Privacy Policy

Your privacy is our priority. This policy explains how we collect, use, and protect your information.

Last updated: June 16, 2025

Zero Knowledge

We never see your unencrypted data

End-to-End Encryption

Your data is encrypted before leaving your device

Transparency

Clear policies with no hidden practices

Information We Collect

Account Information

  • Email address (for account creation and authentication)
  • Username (optional, for personalization)
  • Password (hashed and salted, never stored in plain text)

Usage Data

  • API usage statistics (for billing and rate limiting)
  • Error logs (for debugging and service improvement)
  • Access timestamps (for security monitoring)

Encrypted Data

  • Your secrets and vault contents (encrypted client-side)
  • Vault metadata (titles, descriptions - also encrypted)
  • Access policies and expiration settings

How We Protect Your Data

Encryption

All sensitive data is encrypted using AES-256-GCM encryption before it leaves your device. We use a zero-knowledge architecture, meaning we cannot decrypt your data even if we wanted to.

Infrastructure Security

  • SOC 2 Type II certified infrastructure
  • Regular security audits and penetration testing
  • Multi-factor authentication for all team access
  • Encrypted data transmission (TLS 1.3)

Access Controls

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • Automated threat detection and response

How We Use Your Information

We use your information solely to provide and improve our services:

  • Account management and authentication
  • Service delivery and API access
  • Billing and subscription management
  • Customer support and troubleshooting
  • Security monitoring and fraud prevention
  • Service improvement and feature development

We never: Sell your data, use it for advertising, or share it with third parties except as required by law or with your explicit consent.

Data Retention and Deletion

Retention Periods

  • Account data: Retained while your account is active
  • Encrypted secrets: Retained according to your expiration settings
  • Usage logs: Retained for 90 days for security purposes
  • Billing records: Retained for 7 years as required by law

Data Deletion

You can delete your account and all associated data at any time through your account settings. Upon deletion, all your encrypted data is permanently removed from our systems within 30 days.

Your Rights

Under GDPR and other privacy laws, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing

To exercise these rights, contact us at privacy@softovault.com

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: support@softovault.com

We will respond to your inquiry within 30 days.

SoftoVault Logo SoftoVault

Secure, simple, and developer-friendly secret management. Protect your sensitive data with military-grade encryption.

SoftoVault Logo

© 2025 SoftoVault. All rights reserved.

Made with ❤️ for developers
All systems operational