1. INTRODUCTION
Vaulto AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered cryptocurrency investment assistant platform and related services (collectively, the "Service").
This Privacy Policy applies to all users of our Service, whether you access it through our website, mobile applications, or other platforms. By using our Service, you consent to the data practices described in this policy.
Key Privacy Principles
We operate on the principles of transparency, user control, and data minimization. We collect only the information necessary to provide our Service and improve your experience.
2.1 Personal Information
We may collect personal information that you provide directly to us, including:
- Account Information: Email address, username, and password (if you choose to create an account)
- Contact Information: Email address for support and communication
- Communication Preferences: Your preferences for receiving notifications and updates
- Subscription Information: Payment details, billing address, and subscription preferences
2.2 Wallet and Blockchain Data
When you connect cryptocurrency wallets to our Service, we collect:
- Public Wallet Addresses: Cryptocurrency wallet addresses you choose to connect
- Transaction Data: Public blockchain transaction information associated with your wallets
- Portfolio Information: Holdings, balances, and transaction history (view-only access)
- Network Information: Blockchain networks you interact with (Ethereum, Polygon, Arbitrum, Base, Solana)
Important: Non-Custodial Service
We never have access to your private keys, seed phrases, or the ability to move your funds. We only read public blockchain data that is already visible on the blockchain.
2.3 Usage and Analytics Data
We automatically collect certain information when you use our Service:
- Search Queries: Your search terms and AI interactions to improve our Service
- Feature Usage: Which features you use most frequently
- Session Data: Time spent on the platform, pages visited, and user journey
- Performance Data: Response times, error logs, and system performance metrics
2.4 Device and Technical Information
We collect technical information about your device and usage:
- Device Information: IP address, browser type, operating system, device type
- Location Data: General geographic location based on IP address (country/region level)
- Browser Data: Browser version, language settings, and screen resolution
- Network Information: Internet service provider and connection type
2.5 Cookies and Local Storage
We use various tracking technologies:
- Essential Cookies: Required for basic Service functionality
- Analytics Cookies: Google Analytics and other analytics tools
- Preference Cookies: Remember your settings and preferences
- Local Storage: Store temporary data and user preferences
3. HOW WE USE YOUR INFORMATION
3.1 Service Provision
We use your information to:
- Provide and maintain the Service
- Process transactions and manage wallet connections
- Deliver AI-powered search results and analysis
- Provide real-time market data and cryptocurrency information
- Enable DeFi analysis and yield farming opportunities
- Support voice queries and interactive features
3.2 Service Improvement
We use collected data to:
- Analyze usage patterns and improve functionality
- Develop new features and enhance existing ones
- Optimize AI responses and search accuracy
- Improve user interface and user experience
- Conduct research and development
3.3 Communication
We may use your information to:
- Send important service updates and notifications
- Provide customer support and respond to inquiries
- Send marketing communications (with your consent)
- Notify you of changes to our policies or terms
3.4 Security and Compliance
We use your information to:
- Ensure security and prevent fraud
- Comply with legal obligations
- Enforce our Terms of Service
- Protect our rights and the rights of our users
4.1 We Do Not Sell Personal Information
We do not sell, trade, or rent your personal information to third parties for monetary consideration.
4.2 Sharing with Your Consent
We may share your information with your explicit consent for specific purposes.
4.3 Service Providers
We may share information with trusted service providers who assist in operating our Service:
- Cloud Infrastructure: Hosting and data storage providers
- Analytics Services: Google Analytics and other analytics providers
- Payment Processors: Payment processing and billing services
- AI Service Providers: Perplexity AI (primary search provider), and other AI service providers
- Customer Support: Support ticket and communication platforms
4.4 Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal processes or government requests
- Protect our rights and property
- Prevent fraud or illegal activities
- Protect the safety of our users and the public
4.5 Business Transfers
In connection with a merger, acquisition, or sale of assets, we may transfer your information to the acquiring entity.
5. BLOCKCHAIN DATA
Public Nature of Blockchain Data
Blockchain transactions are inherently public and transparent. When you connect a wallet to our Service, we access the same public information that anyone can view on blockchain explorers.
