This Privacy Policy outlines the manner in which Alexandre Fay, acting as the Data Controller (hereinafter referred to as “the Data Controller,” “we,” “our,” or “us”), collects, uses, stores, and protects the personal information of users (hereinafter referred to as “the User” or “you”) of the “Vault” application (hereinafter referred to as “the Application”).
We are committed to respecting and protecting the privacy of our Users, in accordance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR).
1. Identity and Contact Information of the Data Controller
The Data Controller for data collected via the Application is:
Alexandre Fay
34 Rue Paul Eluard, Comines, France
SIRET Number: [To be completed later upon micro-enterprise registration]
For any questions regarding this Privacy Policy, or to exercise your data protection rights, you may contact us at the following email address: support@vault-application.com or via the contact form available on our website: https://vault-application.com/.
2. Data Not Collected by the Data Controller
It is expressly stated that the Data Controller does not collect, access, or store the content that the User chooses to save within the “Vault” Application, such as photographs, videos, notes, or Browse history.
This data is stored exclusively and privately on the User’s personal iCloud account, managed by Apple Inc. The User is the sole holder of control and access to this content. The Data Controller has no means to access, modify, or retrieve this data. The security and confidentiality of this information are entirely managed by the security measures implemented by Apple and the privacy settings configured by the User on their iCloud account.
3. Data Collected by the Data Controller and Purposes of Processing
Data collection by the Data Controller is limited to information strictly necessary for the operation and improvement of the Application, or is subject to the User’s explicit consent.
3.1. Diagnostic and Performance Data
Types of Data Collected: In the event of an incident or malfunction (crash) of the Application, technical and diagnostic data are collected via the Firebase Crashlytics tool. This data includes non-directly identifying information related to the User’s device (device model, manufacturer, operating system version), unique installation identifiers (which do not allow for direct personal identification of the User), and the Application’s state at the time of the incident (crash information, stack traces).
Purpose of Processing: The processing of this data is solely for the purpose of diagnosing, analyzing, and resolving bugs and technical issues within the Application, to improve its stability, performance, and user experience.
Legal Basis for Processing: The processing is based on the legitimate interest of the Data Controller to ensure the proper functioning, security, and continuous improvement of the Application. This data is processed in a pseudonymized manner and is not used to personally identify the User.
Absence of Data Linking: The diagnostic data collected is not combined with other information in our possession that could establish a direct link to the User’s identity.
3.2. Data Requiring User Consent
Certain features of the Application require access to specific resources on the User’s device. The collection and processing of this data are contingent upon obtaining the User’s explicit consent, requested by the operating system.
Access to Camera and Microphone:
Types of Data Concerned: Video and audio streams captured by the device’s camera and microphone.
Purpose of Processing: To enable the User to take photographs and record videos directly from within the Application for adding them to their “Vault” secure storage, should they choose this option instead of importing existing content from their gallery.
Legal Basis for Processing: The User’s consent. This consent can be revoked at any time by the User via the privacy settings of their device.
Access to Photo/Video Gallery:
Types of Data Concerned: Visual content (photographs and videos) stored on the User’s device.
Purpose of Processing: To enable the import of existing photographs and videos from the device into the “Vault” secure storage. Furthermore, if the User enables the corresponding feature, the Application may, with their specific agreement (restricted or full access depending on User choice), automatically delete imported photos from the device’s gallery after they have been added to “Vault.
Legal Basis for Processing: The User’s consent. This consent can be revoked or permissions modified at any time via the device’s privacy settings. The Application only accesses items selected by the User or specific albums for deletion based on their configuration.
Motion Data:
Types of Data Concerned: Raw data from the device’s motion sensors (e.g., accelerometer, gyroscope).
Purpose of Processing: To activate the “emergency shortcuts” feature (such as specific actions triggered by detecting particular device movements, for example, when the device is face down), only if the User has previously configured and activated this option in the Application’s settings.
