Privacy Policy

1. Who We Are

VaulTag ("we", "our", "us") operates vaultag.io — a blockchain-based product authentication platform. We are committed to protecting your personal data in compliance with the UK GDPR and EU GDPR.

Contact: hello@vaultag.io

2. Data We Collect

We collect the following categories of personal data:

• Account data: Name, email address, password (hashed)
• Certification data: Product photos, brand name, product description, proof of purchase
• Payment data: Processed securely by Stripe — we do not store card details
• Usage data: Pages visited, browser type, device type, IP address (anonymised after 30 days)
• Communications: Emails you send to us

3. How We Use Your Data

• To provide certification and authentication services
• To process payments via Stripe
• To send transactional emails (certificate delivery, receipts)
• To improve our platform and detect fraud
• To comply with legal obligations

4. Legal Basis for Processing

• Contract: Processing necessary to deliver our services
• Legitimate interests: Security, fraud prevention, platform improvement
• Consent: Marketing communications (opt-in only)
• Legal obligation: Tax and financial records

5. Data Sharing

We share data only with trusted third parties necessary to deliver our service:

• Stripe — payment processing
• Supabase — secure database hosting
• Resend — transactional email delivery
• OpenAI — AI-powered product analysis (photos processed, not stored by OpenAI)
• Cloudflare — security and bot protection
• Polygon Network — public blockchain for NFT certificates

We do not sell your personal data to third parties.

6. Data Retention

• Account data: Until account deletion request
• Certificate data: Indefinitely (blockchain records are permanent)
• Payment records: 7 years (legal requirement)
• Usage logs: 30 days

7. Your Rights

Under GDPR you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion ("right to be forgotten")
• Object to processing
• Data portability
• Withdraw consent at any time

To exercise any right, contact us at hello@vaultag.io. We will respond within 30 days.

8. Cookies

We use cookies to improve your experience. See our Cookie Policy for details.

9. Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, rate limiting, and regular security audits. However, no system is 100% secure.

10. Children

Our services are not directed at children under 16. We do not knowingly collect data from minors.

11. Changes

We may update this policy. We will notify registered users of significant changes by email.