Skip to content
Vault logo Vault
en
Legal

Privacy Policy

Effective Date: June 1, 2025

This Privacy Policy describes the terms and conditions under which Vault Studio, acting as the Data Controller (hereinafter referred to as “the Data Controller”, “we”, “our” or “us”), collects, uses, stores and protects the personal information of users (hereinafter referred to as “the User” or “you”) of the “Vault” application (hereinafter referred to as “the Application”).

We are committed to respecting and protecting the privacy of our Users, in accordance with the laws and regulations in force regarding data protection, in particular the General Data Protection Regulation (GDPR).

1. Identity and Contact Information of the Data Controller

The Data Controller of the data collected through the Application is:

Vault Studio

SIRET: 83213367200028

For any question relating to this Privacy Policy, or to exercise your rights regarding the protection of personal data, you may contact us at the following email address: support@vault-application.com or through the contact form available on our website: https://vault-application.com/

2. Nature of the Data Not Collected by the Data Controller

It is expressly stipulated that the Data Controller does not collect, access or store the content that the User chooses to save within the “Vault” Application, such as photographs, videos, notes or browsing history.

This data is stored exclusively and in encrypted form on the User’s personal iCloud account, the management of which is ensured by Apple Inc. The User is the sole holder of control and access to this content. The Data Controller has no means of accessing, modifying or retrieving this data. The security and confidentiality of this information fall entirely within the scope of the security measures implemented by Apple and the privacy settings configured by the User on their iCloud account.

3. Data Collected by the Data Controller and Purposes of Processing

Data collection by the Data Controller is limited to information strictly necessary for the operation and improvement of the Application, or is subject to the User’s explicit consent.

3.1. Diagnostic and Performance Data

Types of data collected: In the event of an incident or malfunction (crash) of the Application, technical and diagnostic data is collected through the Firebase Crashlytics tool. This data includes non-directly identifying information relating to the User’s device (device model, manufacturer, operating system version), unique installation identifiers (which do not allow direct personal identification of the User), as well as the state of the Application at the time of the incident (crash information, stack traces).

Purpose of processing: The processing of this data has the sole purpose of diagnosing, analysing and resolving bugs and technical issues of the Application, in order to improve its stability, performance and user experience.

Legal basis for processing: Processing is based on the legitimate interest of the Data Controller in ensuring the proper functioning, security and continuous improvement of the Application. This data is processed in a pseudonymised manner and is not used for the purpose of personally identifying the User.

No data linking: The diagnostic data collected is not combined with any other information in our possession that would allow a direct link to be established with the User’s identity.

Certain features of the Application require access to specific resources on the User’s device. The collection and processing of this data is subject to obtaining the explicit consent of the User, requested by the operating system.

Access to Camera and Microphone

Types of data concerned: Video and audio streams captured by the device’s camera and microphone.

Purpose of processing: To allow the User to take photographs and record videos directly from the Application in order to add them to their vault in “Vault”, if they choose this option rather than importing existing content from their gallery.

Legal basis for processing: The User’s consent. This consent may be revoked at any time by the User through the privacy settings of their device.

Access to Photo/Video Gallery

Types of data concerned: Visual content (photographs and videos) stored on the User’s device.

Purpose of processing: To allow the importing of existing photographs and videos from the device to the vault in “Vault”. In addition, if the User activates the corresponding feature, the Application may, with their specific agreement (restricted or full access depending on the User’s choice), automatically delete the imported items from the device’s gallery after they have been added to “Vault”.

Legal basis for processing: The User’s consent. This consent may be revoked, or authorisations modified, at any time through the device’s privacy settings. The Application only accesses the items that the User selects or the specific albums for deletion according to their configuration.

Motion Data

Types of data concerned: Raw data from the device’s motion sensors (e.g., accelerometer, gyroscope).

Purpose of processing: To enable the “emergency shortcuts” feature (such as specific actions triggered by the detection of particular device movements, for example when it is turned face down), only if the User has previously configured and activated this option in the Application’s settings.