5.1 Public Blockchain Information
We access and process:
- Transaction History: Public transaction records from blockchain networks
- Wallet Balances: Current cryptocurrency holdings (publicly visible)
- Smart Contract Interactions: DeFi protocol interactions and yield farming activities
- Network Activity: Gas fees, transaction confirmations, and network status
5.2 Data Aggregation
We may aggregate blockchain data to:
- Provide portfolio analytics and insights
- Calculate performance metrics and returns
- Identify DeFi opportunities and yield farming options
- Generate market intelligence and trends
5.3 Privacy Considerations
While blockchain data is public, we:
- Do not associate blockchain data with personal identifiers unless you choose to connect a wallet
- Allow you to disconnect wallets and remove associated data
- Provide options to limit data collection and processing
- Implement data minimization practices
6. AI TRAINING DATA
6.1 Query Processing
When you submit queries to our AI services:
- Query Content: Your search terms and questions are processed by AI services
- Response Generation: AI services generate responses based on your queries
- Context Building: Previous queries may be used to provide contextual responses
6.2 Third-Party AI Services
We use third-party AI services that may have their own data practices:
- Perplexity AI: Search queries are processed according to Perplexity's terms (primary search provider)
- Model Training: Third-party AI providers may use queries for model improvement
6.3 Data Minimization
We implement practices to minimize data exposure:
- Remove personally identifiable information before sending queries to AI services
- Use anonymized identifiers for query tracking
- Implement query caching to reduce redundant API calls
- Provide options to opt-out of query logging
7. CALIFORNIA CONSUMER RIGHTS (CCPA)
California Consumer Privacy Act
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) regarding your personal information.
7.1 Your Rights
1
Right to Know
Request information about the personal information we collect, use, and share
2
Right to Delete
Request deletion of your personal information
3
Right to Opt-Out
Opt-out of the sale or sharing of your personal information
4
Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights
7.2 Exercising Your Rights
To exercise your California privacy rights:
- Email: Send a request to support@vaulto.ai
- Subject Line: Include "CCPA Privacy Request" in the subject
- Verification: We may require verification of your identity
- Response Time: We will respond within 45 days
7.3 Authorized Agent
You may designate an authorized agent to submit privacy requests on your behalf. The agent must provide:
- Written authorization signed by you
- Proof of the agent's identity
- Verification of your identity
7.4 Categories of Personal Information
Under CCPA, we collect the following categories of personal information:
- Identifiers: Email address, IP address, device identifiers
- Commercial Information: Purchase history, subscription details
- Internet Activity: Browsing history, search queries, interactions
- Geolocation Data: General location based on IP address
- Audio/Visual Data: Voice queries (if you use voice features)
8. DATA SECURITY
8.1 Security Measures
We implement appropriate technical and organizational measures to protect your information:
- Encryption: Data encrypted in transit and at rest
- Access Controls: Limited access to personal information on a need-to-know basis
- Regular Audits: Security assessments and vulnerability testing
- Employee Training: Privacy and security training for all staff
- Incident Response: Procedures for handling security incidents
8.2 Security Limitations
While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
8.3 Your Role in Security
You can help protect your information by:
- Using strong, unique passwords
- Enabling two-factor authentication when available
- Keeping your devices and software updated
- Being cautious about phishing attempts
- Regularly reviewing your account activity
9. COOKIES AND TRACKING
9.1 Types of Cookies
We use different types of cookies and tracking technologies:
- Essential Cookies: Required for basic Service functionality
- Analytics Cookies: Help us understand how users interact with our Service
- Preference Cookies: Remember your settings and preferences
- Marketing Cookies: Used for targeted advertising (with consent)
9.2 Cookie Management
You can control cookies through:
- Browser Settings: Most browsers allow you to block or delete cookies
- Cookie Consent: Use our cookie consent manager to control preferences
- Opt-Out Tools: Use industry opt-out tools for advertising cookies
9.3 Local Storage
We also use local storage technologies to:
- Store user preferences and settings
- Cache data for improved performance
- Remember login sessions
