VaultBro is a service operated by Stratonix Systems LLP (LLPIN ACT‑8303), a Limited Liability Partnership registered in India with its registered office at Shop No. 1, Tandan Building, Shivaji Marg, Hewett Road, Lucknow, Uttar Pradesh – 226018, India ("VaultBro", "we", "us", "our").
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it. It applies to www.vaultbro.com and all related applications and services (the "Service").
Last updated: June 18, 2026 Effective date: June 18, 2026
For data protection purposes, Stratonix Systems LLP is the Data Controller (under the EU/UK GDPR) and the Data Fiduciary (under India's Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025) responsible for your personal data.
If you have any questions, or wish to exercise your rights, contact us at support@vaultbro.com.
Grievance Officer (India – DPDP): Husain Kazim, reachable at support@vaultbro.com. EU / UK Representative (GDPR Art. 27): To be appointed.
We collect the following categories of personal data:
a) Account and identity data Name, email address, password (stored only as a secure hash), and authentication identifiers if you sign in with Google.
b) Document content — the core of the Service The files you upload (e.g. passports, national IDs, licences, insurance policies, leases, financial and legal documents) and everything contained in them. This will routinely include sensitive personal data / special category data, such as government identification numbers, dates of birth, photographs, and similar information.
c) Data we derive from your documents When you upload a document, our AI analysis extracts structured fields (such as names, document types, identification numbers, issue and expiry dates) and generates a numerical representation ("embedding") to power search and chat. This derived data is stored alongside the source document in your account.
d) People and relationship data If you use the People feature, the names, relationship labels (e.g. "father", "spouse"), and optional photos you add, and the links you create between people and documents.
e) Payment data Subscription, billing, and transaction records. We do not store your full card details. Card data is collected and processed directly by our payment processor; we receive only limited information such as the last four digits, card type, and transaction status.
f) Usage and technical data IP address, device and browser information, log data, error and diagnostic data, and information about how you interact with the Service.
We process your data for the purposes below. Where the GDPR applies, the legal basis is shown in bold; where DPDP applies, processing is on the basis of your consent or a legitimate use permitted under the Act.
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating and managing your account | Performance of a contract |
| Storing, encrypting, organising and retrieving your documents | Performance of a contract |
| AI extraction, semantic search, expiry monitoring and chat features | Performance of a contract; explicit consent for processing special category data |
| Processing payments and managing subscriptions | Performance of a contract |
| Sending account, security and transactional emails | Performance of a contract / Legal obligation |
| Sending the weekly newsletter and product updates | Consent (you may opt out at any time) |
| Securing the Service, preventing fraud and abuse | Legitimate interests |
| Analytics on our public/marketing pages to understand and improve the Service | Consent (EU/UK) / Legitimate interests |
| Complying with legal and regulatory obligations | Legal obligation |
Special category / sensitive data. Because your documents routinely contain sensitive personal data, we rely on your explicit consent (GDPR Art. 9) and your consent under the DPDP Act to process this data for the purpose of providing the Service. You give this consent when you choose to upload such documents. You can withdraw consent at any time by deleting the relevant documents or your account (see Section 6).
The Service uses third‑party AI models (currently Google's Gemini family) to read your documents, extract fields, generate embeddings, and answer your questions.
We do not sell your personal data, and we do not share it with third parties for their own marketing.
We share data only with sub‑processors — vetted service providers who process data on our behalf, under contract, solely to operate the Service:
| Sub‑processor | Purpose | Location |
|---|---|---|
| Supabase | Database, file storage, authentication | Singapore |
| Vercel | Application hosting and delivery | United States / global edge |
| Google (Gemini API) | AI document analysis, embeddings, chat | United States / global |
| Upstash | Background job queue and caching | Global |
| Sentry | Error and performance monitoring (with PII scrubbing) | Global |
| Google Analytics | Analytics on public/marketing pages only | United States / global |
| PostHog | Product analytics on public/marketing pages only | EU |
| Paddle | Payment and subscription processing (merchant of record) | United Kingdom / global |
A current list is maintained on our Sub‑processor page. We may also disclose data where required by law, to enforce our Terms, or to protect the rights and safety of users and the public.
We are based in India and use service providers located outside India, including in the United States. This means your personal data is transferred and stored internationally.
We apply technical and organisational measures appropriate to the sensitivity of the data, including:
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
EU/UK representative. As a controller established outside the EU/UK that offers services to individuals in those regions, we will appoint a representative under Article 27 GDPR; contact details will be published here once appointed.
Depending on where you live, you have some or all of the following rights over your personal data:
Under the GDPR (EU/UK): access; rectification; erasure ("right to be forgotten"); restriction of processing; data portability; objection to processing; and the right to withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.
Under the DPDP Act, 2023 (India): the right to access information about your data; the right to correction and erasure; the right of grievance redressal; and the right to nominate another individual to exercise your rights in the event of death or incapacity.
Under the CCPA/CPRA (California): the right to know what we collect; the right to delete; the right to correct; and the right to non‑discrimination for exercising your rights. We do not "sell" or "share" personal information as those terms are defined under California law.
Email support@vaultbro.com with your request. Many rights can be exercised directly in‑product:
We will respond within the timeframes required by applicable law (generally within 30 days). We may need to verify your identity before acting on a request.
India – grievance redressal: if you are not satisfied with how we handle your request, you may contact our Grievance Officer at support@vaultbro.com, and you may escalate to the Data Protection Board of India.
You must be at least 16 years old to use the Service. If you are located in India, you must be at least 18 years old, because India's DPDP Act treats anyone under 18 as a child whose personal data may only be processed with verifiable parental consent.
We determine the minimum age that applies to you based on the country you select when you sign up.
If we learn that we have collected data from someone below the applicable minimum age, we will delete it.
We use cookies and similar technologies to keep you signed in, remember your preferences, and operate the Service. For details, see our Cookie Policy.
If a personal data breach occurs, we will notify affected users and the relevant authorities (including the Data Protection Board of India and, where applicable, EU/UK supervisory authorities) within the timeframes required by law.
We may update this Privacy Policy from time to time. We will post the updated version here with a new "Last updated" date and, for material changes, notify you by email or in‑app.
Stratonix Systems LLP Shop No. 1, Tandan Building, Shivaji Marg, Hewett Road, Lucknow, Uttar Pradesh – 226018, India Email: support@vaultbro.com