Legal basis for processing: The User’s consent. The collection and use of this data will only be activated following the explicit activation of this feature by the User.

4. Data Retention Period

  • Diagnostic data (Crashlytics): Data collected by Firebase Crashlytics is retained in accordance with the retention policies of Google Firebase, which generally provide for a maximum duration of 90 days, corresponding to the time required for the analysis and resolution of technical issues.
  • Data stored on iCloud: In accordance with section 2 of this Policy, the Data Controller does not store any of this data. Its retention is managed exclusively by Apple and the privacy settings of the User’s iCloud account.

5. Data Sharing

The Data Controller undertakes not to share any personal data of the User with third parties for commercial, advertising or profiling purposes.

The only data disclosures made are as follows:

  • Diagnostic data is shared with Google Firebase Crashlytics solely for the purposes mentioned in section 3.1. This data is anonymised or pseudonymised.
  • Information relating to payment transactions is processed directly by Apple via StoreKit 2 during in-app purchases. The User’s payment details (credit card number, etc.) are managed exclusively by Apple and are in no case transmitted to the Data Controller.

6. Security Measures

The Data Controller implements appropriate technical and organisational measures to ensure a level of security adapted to the risk, in order to protect the data we process against any destruction, loss, alteration, unauthorised disclosure or unauthorised access.

These measures include in particular:

  • Encryption: The sensitive data that the User stores through the Application on iCloud benefits from the encryption inherent to the iCloud services provided by Apple.
  • Access control: Access to relevant systems and data is strictly limited to authorised personnel necessary for the performance of their duties. No direct access to sensitive data stored by the User on iCloud is possible on our part.
  • Infrastructure security: Diagnostic data is processed and stored on Google Firebase’s secure infrastructure, which applies rigorous security standards. Our “Vault” server is specifically architected to validate purchases and manage promotions securely, without retaining sensitive personal data of Users.
  • Maintenance and updates: The “Vault” Application and all its software dependencies are subject to regular updates in order to incorporate the latest security advances and correct any vulnerabilities.
  • Privacy by design: The technical design of the Application has been thought out from the outset to minimise the collection and access to personal data, favouring an architecture where the User retains full control over their sensitive information.

7. User Rights

In accordance with the applicable regulations regarding data protection (in particular the GDPR), the User has several rights concerning their personal data:

  • Right of access: To obtain confirmation that data concerning you is being processed and, where applicable, to request a copy.
  • Right of rectification: To request the correction of inaccurate or incomplete information concerning you.
  • Right to erasure: To request the deletion of your data under certain conditions defined by law.
  • Right to restriction of processing: To request the restriction of the processing of your data under certain conditions.
  • Right to object: To object to the processing of your data for reasons relating to your particular situation.
  • Right to data portability: To receive the data you have provided to us, in a structured, commonly used and machine-readable format.
  • Right to withdraw your consent: For processing based on your consent (such as access to the camera, gallery or sensors), you have the right to withdraw this consent at any time.

How to Exercise Your Rights

  • For data stored on iCloud (photographs, videos, notes, browsing history): Given that the Data Controller does not have access to this data, the exercise of your rights (access, rectification, erasure, portability) concerning this content must be carried out directly by the User through the tools and settings of their iCloud account, managed by Apple Inc.
  • For diagnostic data (Crashlytics): For any request relating to crash diagnostic data, the User may contact us by email at support@vault-application.com or through the contact form on https://vault-application.com/. Although this data is pseudonymised, we undertake to respond to your request to the extent of our technical capabilities to identify the data concerning you via a non-personal installation identifier.
  • For device access authorisations (camera, microphone, gallery, motion sensors): The User may manage and revoke their consent at any time by adjusting the privacy settings of the “Vault” Application directly in the settings of their device.

In the event of questions or complaints not resolved directly with us, the User retains the right to lodge a complaint with the competent supervisory authority for data protection (for example, the Commission Nationale de l’Informatique et des Libertés — CNIL — in France).

8. Changes to This Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy at any time. Any modification will be published on this page with the updated “Effective Date”. We invite Users to consult this page regularly to take note of any changes.