Privacy Policy

Last updated: April 9, 2026

Our Commitment to Privacy

At My Signal Vault, we value your privacy above all else. Privacy is not just a feature of our platform — it is the foundation upon which My Signal Vault is built. We believe that your personal data, files, and communications belong to you and only you. Our entire architecture is designed with a privacy-first approach, employing end-to-end encryption and zero-knowledge principles wherever possible to ensure that your data remains yours.

1. Information We Collect

We collect only the minimum information necessary to provide and improve the Service:

  • Account Information: Your name, email address, and password (stored as a bcrypt hash — we never store your plaintext password).
  • Profile Data: Your chosen timezone and notification preferences.
  • Encrypted Files: Files you upload are encrypted with AES-256-GCM before storage. We cannot read or access the contents of your encrypted files.
  • Vault Data: Vault titles, recipient email addresses, and messages are encrypted at the field level using AES-256 encryption before being stored in our database.
  • Payment Information: Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or bank details on our servers. We only retain your Stripe customer ID for subscription management.
  • Usage Data: IP addresses (for security and brute force protection), login timestamps, and basic activity logs to help you monitor your account security.

2. How We Protect Your Data

Security is at the core of everything we do:

  • AES-256-GCM Encryption: All uploaded files are encrypted with AES-256-GCM, a military-grade encryption standard, before they are stored. Each file receives a unique encryption key.
  • Field-Level Encryption: Sensitive database fields (names, emails, vault titles, messages, recipient emails) are individually encrypted using AES-256 before storage.
  • Secure Password Storage: Passwords are hashed using bcrypt with individual salts. We never store or have access to your plaintext password.
  • Multi-Factor Authentication (MFA): Optional TOTP-based two-factor authentication adds an additional layer of protection to your account.
  • Brute Force Protection: Automated IP-based blocking prevents unauthorized access attempts. IPs are blocked after repeated failed login attempts.
  • Encrypted Transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
  • Secure File Delivery: When vaults trigger, files are delivered via time-limited secure download links (72-hour expiry, maximum 10 downloads) rather than email attachments, ensuring files are never exposed in plain text.

3. How We Use Your Information

We use your information solely for the following purposes:

  • To provide, maintain, and improve the My Signal Vault service.
  • To process vault triggers and deliver encrypted content to your designated recipients.
  • To send check-in reminders, vault trigger notifications, and subscription-related emails.
  • To process payments and manage your subscription through Stripe.
  • To protect the security and integrity of the Service, including detecting and preventing fraud, abuse, and unauthorized access.
  • To provide customer support and respond to your inquiries.

4. What We Do NOT Do

We take a firm stance on the following:

  • We do NOT sell your data. Your personal information is never sold, rented, or traded to any third party, for any reason, ever.
  • We do NOT share your data with advertisers. My Signal Vault does not display advertisements and does not share any user data with advertising networks or data brokers.
  • We do NOT read your encrypted files. Your files are encrypted before storage and can only be decrypted with your unique keys. We have no ability to access the contents of your files.
  • We do NOT track you across the web. We do not use third-party tracking cookies, analytics pixels, or behavioural tracking tools.
  • We do NOT use your data for AI training. Your content is never used to train machine learning models or AI systems.

5. Third-Party Services

We use a limited number of trusted third-party services to operate My Signal Vault:

  • Stripe: For secure payment processing. Stripe has its own privacy policy and is PCI-DSS Level 1 certified.
  • Email Delivery Provider: For transactional email delivery (check-in reminders, vault trigger notifications). We share only the minimum email data required for delivery.
  • Cloud Storage Provider: For encrypted file storage. Files are encrypted before upload — the storage provider cannot access your file contents.

We do not share your data with any other third parties beyond what is strictly necessary to provide the Service.

6. Data Retention

We retain your account data for as long as your account is active. If you choose to delete your account, all associated data — including your profile, vaults, files, and audit logs — is permanently and irreversibly deleted from our systems. Encrypted files are removed from cloud storage and encryption keys are destroyed. We do not maintain backups of deleted accounts.

7. Your Rights

You have the right to:

  • Access and view all data associated with your account through the Dashboard, Profile, and Activity Log.
  • Update or correct your personal information at any time through your Profile settings.
  • Download your files at any time from the Files page.
  • Delete your account and all associated data permanently at any time.
  • Opt out of non-essential email notifications through your Notification preferences.

8. Children's Privacy

My Signal Vault is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take immediate steps to delete that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a notice on the Service prior to the change becoming effective. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions, concerns, or requests regarding your privacy or this Privacy Policy, please contact us at support@mysignalvault.io.