- Store temporary search history
10. DATA RETENTION
10.1 Retention Schedule
We retain your information for different periods depending on the type of data:
- Account Information: Until account deletion or 3 years of inactivity
- Usage Data: Up to 2 years for analytics and service improvement
- Search Queries: Up to 1 year (anonymized after 30 days)
- Blockchain Data: Cached for up to 24 hours, then refreshed from blockchain
- Support Communications: Up to 3 years for customer service purposes
10.2 Deletion Rights
You have the right to request deletion of your personal information. We will delete your information unless:
- We need it to provide the Service
- We are required to retain it by law
- We need it for legitimate business purposes
- It is necessary for security or fraud prevention
10.3 Data Minimization
We implement data minimization practices by:
- Collecting only necessary information
- Anonymizing data when possible
- Regularly reviewing and purging old data
- Using aggregated data instead of individual data when feasible
11. ANALYTICS AND TRACKING
11.1 Google Analytics
We use Google Analytics to understand how users interact with our Service:
- Page Views: Which pages users visit and how long they stay
- User Behavior: How users navigate through our Service
- Device Information: Browser type, operating system, device type
- Geographic Data: General location based on IP address
11.2 Analytics Configuration
Our Google Analytics is configured to:
- Anonymize IP addresses
- Disable advertising features
- Respect Do Not Track signals
- Use data retention periods of 26 months
11.3 Opt-Out Options
You can opt-out of Google Analytics by:
- Installing the Google Analytics Opt-out Browser Add-on
- Using our cookie consent manager
- Adjusting your browser's privacy settings
12. INTERNATIONAL DATA TRANSFERS
12.1 Data Processing Locations
Your information may be transferred to and processed in countries other than your own, including:
- United States: Primary data processing location
- European Union: Some third-party services may process data in the EU
- Other Countries: Third-party service providers may be located globally
12.2 Safeguards
We ensure appropriate safeguards are in place for international transfers:
- Standard Contractual Clauses: EU-approved data transfer mechanisms
- Adequacy Decisions: Transfers to countries with adequate data protection
- Certification Programs: Third-party certifications for data protection
- Technical Safeguards: Encryption and access controls
13. CHILDREN'S PRIVACY
Age Restrictions
Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.
13.1 Age Verification
If we become aware that we have collected personal information from a child under 13, we will:
- Immediately delete the information
- Notify the child's parent or guardian
- Take steps to prevent future collection
13.2 Parental Rights
If you are a parent or guardian and believe your child has provided personal information to us, please contact us at support@vaulto.ai.
14. DO NOT TRACK SIGNALS
14.1 DNT Support
We respect Do Not Track (DNT) signals from your browser. When DNT is enabled:
- We will not track your browsing activity
- We will not use tracking cookies for analytics
- We will still use essential cookies for Service functionality
14.2 Browser Settings
You can enable DNT in most browsers:
- Chrome: Settings > Privacy and Security > Do Not Track
- Firefox: Settings > Privacy & Security > Tracking Protection
- Safari: Preferences > Privacy > Prevent cross-site tracking
- Edge: Settings > Privacy, search, and services > Tracking prevention
15. DATA BREACH NOTIFICATION
15.1 Breach Response
In the event of a data breach, we will:
- Investigate and contain the breach immediately
- Assess the scope and impact of the breach
- Notify affected users within 72 hours (where required by law)
- Report to relevant authorities as required
- Implement additional security measures
15.2 Notification Process
We will notify you of a data breach by:
- Email: Primary notification method
- Website Notice: Prominent notice on our website
- Service Notification: In-app notification if applicable
15.3 Information Provided
Breach notifications will include:
- Description of the breach and data involved
- Steps we are taking to address the breach
- Actions you should take to protect yourself
- Contact information for questions
16. CHANGES TO THIS POLICY
16.1 Policy Updates
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy on our website
- Sending email notifications to registered users
- Displaying prominent notices in the Service
- Updating the "Last Updated" date
16.2 Your Consent
Your continued use of the Service after changes to this Privacy Policy constitutes acceptance of the updated policy.
16.3 Version History
We maintain a version history of this Privacy Policy. Previous versions are available upon request.
