Privacy Policy

Last updated: December 2025

1. Introduction

VaultMate ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our file hygiene and PII discovery platform.

2. Information We Collect

Account Information

When you create an account, we collect your email address, organization name, and password (stored in encrypted form).

Provisioning Token Data

When you generate agent packages, we create and track provisioning tokens including: token identifiers, creation timestamps, expiration times, usage status, and the hostname of the device that used each token. This data enables secure device registration and audit trail capabilities.

Device Information

Our Windows agent collects device identifiers, hostnames, operating system information, and the provisioning token used during registration. This links each device to its original provisioning token for tracking and security purposes.

Scan Data

The agent scans files for patterns matching PII, PHI, and other sensitive data. We collect metadata about findings (file paths, data types found, risk scores) but do not transmit the actual sensitive content.

3. How We Use Your Information

  • To provide and maintain our service
  • To notify you about changes to our service
  • To provide customer support
  • To gather analysis to improve our service
  • To detect, prevent, and address technical issues

4. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Role-based access controls
  • SOC 2 Type II compliance (in progress)

5. Data Retention

We retain your scan reports for as long as your account is active. Local reports on agent devices are automatically deleted after 24 hours of successful upload. We maintain the last 10 scans per device on our servers.

6. Your Rights

Under GDPR and other privacy regulations, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Data portability

7. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@vaultmate.io
Address: VaultMate, Inc.