Legal Basis for Processing: The User’s consent. The collection and use of this data will only be activated following the User’s explicit activation of this feature.
4. Data Retention Period
Diagnostic Data (Crashlytics): Data collected by Firebase Crashlytics is retained in accordance with Google Firebase’s data retention policies, which generally provide for a maximum duration of 90 days, corresponding to the time necessary for analysis and resolution of technical issues.
Data Stored in iCloud: As stated in Section 2 of this Policy, the Data Controller does not store any of this data. Its retention is managed exclusively by Apple and the privacy settings of the User’s iCloud account.
5. Data Sharing
The Data Controller undertakes not to share any of your personal data with third parties for commercial, advertising, or profiling purposes.
The only data disclosures made are as follows:
Diagnostic data is shared with Google Firebase Crashlytics solely for the purposes described in Section 3.1. This data is anonymized or pseudonymized.
Payment transaction information is processed directly by Apple via StoreKit 2 for in-app purchases. The User’s payment details (credit card number, etc.) are handled exclusively by Apple and are never transmitted to the Data Controller.
6. Data Security Measures
The Data Controller implements appropriate technical and organizational measures to ensure a level of security commensurate with the risk, with the aim of protecting the data we process against unauthorized destruction, loss, alteration, disclosure, or access.
These measures notably include:
Encryption: Sensitive data that the User stores via the Application on iCloud benefits from the encryption inherent to iCloud services provided by Apple.
Access Control: Access to relevant systems and data is strictly limited to authorized personnel necessary for the performance of their duties. No direct access to sensitive data stored by the User on iCloud is possible by us.
Infrastructure Security: Diagnostic data is processed and stored on Google Firebase’s secure infrastructures, which apply rigorous security standards. Our “Vault” server is specifically architected to securely validate purchases and manage promotions, without storing sensitive personal data of Users.
Maintenance and Updates: The “Vault” Application and all its software dependencies are regularly updated to incorporate the latest security enhancements and to correct any known vulnerabilities.
Privacy-by-Design: The technical design of the Application was conceived from its inception to minimize the collection and access to personal data, favoring an architecture where the User retains full control over their sensitive information.
7. User Rights
In accordance with applicable data protection regulations (notably the GDPR), the User possesses several rights regarding their personal data:
Right to Access: Obtain confirmation that your data is being processed and, if so, access to it.
Right to Rectification:Request the correction of inaccurate or incomplete information concerning you.
Right to Erasure: Request the deletion of your data under certain conditions defined by law.
Right to Restriction of Processing: Request the limitation of the processing of your data under certain conditions.
Right to Object:Object to the processing of your data for reasons relating to your particular situation.
Right to Data Portability: Receive the data you have provided to us,in a structured, commonly used, and machine-readable format.
Right to withdraw your consent : For processing based on your consent (such as access to the camera, gallery or sensors), you have the right to withdraw this consent at any time.
How to Exercise Your Rights:
For data stored in iCloud (photographs, videos, notes, Browse history): Since the Data Controller does not have access to this data, the exercise of your rights (access, rectification, erasure, portability) concerning this content must be performed directly by the User via the tools and settings of their iCloud account, managed by Apple Inc.
For diagnostic data (Crashlytics): For any request relating to Crashlytics data, the User may contact us by e-mail at support@vault-application.com or via the contact form on https://vault-application.com/. Although this data is pseudonymized, we undertake to respond to your request within the limits of our technical ability to identify your data via a non-personal installation identifier.
For device access permissions (camera, microphone, gallery, motion sensors): The User can manage and revoke their consent at any time by adjusting the privacy settings for the “Vault” Application directly within their device’s settings.
In case of unresolved questions or complaints, the User also retains the right to lodge a complaint with the competent data protection supervisory authority in their jurisdiction.
8. Changes to This Privacy Policy
The Data Controller reserves the right to modify this Privacy Policy at any time. Any modifications will be published on this page with an updated “Effective Date.” We encourage Users to regularly review this page to stay informed of any changes.
