Introduction

Welcome to Vaultric ("we", "our", "us"). We are a UK-based personal finance tracking application that helps users understand and manage their money. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

This policy covers all data we collect through the Vaultric website, web application, and mobile applications. It applies to all users regardless of location, though we specifically comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy, you can contact our Data Protection Officer at dpo@vaultric.com.

🛡️ We never sell your data. Your financial information is yours and yours alone.

Information We Collect

Account Information

  • Email address — used for authentication and communication
  • Name (optional) — for personalising your experience
  • Password — encrypted and hashed; we never see or store plaintext passwords
  • Profile photo (optional) — for your account profile

Financial Data You Provide

When you use Vaultric, you choose to enter the following information:

  • Transaction records (income and expenses)
  • Account balances and starting cash
  • Budget settings and limits
  • Investment holdings (stocks, ETFs, pensions)
  • Loan and debt information
  • Savings goals and emergency fund targets
  • Recurring payment schedules

All financial data is manually entered by you. We do not connect to your bank accounts or automatically pull financial data.

Automatically Collected Data

  • Device information — device type, operating system, browser type
  • IP address — for security and approximate location
  • Usage analytics — which features you use and how often (anonymised)
  • Error logs — to help us fix bugs and improve reliability
  • Session data — to keep you logged in securely

What We Do NOT Collect

  • 🚫 Bank login credentials — we never ask for these
  • 🚫 Card numbers or CVVs — payments are handled securely by Stripe
  • 🚫 National Insurance or Social Security numbers
  • 🚫 Biometric data

How We Use Your Information

To Provide Core Services

  • Transaction tracking and categorisation
  • Budget calculations and alerts
  • Cash runway and financial forecast projections
  • Investment portfolio tracking and performance
  • Pension contribution calculations (including tax relief)
  • Multi-currency conversion

To Improve Our Service

  • Bug fixing and error resolution
  • Feature development based on usage patterns
  • Performance optimisation
  • Anonymised usage analytics

To Communicate With You

  • Service updates — important changes to how Vaultric works
  • Security alerts — if we detect unusual activity on your account
  • Marketing — only with your explicit opt-in consent; you can unsubscribe anytime

Legal Obligations

  • Fraud prevention and detection
  • Compliance with UK law and regulations
  • Responding to law enforcement requests (only with a valid warrant or court order)

Data Storage & Security

Where Your Data Is Stored

  • Supabase (cloud database & authentication) — your financial data and login credentials, stored on EU/UK servers
  • Stripe (payment processing, if subscribed) — PCI DSS Level 1 compliant

Security Measures

  • 🔐 256-bit AES encryption for data at rest
  • 🔒 TLS 1.3 encryption for all data in transit
  • 🔍 Regular security audits of our infrastructure
  • 👥 Strict access controls — only authorised personnel can access systems
  • 💾 Automated encrypted backups with geographic redundancy
  • 🔑 Multi-factor authentication available for your account

Data Retention

  • Active accounts: Your data is kept for as long as your account exists
  • Deleted accounts: All personal data is deleted within 30 days of account closure
  • Backups: Retained for 90 days after deletion, then permanently destroyed
  • Transaction data: You can export all your data at any time before deletion

Data Sharing & Third Parties

Service Providers We Use

We work with a small number of trusted service providers to deliver Vaultric:

  • Supabase — database hosting, authentication, and real-time data
  • Stripe — payment processing (only if you subscribe to a paid plan)
  • Vercel — application hosting and deployment

Each provider is bound by data processing agreements and must comply with UK GDPR.

What We Do NOT Do With Your Data

  • ✅ We do not sell your data to advertisers
  • ✅ We do not share data with marketing companies
  • ✅ We do not use your data for targeted advertising
  • ✅ We do not share data with credit bureaus

When We Must Share Data

In rare circumstances, we may be required to share data:

  • Legal obligations: Court orders or valid warrants from law enforcement
  • Fraud prevention: Anonymised data only, to protect our users
  • Business transfer: If Vaultric is acquired, you will be notified in advance and given the option to delete your account

Your Rights (UK GDPR)

Under the UK General Data Protection Regulation, you have the following rights:

  • Right to access: Request a complete copy of all data we hold about you
  • Right to rectification: Correct any inaccurate or incomplete data
  • Right to erasure: Delete your account and all associated data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Export your data in CSV format
  • Right to object: Opt out of marketing communications
  • Right to withdraw consent: Withdraw consent for data processing at any time

How to Exercise Your Rights

  • In the app: Settings → Privacy → Download Data / Delete Account
  • By email: privacy@vaultric.com
  • Response time: We will respond within 30 days, as required by law

Cookies & Tracking

Essential Cookies

These are required for Vaultric to function and cannot be disabled:

  • Authentication cookies — keep you logged in securely
  • Session management — maintain your active session
  • Security tokens — protect against cross-site request forgery

Analytics Cookies (Optional)

With your consent, we may use analytics cookies to:

  • Understand usage statistics
  • Monitor performance
  • Identify and fix issues

You can enable or disable analytics cookies in your account Settings.

We do not use advertising cookies.

For more details, please see our Cookie Policy. Cookie Policy

Children's Privacy

Vaultric is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we discover that we have inadvertently collected data from a minor, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@vaultric.com.

International Transfers

Your data is primarily stored on servers located within the EU and UK. If any data is transferred outside these regions, we ensure it is protected by:

  • Transferring only to countries recognised as having adequate data protection
  • Using Standard Contractual Clauses (SCCs) approved by the UK ICO
  • Implementing additional technical safeguards where necessary

Your data receives the same level of protection regardless of where it is processed.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • You will be notified by email
  • An in-app banner will highlight the update
  • Major changes will have a 30-day notice period before taking effect

Continued use of Vaultric after changes take effect constitutes acceptance of the updated policy.

Contact Us

  • Data Protection Officer: dpo@vaultric.com
  • Privacy inquiries: privacy@vaultric.com
  • General support: support@vaultric.com
  • Address: Vaultric Ltd, United Kingdom

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).