Privacy Policy — SPAI Vault
Last updated: March 2026
Effective date: March 2026
Version: 1.0
1. Introduction and Scope
This Privacy Policy (“Policy”) describes how SPAI Vault (“App,” “we,” “us,” or “our”) handles information in connection with the SPAI Vault mobile application for iOS.
Summary: We do not collect, sell, or share your personal data. Document data and app data remain on your device unless you choose to share them. We do not operate servers that store your documents or personal information.
Worldwide availability: The App is available for download and use worldwide. This Policy is intended to apply globally. We do not restrict use by country or region. Where your country or region provides specific data protection rights or requirements, we respect applicable law in your jurisdiction.
This Policy applies to the App and to any related website or support page we operate that links to this Policy. It does not apply to third-party services (including Apple Inc.), which have their own privacy policies.
2. Definitions
- “App” means the SPAI Vault iOS application and any updates.
- “Document data” means images and metadata (e.g., document type, name, number, expiry date) you add to the App.
- “Personal data” (or “personal information”) means information that identifies or could reasonably identify you.
- “Device” means the iOS device on which you install and use the App.
- “You” (or “your”) means the individual using the App.
For purposes of applicable data protection laws, to the extent any processing of personal data occurs, the data controller is the developer/operator of SPAI Vault. You may contact us with privacy-related questions or requests using the support or contact method provided in the App or on the App’s official website or project page (e.g., GitHub). We will respond to verifiable requests in accordance with applicable law.
We do not:
- Collect your name, email address, telephone number, or other contact information.
- Collect the contents of your documents, photos, or any data you store in the App.
- Use analytics, advertising, or tracking SDKs that collect usage or device data.
- Operate servers that receive or store your documents or vault data.
- Sell or rent personal information (we have no personal information to sell).
- Use your data for advertising or marketing.
The following information is stored only on your Device (and, if you enable device backup, may be included in your iCloud or other backup in accordance with Apple’s and your backup settings). We do not have access to this data after it is stored on your Device.
5.1 Document and Vault Data
- Document images and metadata that you add (e.g., type, name, document number, expiry date) are stored locally.
- Encryption: Document data is encrypted on the Device using keys stored in the iOS Keychain. The App uses industry-standard encryption (e.g., CryptoKit) to protect vault contents. We do not have access to your encryption keys or decrypted content.
5.2 Profile and Preference Data
- Profiles: Profile names and avatar choices (e.g., for family members) are stored locally.
- Preferences: Settings such as theme (e.g., light/dark), onboarding completion, and custom reminder dates and notification schedule preferences are stored locally (e.g., using iOS UserDefaults).
- In-app purchase state: If you make optional in-app purchases (e.g., tips), Apple processes the transaction. We do not receive or store payment details. We may receive from Apple only the information necessary to reflect purchase state in the App (e.g., that a tip was completed). Any record of purchased items may be stored locally on your Device so the App can show the correct state.
5.3 Biometric and Security Data
- Biometrics: The App uses Face ID or Touch ID to unlock access. Biometric data is processed solely by the device operating system (iOS). We do not receive, store, or transmit your biometric data.
- Keychain: Encryption keys for your vault are stored in the iOS Keychain with access restricted to when the Device is unlocked (e.g.,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly), in line with Apple’s security guidelines.
6. Local Notifications
The App may schedule local notifications (e.g., document expiry reminders) on your Device. These are created and stored only on your Device and are not transmitted to or processed by our servers.
7. When Data May Leave Your Device
Your data may leave your Device only in the following circumstances:
- Your choice to share: If you use the App’s share or export features, the data you select is shared with the destination you choose (e.g., another app or contact). We do not control or receive that data after you share it.
- Apple services: Use of the App is subject to Apple’s terms and privacy policy. For example:
- iCloud Backup: If you back up your Device (including the App) to iCloud, Apple may store that backup in accordance with its policies.
- App Store and in-app purchases: Downloads and in-app purchases are processed by Apple; Apple’s privacy policy applies to that processing.
