Vault

Privacy Policy

Vivid Group Holdings, Inc.  ·  Effective date: April 1, 2026  ·  Last updated: April 1, 2026

Vault ("we", "our", or "us") is a private photo and video gallery app operated by Vivid Group Holdings, Inc. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using Vault, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the app.

1. Information We Collect

Information you provide directly:

• Account information — email address and password if you create an email account. You may also use the app anonymously without providing any personal information.
• Photos and videos — media you upload to your albums. These are stored securely in Google Firebase Cloud Storage and are private by default.
• Chat messages — messages you send through the in-app chat. End-to-end encrypted chats are encrypted on your device before transmission and cannot be read by us.
• Feedback — text you submit through the in-app feedback form.

Information collected automatically:

• Location data — approximate location is used to power the Nearby feature (local user discovery). Location is collected only while you use the Nearby or Spark features. You can disable location access in your device settings at any time.
• Device information — device model, operating system version, and app version, used for crash reporting and compatibility.
• Usage analytics — anonymised event data (e.g. screens viewed, features used) collected via Firebase Analytics to help us improve the app. No personally identifiable information is included in analytics events.
• Crash reports — stack traces and device state at the time of a crash, collected via Firebase Crashlytics. These help us identify and fix bugs.
• Push notification tokens — a device token used to deliver push notifications. This token is stored in your user record and deleted when you delete your account.

2. How We Use Your Information

• To operate and deliver the core features of Vault — photo storage, sharing, chat, Nearby, and Spark.
• To process subscription purchases and manage your account tier (Plus or Gold).
• To send push notifications about activity in your albums and chats.
• To detect and prevent abuse, spam, and violations of our Terms of Service.
• To respond to your feedback and support requests.
• To improve the app through anonymised analytics and crash data.
• To serve banner advertisements to free-tier users via Google AdMob.
• To comply with legal obligations.

3. Sharing of Information

We do not sell your personal data. We share information only in the following circumstances:

• With other users you choose to share with — when you share an album via QR code, deep link, or SMS, the recipient gains view access to that album. You control this at all times and can revoke access.
• With service providers — we use the following third-party services to operate Vault:
  • Google Firebase (Authentication, Firestore, Cloud Storage, Cloud Functions, Remote Config, Analytics, Crashlytics, Cloud Messaging) — Firebase Privacy
  • RevenueCat — subscription management — RevenueCat Privacy
  • Google AdMob — banner advertising for free-tier users — Google Privacy
  • Apple App Store / Google Play — in-app purchase processing
• For legal compliance — we may disclose information when required by law, court order, or to protect the rights and safety of our users or the public.
• Child safety — content identified as child sexual abuse material (CSAM) is reported to the National Center for Missing & Exploited Children (NCMEC) as required by law.

4. Data Storage and Security

Your data is stored on Google Cloud infrastructure in the United States (us-central1 region). We use Firebase Security Rules to ensure that your albums and media are only accessible to you and users you explicitly share with.

Chat messages with end-to-end encryption enabled are encrypted on your device using RSA-2048 key exchange and AES-256-CBC. We cannot read the content of these messages.

While we take reasonable technical and organisational measures to protect your data, no system is completely secure. We encourage you to use a strong password and keep your device secure.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account through the in-app account deletion feature, we permanently delete:

• Your user profile and all account data from Firestore
• All media you have uploaded from Cloud Storage
• Your Firebase Authentication record
• Your push notification token

Some data may be retained in anonymised or aggregated form for analytics purposes. Crash reports may be retained for up to 90 days.

6. Your Rights

Depending on your location, you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate data.
• Deletion — delete your account and all associated data at any time using the in-app account deletion feature (Settings → Account → Delete Account), or by contacting us.
• Portability — request a copy of your data in a machine-readable format.
• Objection — object to certain types of processing, including direct marketing.
• Opt out of analytics — disable Firebase Analytics collection in your device's privacy settings or by contacting us.

To exercise any of these rights, contact us at privacy@the-vault-app.com. We will respond within 30 days.

7. Children's Privacy

Vault requires users to be at least 18 years of age. We do not knowingly collect personal information from children under 18. If you believe a child under 18 has provided us with personal information, please contact us immediately and we will delete it.

8. Location Data

Location access is used exclusively to power the Nearby and Spark features. We do not sell location data to third parties. Location data is processed to find other nearby users; precise coordinates are not stored permanently. You can revoke location permission at any time in your device settings, which will disable the Nearby and Spark features.

9. Advertising

Free-tier users may see banner advertisements served by Google AdMob. AdMob may use your advertising ID and other device information to serve personalised ads. You can opt out of personalised advertising in your device settings (iOS: Settings → Privacy → Tracking; Android: Settings → Google → Ads). Vault Plus and Vault Gold subscribers do not see ads.

10. International Transfers

Your data is processed and stored in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States, which may have different data protection laws than your country. By using Vault, you consent to this transfer.

11. California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. To exercise your rights, contact us at privacy@the-vault-app.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending a push notification or in-app notice. Continued use of Vault after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or your data, please contact:

Vivid Group Holdings, Inc.
Email: privacy@the-vault-app.com
Website: the-vault-app.com