VaultChat Privacy Policy

1. Who We Are

VaultChat is operated by AUXXILUS MEDIA LLC, a New Jersey limited liability company headquartered in Glassboro, New Jersey, United States.

For privacy questions, contact privacy@vaultchat.co. For general support, contact support@vaultchat.co.

This Privacy Policy describes how we collect, use, share, and protect personal information when you use the VaultChat mobile app (the "Service"). It applies to everyone who uses VaultChat, anywhere in the world.

2. What We Collect — and What We Don't

Information you provide at sign-up

• Email address (or phone number) — to create your account and verify it's you
• Handle (e.g. @yourname) — your unique public identifier within VaultChat
• Display name and avatar (optional) — what other users see when you message them
• Password — never stored in cleartext; we store only a one-way hash that we cannot reverse

Information stored only on your device

The following are stored locally on your phone, never transmitted to our servers:

• Your NaCl private key — the secret half of the encryption keypair that decrypts messages addressed to you. If you lose it (e.g., you uninstall the app without backing it up), prior messages cannot be decrypted, even by us.
• Your Real PIN, Decoy PIN, and Vault PIN
• Your cached message history (stored encrypted at rest by iOS Data Protection)
• Your chat folder definitions, contact name overrides, theme preference, and other UI preferences
• Your blocked users list (mirrored from our server for offline filtering)

Information we receive when you use VaultChat

What we do not collect

• The plaintext contents of any message, photo, video, voice note, file, or call
• Your phone's contact list (we never upload your address book — see "Contact discovery" below)
• Your location (unless you choose to share a location pin in a message)
• Browsing history, web tracking data, or behavioral profiles
• Advertising identifiers (currently). If we add advertising to the free tier in the future, this section will be updated and users notified.
• Biometric data (Face ID / Touch ID happens on your device; we never see the result)

Diagnostic information (optional)

If the app crashes or hits a serious error, iOS may offer to share an anonymous crash report with us. You can disable this in iOS Settings → Privacy & Security → Analytics & Improvements. We use crash data only to fix bugs.

3. Contact Discovery

To help you find friends already on VaultChat, we offer optional contact sync. Here's exactly how it works:

• VaultChat asks for permission to read your phone contacts. You can decline — the app still works.
• If you grant permission, VaultChat normalizes each phone number on your device into E.164 format and computes a one-way SHA-256 hash of each one.
• Only the hashes are sent to our server, where we check whether any of them match the hashed phone numbers of registered VaultChat users.
• We return only the matches. We do not store the unmatched hashes. We never see the actual phone numbers from your address book, and we never see the names you have for them.
• You can disable contact sync at any time and revoke iOS permission in Settings → VaultChat → Contacts.

4. End-to-End Encryption

VaultChat uses the NaCl (TweetNaCl) public-key authenticated encryption primitive — specifically crypto_box_curve25519xsalsa20poly1305 — for one-to-one and group messages. When you send a message:

• Your device fetches the recipient's public key from our key directory.
• Your device combines that public key with your own private key to derive a shared secret.
• Your device encrypts the plaintext with that shared secret and a random nonce.
• Only the ciphertext, the nonce, and the sender / recipient identifiers travel to our server.
• The recipient's device performs the inverse operation to recover the plaintext.

Because the shared secret is derived locally on each device using each party's private key, the server has no way to derive that secret and cannot decrypt the ciphertext. This is mathematically true, not policy-true — it does not rely on us promising not to look.

For voice and video calls, audio and video stream peer-to-peer over WebRTC with mandatory DTLS-SRTP encryption. Where direct peer-to-peer fails (typically because both parties are behind restrictive NATs), traffic is relayed through a TURN server but stays encrypted end-to-end — the relay sees only encrypted UDP packets.

The limits of end-to-end encryption you should understand:

• Group names, group descriptions, your handle, your display name, and your avatar are not encrypted. They need to be readable for the service to function.
• Online presence and last-seen timestamps are not encrypted.
• If you choose to forward a copy of a message in a Report, that forwarded copy arrives unencrypted to our safety team — by your explicit consent.
• If your device is unlocked and in someone else's hands, they can read your messages. Encryption protects content in transit and at rest on our servers; it cannot protect content from a person physically using your unlocked phone.

5. How We Use Your Information

We use the information described above to:

• Operate the service — deliver messages, place calls, register your account, send verification emails
• Keep VaultChat safe — review reports, enforce our Community Guidelines and Child Safety Policy, detect abuse and ban evasion
• Provide customer support — respond to support emails and account inquiries
• Process subscriptions — verify Apple receipts, unlock Premium features, send renewal reminders
• Comply with legal obligations — respond to lawful law-enforcement requests, report apparent CSAM to NCMEC under 18 U.S.C. § 2258A, retain records as required by law
• Improve the service — diagnose bugs from crash reports, plan capacity

We do not use your information to:

• Train AI or machine-learning models on your messages
• Target you with third-party advertising (currently — see notice at top of this policy regarding future changes)
• Build behavioral profiles
• Sell or rent your data to anyone, ever

6. Who We Share Information With

We share personal information only with the service providers we need to operate VaultChat, with law enforcement when legally required, and in the limited safety scenarios described in our Child Safety Policy. We do not share your data with advertisers, data brokers, or analytics companies under our current configuration. If we add a third-party advertising network in the future, that network will be listed in our Third-Party Services section and disclosed before any data sharing begins.

