Privacy Policy for PrivaVault

Introduction

PrivaVault ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

Please read this privacy policy carefully. By using PrivaVault, you agree to the collection and use of information in accordance with this policy.

Geographic Restrictions

This geographic restriction is implemented to ensure compliance with applicable laws and regulations in the jurisdictions where we operate. Geographic blocking is enforced automatically through IP geolocation checks during signup and login.

Access from Restricted Regions will be blocked regardless of residency status or reason for access. We apologize for any inconvenience this may cause.

1. Information We Collect

1.1 Personal Information You Provide

We collect the following information when you register and use our Service:

Account Information

• Name: First and last name for account identification
• Email Address: For authentication, account recovery, and communications
• Password: Securely hashed and stored (we never store passwords in plain text)
• Master Password: Used only locally on your device for encryption; never transmitted or stored on our servers

Profile Information

• Profile Picture: Optional photo for account personalization
• User Preferences: Theme settings (dark/light mode), notification preferences
• Service Tier: Your selected plan (Individual or Family)

Document Metadata

• Document Names: Names you assign to your uploaded documents
• Document Categories: Visa, Personal, or Other
• Tags: User-created tags for document organization
• Expiry Dates: Optional expiration dates for documents
• Upload Dates: Timestamps of when documents were uploaded
• File Sizes: Size of uploaded documents
• Favorite Status: Whether documents are marked as favorites

1.2 Authentication Information

When you sign in using third-party services:

• Google Sign-In: We receive your name, email address, and profile picture from Google
• Apple Sign-In: We receive your name and email (or private relay email) from Apple

We use this information solely for authentication and account creation purposes.

1.3 Information We Do NOT Collect

• Document Contents: Your encrypted documents cannot be accessed by us
• Master Password: Never transmitted to or stored on our servers
• Recovery Phrase: Your 12-word recovery phrase is generated and stored only on your device
• Biometric Data: Face ID/Touch ID data remains on your device and is never transmitted
• Financial Information: We do not currently process payments (subscription system in development)

2. How We Use Your Information

2.1 Service Provision

• Authentication: Verify your identity and manage your account
• Document Management: Store your encrypted documents and associated metadata
• Feature Delivery: Enable core features like document upload, categorization, search, and preview
• Profile Management: Support multiple profiles with PIN protection (Family tier)

2.2 Communications

• Welcome Emails: Send onboarding information to new users
• Document Notifications: Email confirmations for uploads, deletions, and bulk operations
• Expiry Alerts: Notify you of documents approaching expiration (if enabled)
• Email Verification: Send verification emails for account security and email changes
• Service Updates: Inform you of important changes to the Service
• Customer Support: Respond to your inquiries and provide assistance

3. Data Security

3.1 Encryption

Client-Side Encryption: All documents are encrypted on your device using industry-standard AES-256-GCM (Galois/Counter Mode) encryption before being uploaded to our servers.

Key Derivation: Your master password is used to derive encryption keys using PBKDF2 with 100,000 iterations, providing strong protection against brute-force attacks.

Zero-Knowledge Architecture: We have no access to your master password or encryption keys. Only you can decrypt and view your documents.

3.2 Data Storage

• Firebase Authentication: User credentials managed by Google's Firebase Authentication service
• Cloud Firestore: Document metadata stored in Google Cloud Firestore with security rules
• Firebase Storage: Encrypted document files stored in Firebase Cloud Storage
• Data Centers: All data stored in secure Google Cloud Platform data centers

3.3 Your Security Responsibilities

• Master Password: Keep your master password secure and never share it
• Recovery Phrase: Store your 12-word recovery phrase securely offline
• Device Security: Use device passcodes, biometric authentication, and keep your OS updated
• Logout: Log out when using shared or public devices

4. Audit Logs and Security Monitoring

4.1 What We Log

To protect your account security and comply with industry best practices, we maintain audit logs of security-relevant events, including:

