This Privacy Policy explains how ArkVault collects, uses, and protects your information. Our service is built on a zero-knowledge architecture, which means your privacy is enforced by cryptography, not just policy.

1. Information We Collect

We collect the following information: your email address (for account creation, login, and notifications), your hashed password (we never store plaintext passwords), payment information (processed by Stripe — we do not store card details), vault metadata (creation date, check-in timestamps, failsafe timer settings), trusted contact email addresses, and IP addresses and user agents for login audit logs.

2. Information We Cannot Access

Due to our zero-knowledge architecture, the following data is encrypted on your device and we cannot access it: your vault contents (secrets, passwords, messages), your Recovery Key, your encryption master key, and any passphrase you set. We only store encrypted blobs that are mathematically impossible for us to decrypt.

3. How We Use Your Information

We use your information to: provide and maintain the vault service, send failsafe timer reminders and notifications, notify trusted contacts when a vault is released, process payments, detect and prevent unauthorized access, and send important service updates.

4. Data Storage & Security

Your encrypted vault data is stored on secure servers. We use industry-standard security measures to protect our infrastructure. However, the primary security of your vault contents comes from client-side encryption — even if our servers were compromised, your encrypted data would remain unreadable without the Recovery Key.

5. Third-Party Services

We use Stripe for payment processing. When you make a payment, your payment information is handled directly by Stripe according to their privacy policy. We do not store your credit card details on our servers. We may also use email delivery services to send transactional emails such as check-in reminders and vault release notifications.

6. Data Retention & Deletion

Your vault data is retained as long as your account is active. Vault data is permanently deleted 14 days after a trusted contact recovers the vault. You may request account deletion by contacting support at support@arkvault.app. Upon account deletion, all associated data is permanently removed from our servers.

7. Cookies

ArkVault uses a single essential cookie for authentication purposes. This cookie contains an encrypted token that identifies your session. We do not use tracking cookies, analytics cookies, or any third-party cookies. No cookie consent banner is needed because we only use a strictly necessary authentication cookie.

8. Your Rights

You have the right to: access your account information, update your email address and password, delete your account and all associated data, export your vault data (by decrypting it with your Recovery Key), and withdraw consent by closing your account. To exercise any of these rights, contact us at support@arkvault.app.

9. Children's Privacy

ArkVault is not intended for use by anyone under the age of 18. We do not knowingly collect information from children. If you believe a child has created an account, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The date at the top of this page indicates when the policy was last updated.

11. Contact

If you have questions about this Privacy Policy or your data, please contact us at support@arkvault.app.