Legal

Privacy Policy

Last updated: May 2026 · Applies to all VaultNova services

1. Introduction

VaultNova ("we", "our", "the platform") is committed to protecting the privacy of our users. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have regarding your data.

2. Information We Collect

We collect the following categories of information:
  • Identity data: first name, last name, email address, and KYC documents where applicable.
  • Authentication data: password hash (never stored in plaintext), TOTP secret (encrypted at rest), WebAuthn credential identifiers.
  • Financial data: deposit amounts, asset types, wallet addresses (encrypted), yield history, and withdrawal requests.
  • Usage data: IP addresses, browser/device user-agent strings, sign-in timestamps, and page interaction data.
  • Communications: messages sent via our contact form or support channels.

3. How We Use Your Data

Your personal information is used exclusively to:
  • Create and secure your account, including authentication and fraud prevention.
  • Process deposits, calculate and credit yield, and fulfil withdrawal requests.
  • Comply with applicable anti-money laundering (AML) and Know Your Customer (KYC) obligations.
  • Send transactional communications (email verification, security alerts, yield notifications).
  • Maintain our append-only audit log for security and regulatory compliance.
  • Improve platform performance and resolve technical issues.

4. Data Storage and Security

All data is stored on MongoDB Atlas with encryption at rest and TLS 1.3 in transit. Sensitive fields — including wallet addresses, TOTP secrets, and balance data — are encrypted at the application layer using client-side field-level encryption (CSFLE). Access to production databases is restricted to authorised infrastructure with IP whitelisting enforced.

5. Data Retention

Account data is retained for the lifetime of your account plus any legally mandated retention period thereafter (typically five to seven years for financial records). Audit logs are retained indefinitely. Inactive accounts may be reviewed after 24 months of no activity.

6. Sharing of Data

We do not sell, rent, or trade your personal data. Data may be shared only in the following limited circumstances: with identity verification and KYC providers for mandatory compliance checks; with payment and custody infrastructure providers under strict data processing agreements; or when required by law, court order, or regulatory authority.

7. Cookies and Tracking

VaultNova uses strictly necessary cookies for authentication session management (httpOnly, Secure, SameSite=Strict). We do not use third-party advertising cookies. Analytics, if used, are privacy-preserving and aggregated.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, rectify, or delete personal data we hold about you; to restrict or object to certain processing; and to data portability. To exercise these rights, contact privacy@vaultnova.io. We will respond within 30 days.

9. International Transfers

Your data may be processed in countries outside your own. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where required by applicable data protection law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

Privacy enquiries

Data protection officer: privacy@vaultnova.io

General support: support@vaultnova.io

Terms of Service →Contact Us