• Authentication Events: Login attempts (successful and failed), logout, signup, OAuth sign-ins (Google/Apple)
• Document Operations: Upload, download, and deletion events (metadata only - not document contents)
• Account Changes: Email changes, password changes, account deletion
• Master Password Events: Master password creation, changes, recovery attempts, vault unlock attempts (successful and failed)
• Security Events: Suspicious activity, multiple failed login attempts, geographic anomalies

4.2 Information Collected in Audit Logs

Each audit log entry may contain:

• Event Type: The specific action performed (e.g., login success, document upload)
• Timestamp: When the event occurred
• User Identifier: Your anonymized user ID (hashed email address for privacy)
• IP Address: Hashed IP address for security analysis (we cannot reverse the hash to identify you)
• Device Platform: Web, iOS, or Android
• Geographic Region: Country/region derived from IP address for fraud detection
• Success/Failure Status: Whether the action succeeded or failed
• Risk Level: Automated risk assessment (low, medium, high, critical)

4.3 Purpose of Audit Logs

We use audit logs for the following legitimate purposes:

• Security Monitoring: Detect and respond to security threats, unauthorized access attempts, and suspicious activity
• Fraud Prevention: Identify patterns indicating fraudulent behavior or account compromise
• Compliance: Meet regulatory requirements for security auditing and data protection
• Service Improvement: Analyze usage patterns to improve security features and user experience
• Incident Response: Investigate security incidents and data breaches
• Legal Requirements: Comply with law enforcement requests and legal obligations

4.4 Who Can Access Audit Logs

Access to audit logs is strictly limited:

• Authorized Administrators: Only designated PrivaVault administrators with verified identities can access audit logs through a secure admin dashboard
• No Client Access: Regular users cannot access the audit log system directly
• Automated Systems: Security automation systems analyze logs for threat detection
• Legal Requirements: Logs may be disclosed to law enforcement with valid legal process

4.5 Audit Log Retention

Retention Period: Audit logs are automatically deleted after 90 days from creation.

This 90-day retention period balances:

• Security Needs: Sufficient time to detect and investigate security incidents
• Privacy Protection: Minimizes retention of personal information
• Compliance Requirements: Meets industry standards for audit trail retention

Expired audit logs are automatically purged from our systems and cannot be recovered.

4.6 Your Rights Regarding Audit Logs

• Access: You may request a copy of your audit logs by contacting support@privavault.org
• Deletion: When you delete your account, associated audit logs remain for the 90-day retention period for security purposes, then are automatically deleted
• Opt-Out: Audit logging is mandatory for all accounts to ensure service security and cannot be disabled

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

• Google Firebase: Authentication, database (Firestore), cloud storage, and cloud functions
• Cloud Infrastructure: Google Cloud Platform for hosting and data storage
• Email Services: Custom SMTP server for transactional emails

These providers have access only to the information necessary to perform their functions and are obligated to maintain confidentiality.

6. Data Retention

6.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide you with services.

6.2 Account Deletion

When you delete your account through Profile settings:

• Immediate Deletion: Your account, user profile, and authentication credentials are permanently deleted immediately
• Document Trash Retention: Deleted documents remain in trash for 30 days before permanent deletion
• No Recovery: Account deletion is irreversible - you cannot recover your account after deletion

Due to our zero-knowledge encryption architecture, once your account is deleted, we cannot recover your encrypted documents even if the files temporarily remain in trash.

7. Your Privacy Rights

7.1 Access and Control

You have the right to:

• Access: View all personal information we have about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Objection: Object to processing of your information for certain purposes

7.2 Communication Preferences

You can control email notifications in your Profile settings.

7.3 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: support@privavault.org
• In-App: Use the "Contact Support" feature in Profile settings

We will respond to verified requests within 30 days.

8. Children's Privacy

PrivaVault is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, contact us immediately and we will promptly delete such information upon verification.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the "Last Updated" date at the top of this policy and notifying you via email or in-app notification for material changes.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Summary of Key Points