Privacy Policy

1. Overview

Vaulta is a privacy-first personal vault and money tracker. Your data is designed to stay on your device by default. This Privacy Policy explains what data Vaulta processes and how it is handled, including the Penny Flow money-tracking feature.

2. Data Stored On Device

Vaulta stores vault items, notes, attachment references, your Penny Flow financial entries, and app preferences locally on your device. Local data is encrypted.

Security credentials such as PIN hash/salt and encryption key material are stored using secure device storage mechanisms.

3. Penny Flow Money Tracking

Vaulta includes Penny Flow, a personal money tracker. Income, expenses, transfers, credit-card activity, recurring items (such as EMIs and subscriptions), locked savings (DPS), and the balances and summaries derived from them are entered by you and stored locally on your device, encrypted at rest. Bank accounts and cards used as fund sources are kept as Vault items.

Penny Flow does not connect to banks, cards, or payment networks, and does not import, sync, or read transactions from any financial institution. Your financial data never leaves your device except inside encrypted backups you choose to create.

4. Backups and Sync (Optional)

Google Drive backup/sync is currently in development and coming soon. When enabled, Vaulta can save encrypted vault and Penny Flow backup data to your own Google Drive AppData folder through your Google account.

Vaulta does not operate a central server for hosting your vault content.

5. Local Export Security (.vaulta)

Local backup export creates a Vaulta backup file with a custom .vaulta extension. Backup payload data is encrypted, including exported attachment content and your Penny Flow records.

Renaming the file to another extension (for example .zip) does not expose readable raw vault content.

6. Authentication and Security Features

Vaulta may use PIN and optional biometrics (Face ID / fingerprint) for local app unlock. Biometric templates remain managed by the operating system and are not accessible by Vaulta.

7. Third-Party Services

Depending on enabled features, Vaulta may use third-party services such as Google Sign-In/Drive APIs and RevenueCat (subscriptions). Premium plans are also in development and coming soon.

Those services process data according to their own privacy terms.

8. Permissions

Vaulta may request permissions like camera, photo library, notifications, and biometrics strictly to support related app features.

9. Your Controls

You can edit or delete your vault items and Penny Flow records, disable optional features, remove app lock, sign out of backup providers, and uninstall Vaulta at any time.