- Legal process: We may be required to disclose information in response to a valid legal process (e.g., subpoena, court order, or binding government request). Because we do not collect or hold your document data on our systems, we would only be able to respond to the extent we possess relevant information (which, for this local-only App, typically does not include your vault content).
8. Legal Bases (EEA/UK and Similar Laws)
If you are in the European Economic Area, United Kingdom, or any other jurisdiction that requires a legal basis for processing personal data:
- We do not collect or process your personal data on our servers. The data described in Section 5 is stored and processed on your Device by the App. We do not have access to it.
- To the extent any processing could be attributed to us (e.g., design of the App), we rely on: (a) your consent where required by law, (b) performance of our contract with you (provision of the App), and (c) our legitimate interests in providing and securing the App, where applicable and not overridden by your rights. We comply with applicable data protection laws in the country or region where you use the App.
9. Your Rights (Worldwide)
Depending on where you are located, you may have rights under local data protection laws (e.g., in the European Economic Area, United Kingdom, California, Brazil, India, or other countries). We honor applicable law in your jurisdiction. In general:
- Access, correction, deletion: Because we do not collect or store your data on our systems, we do not maintain a central database of your information. You can access, correct, or delete your data by using the App (e.g., editing or deleting documents and profiles) or by uninstalling the App. Uninstalling will remove app data from your Device subject to your backup settings.
- Portability: Data is stored on your Device in formats controlled by the App; you may use the App’s share or export features to obtain copies.
- Objection / restriction / withdraw consent: You may stop using the App and uninstall it at any time. You may disable notifications in iOS Settings and disable biometrics for the App in iOS Settings.
- No sale: We do not sell personal information. We do not have personal information to sell.
- Regional laws: For example, in California (CCPA), we do not sell or share personal information as defined there. In the EEA/UK (GDPR/UK GDPR), we do not process your personal data on our systems as described in this Policy. Where your country provides additional rights (e.g., right to lodge a complaint with a supervisory authority), those rights apply as set out in local law.
We will respond to verifiable requests in accordance with applicable law in your jurisdiction. Contact us using the method provided in the App or on our website/project page.
10. Children’s Privacy
The App is not directed to minors. We do not knowingly collect personal information from children. The minimum age to use the App may vary by country (e.g., 13 in some jurisdictions, or higher where required by local law). You represent that you meet the minimum age requirement in your country of residence. If you believe a child has provided information through the App, please contact us. Because we do not maintain a central database of user data, removal is effected by deleting the data from the child’s device (e.g., by a parent or guardian deleting the App or the relevant content).
11. Data Retention
We do not retain your document or vault data on our systems. Data stored on your Device remains until you delete it within the App or uninstall the App. Backup copies may persist according to your Device and backup settings (e.g., iCloud), which we do not control.
12. Data Security
- Document and vault data are encrypted on the Device.
- Access to the vault can be protected by biometric authentication (Face ID or Touch ID) when enabled.
- Encryption keys are stored in the iOS Keychain with strong access controls.
- We do not transmit your documents or vault contents to our servers.
You are responsible for securing your Device and Apple ID (e.g., device passcode, not sharing device access).
13. International Transfers and Global Use
We do not collect or transfer your personal data to our servers or to third parties. Data you store in the App remains on your Device (and in backups you configure). Any transfer of that data (e.g., via iCloud backup) is governed by Apple’s policies and your choices. The App is offered worldwide; we do not restrict availability by country or region. If you use the App from outside your country of residence, you are responsible for compliance with the laws of the place where you use it.
14. Changes to This Policy
We may update this Policy from time to time. The “Last updated” and “Effective date” at the top will be revised when we do. For material changes, we will provide notice by updating the Policy on our website or in the App, and we may provide additional notice (e.g., in-app or by email if we have a way to contact you). Your continued use of the App after the effective date of changes constitutes your acceptance of the updated Policy. If you do not agree, you must stop using the App and uninstall it.
For privacy-related questions, requests, or complaints, contact us through the support or contact channel provided in the App or on the SPAI Vault official website or project page (e.g., GitHub repository). We will respond in accordance with applicable law.
© 2026 SPAI Vault. All rights reserved.