Service providers (sub-processors)

Law enforcement

We respond to lawful preservation requests, subpoenas, court orders, and search warrants from law enforcement agencies that comply with applicable law. We do not voluntarily disclose user information except in the narrow circumstances permitted by law (e.g., emergency disclosure under 18 U.S.C. § 2702(b)(8)).

Because the contents of your messages are end-to-end encrypted, the data we can produce in response to a lawful request is limited to the information described in Section 2 — primarily account metadata, subscription history, encrypted blobs we cannot decrypt, and (where applicable) any content a user explicitly forwarded to us through the in-app Report flow.

Business transfers

If AUXXILUS MEDIA LLC is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may transfer to the successor entity. We will notify you (by email or in-app) before your information becomes subject to a different privacy policy.

7. International Data Transfers

VaultChat is operated from the United States. If you use VaultChat from outside the U.S., your information will be transferred to and processed in the U.S. The U.S. has data-protection laws that differ from those of your country and may not provide the same level of protection.

If you are in the European Economic Area, the United Kingdom, or Switzerland, transfers of your personal information to the U.S. and to our sub-processors are made on the basis of (a) the European Commission's Standard Contractual Clauses, (b) sub-processor self-certification under the EU–U.S. Data Privacy Framework, or (c) your consent.

8. Data Retention

We retain personal information for as long as your account is active, plus the additional periods described below, after which we delete or anonymize it.

• Encrypted message ciphertext — retained on our server in an in-memory rolling buffer of the most recent 500 messages per chat. Older messages exist only on your device.
• Account record — retained while your account is active. On account deletion, the record is removed within 30 days, except as noted below.
• Handle reservation — your handle is held for 30 days after account deletion, then released for reuse.
• Reports — retained for the period necessary to investigate, enforce against repeat offenders, and meet legal obligations. Reports involving apparent CSAM are retained for the period required by 18 U.S.C. § 2258A (currently 90 days, extendable on request from law enforcement).
• Banned-account records — retained indefinitely so that re-registration attempts can be detected and blocked.
• Subscription receipts — retained for as long as required for tax, audit, and dispute-resolution purposes (typically 7 years).
• Backups — backups containing your data may persist for up to 35 days after deletion before they are overwritten on the normal rotation.

9. Your Rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your account and associated personal information (Settings → Privacy → Delete Account)
• Port a copy of your account data in a structured, commonly-used format
• Object to or restrict certain processing
• Withdraw consent for processing that is based on consent (e.g., contact sync)
• Lodge a complaint with your local data-protection authority

To exercise any of these rights, email privacy@vaultchat.co from the address associated with your account. We will verify your identity before acting on your request and respond within the timeframe required by applicable law (generally 30 days).

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act gives you the rights described in Section 9 above, plus:

• The right to know the categories of personal information we collect, the sources, the business purposes, and the categories of third parties we share it with — all of which is disclosed throughout this Privacy Policy.
• The right to opt out of the "sale" or "sharing" of your personal information. VaultChat does not currently sell or share your personal information for cross-context behavioral advertising. If we add advertising in the future, we will provide a Do Not Sell or Share My Personal Information mechanism in the app at that time.
• The right not to be discriminated against for exercising your privacy rights.

To exercise California rights, email privacy@vaultchat.co. You may designate an authorized agent to make a request on your behalf.

11. European / UK Privacy Rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our lawful bases for processing your personal information are:

• Performance of a contract — to deliver the messaging service you asked for when you created your account
• Legitimate interests — to keep VaultChat safe, secure, and free of abuse, and to defend our legal rights
• Legal obligation — to comply with applicable law, including child-safety reporting under 18 U.S.C. § 2258A
• Consent — for processing that requires it, such as contact sync or sending a forwarded copy of content with a Report. You may withdraw consent at any time.

If you have a complaint, you may contact your national data-protection authority. We will work with you to resolve any dispute first, and we encourage you to do so by emailing privacy@vaultchat.co.

12. Children's Privacy

VaultChat is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to VaultChat, contact us at privacy@vaultchat.co and we will promptly delete the account.

For users aged 13–17, parental or guardian consent is required, as described in our Terms of Service.

13. Security

We protect your personal information through:

• End-to-end encryption of message contents (NaCl box) and call media (DTLS-SRTP), as described in Section 4
• TLS 1.2+ for every connection between the app and our servers, even though the payload is already separately encrypted
• Hashed PINs stored only in iOS Secure Enclave / Keychain
• Row-level security (RLS) on every database table, enforced by Postgres before any query result is returned
• Least-privilege access — only a small number of named individuals at AUXXILUS MEDIA LLC have administrative access, and access is logged
• Service-provider vetting — every sub-processor listed in Section 6 has signed a data-processing agreement with us

No system is perfectly secure. If you become aware of a security issue affecting VaultChat, please report it responsibly to security@vaultchat.co.

14. Changes to This Policy

We may update this Privacy Policy as VaultChat evolves and as the law changes. Material changes will be reflected in the "Last Updated" date at the top of this page. For changes that meaningfully expand the categories of data we collect or the purposes for which we use it, we will notify you by email or in-app before the change takes effect.

15. Contact

• Email: privacy@vaultchat.co
• Website: vaultchat.co
• Address: AUXXILUS MEDIA LLC, 11 Hetton Court, Glassboro, NJ 08028