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our MyVault application and service ("Service"). Our fundamental commitment is to provide powerful organizational tools while ensuring your personal data remains private and secure. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy and our Terms of Service. Our Core Privacy Principles MyVault is built on the following privacy principles: Zero-Knowledge Architecture: We cannot access, read, or share your encrypted data. Data Minimization: We collect only what's absolutely necessary to provide the Service. Transparency: We are clear about what data we collect and how we use it. User Control: You maintain complete control over your personal information. No Data Exploitation: We will never sell your personal data or share it with third parties for marketing or advertising. Information We Collect Information You Provide to Us Account Information: When you register for MyVault, we collect basic information such as your email address and account credentials (excluding your secure passphrase). Integration Information: If you choose to connect third-party services (such as Google Drive or iCloud), we collect only the information necessary to establish these connections. Feedback and Communications: Information you provide when you contact us for support, respond to surveys, or participate in the beta program. Information Collected Automatically Device Information: We collect information about the devices you use to access the Service, including hardware model, operating system, unique device identifiers, and mobile network information. Usage Data: We collect limited data about how you interact with the Service, such as features used, actions taken, and performance metrics. Log Data: Our servers automatically record information when you use the Service, including IP address, access times, and crash reports. What We Do NOT Collect or Access Your Passphrase: Due to our zero-knowledge architecture, your passphrase is never transmitted to our servers, and we cannot access it. Your Encrypted Content: We cannot access, read, or analyze the content you store in MyVault, including documents, photos, emails, or any other encrypted information. Metadata Within Your Vault: Information extracted by our AI (such as document dates, categories, or relationships) is stored in encrypted form and is inaccessible to us. How We Use Your Information We use the information we collect for the following purposes: Providing and Improving the Service: To operate and maintain the Service, analyze usage patterns, and develop new features. Security and Fraud Prevention: To protect the security of your account and prevent unauthorized access. Communications: To respond to your inquiries, provide customer support, and send service-related communications. Beta Program Management: To administer the beta program, collect feedback, and improve the Service before public launch. Legal Compliance: To comply with applicable laws, regulations, and legal processes. Data Storage and Security Data Storage Your encrypted data is stored on secure cloud infrastructure provided by Amazon Web Services (AWS). All data is encrypted at rest and in transit using industry-standard encryption protocols. Security Measures We implement and maintain appropriate technical, physical, and administrative security measures designed to protect your information, including: End-to-end encryption (E2EE) using TLS 1.3+ for all data in transit Client-side encryption of all user content Secure enclave technology for processing encrypted data Regular security audits and penetration testing Access controls limiting internal access to systems Data Retention We retain your account information for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete your personal information and encrypted data within 30 days, subject to legal retention requirements. Information Sharing and Disclosure We DO NOT Share Your Data For: Marketing or advertising purposes Data mining or profiling Sale or rental to third parties Any purpose incompatible with this Privacy Policy Limited Sharing Circumstances We may share information only in the following limited circumstances: With Your Consent: When you explicitly authorize us to share information. Service Providers: With trusted third-party service providers who help us operate our Service, subject to confidentiality obligations. Legal Requirements: When required by law, regulation, legal process, or governmental request. Business Transfers: In connection with a merger, acquisition, or sale of assets, where the receiving entity will be bound by this Privacy Policy. Aggregate, De-identified Information: We may share anonymized, aggregated information that cannot reasonably be used to identify you. Connected Services When you connect third-party services (such as Google Drive or iCloud) to MyVault: We access these services only with your explicit permission and only to the extent necessary to provide the requested functionality. Data imported from connected services is encrypted within your MyVault and is not accessible to us. Your use of third-party services is governed by their respective privacy policies and terms of service. Your Rights and Choices You have several rights regarding your personal information: Access and Update: You can access and update your account information through the Service settings. Data Portability: You can export your unencrypted data from the Service at any time. Account Deletion: You can delete your account and associated data at any time. Connected Services: You can manage or revoke access to connected third-party services through the Service settings. Communications: You can opt out of non-essential communications from us. For users in jurisdictions with specific data protection regulations (such as GDPR or CCPA), additional rights may apply. Please contact us to exercise these rights. Children's Privacy MyVault is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. International Data Transfers MyVault is operated in the United States. If you are located outside of the United States, please be aware that information we collect will be transferred to and processed in the United States and other countries. By using the Service, you consent to this transfer and processing of your personal information. We comply with applicable laws regarding international data transfers and implement appropriate safeguards to protect transferred data. Changes to This Privacy Policy We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. For significant changes, we will provide additional notice, such as through the Service or via email. We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Contact Us If you have any questions about this Privacy Policy or our data practices, please contact us at: Email: privacy@myvault.com Postal Address: [MyVault Privacy Department Address] California Privacy Rights If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) regarding your personal information. These rights may include the right to know what personal information we collect, the right to request deletion of your personal information, and the right to opt-out of the sale of your personal information (though we do not sell your personal information). European Economic Area (EEA) Privacy Rights If you are in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR), including the right to access, correct, or delete your personal data, the right to data portability, the right to restrict or object to our processing of your data, and the right to lodge a complaint with a supervisory authority. Legal Basis for Processing (EEA Users) If you are in the EEA, our legal basis for collecting and using your personal information depends on the specific information concerned and the context in which we collect it. We generally rely on the following legal bases: Contract: Processing necessary for the performance of our contract with you (providing the Service). Legitimate Interests: Processing necessary for our legitimate interests, such as improving and securing our Service. Consent: Where you have given us specific consent to process your data. Legal Obligation: Processing necessary to comply with applicable laws. Data Protection Officer For users in regions where applicable, our Data Protection Officer can be contacted at: Email: dpo@myvault.com Postal Address: [MyVault DPO Address]