Privacy Policy

This Privacy Policy describes how Vaultex ("we", "us", "our") handles information in connection with the Vaultex website (vaultex.space) and associated services. Vaultex is built around a core principle: we process as little personal data as possible, and we never collect the sensitive financial data that flows through the self-hosted gateway.

If you deploy the Vaultex open-source gateway on your own infrastructure (the Starter / self-hosted tier), Vaultex collects zero data from your deployment. All tokenization, PII detection, audit logs, session data, and Redis vault contents remain entirely within your network. We have no access to, and do not receive, any prompt data, customer PII, or vault contents from self-hosted deployments.

When you visit vaultex.space, standard web server logs may capture your IP address, browser type, referring URL, and pages visited. This information is used solely for security monitoring and aggregate analytics. We do not use tracking cookies or third-party analytics scripts that profile individual visitors.

If you submit your email address via the waitlist form, we collect: • Email address (required) • Company name (optional) • Role (optional) This information is used only to notify you when the Professional tier launches. We will not sell, share, or rent your contact information to third parties. You may request deletion of your waitlist entry at any time by emailing hello@vaultex.space.

If you use a managed or hosted Vaultex tier (Professional or Enterprise), a separate Data Processing Agreement (DPA) governs the handling of any data processed through your deployment. Please contact hello@vaultex.space to request a DPA. In hosted tiers, we process tokenized prompts on your behalf as a data processor. Raw PII never travels to our servers — it is tokenized before leaving your network boundary.

Waitlist email addresses are retained until you request deletion or the waitlist programme ends. Website server logs are retained for up to 30 days for security purposes and then automatically purged. We do not retain any prompt data, customer PII, or AI responses from self-hosted gateways.

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data. To exercise any of these rights, contact us at hello@vaultex.space. We will respond within 30 days. For EU/EEA residents, you may also lodge a complaint with your local supervisory authority.

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, or loss. Waitlist data is transmitted over TLS and stored with access controls.

We may update this Privacy Policy from time to time. Changes will be posted at vaultex.space/privacy with an updated "Last Updated" date. For material changes, we will make reasonable efforts to notify you.

For privacy-related questions or requests, contact us at: hello@vaultex.space