LEGAL

PRIVACY POLICY

Effective Date: April 11, 2026  ·  Last Updated: April 11, 2026

VaultMint · A Product of RWC Development · sales@vaultmint.net · vaultmint.net

1. Introduction

Welcome to VaultMint. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Platform").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, and password when you register
• Profile information: profile picture and display preferences
• Delivery addresses: shipping address for physical collectible orders
• Payment information: processed securely by Stripe — we never store your card details
• Communications: messages you send us via support channels

2.2 Information Collected Automatically

• Device identifiers and FCM push notification tokens
• App usage data, session logs, and feature interaction data
• IP address and general location (country/region level)
• QR code scan events tied to your owned items

2.3 Information from Third Parties

• Google Sign-In: name, email, and Google UID when you authenticate via Google
• Apple Sign-In: name and Apple identity token when you authenticate via Apple
• Stripe: payment confirmation metadata including transaction identifiers
• Firebase: push notification delivery status

3. How We Use Your Information

We use the information we collect to:

• Create and manage your VaultMint account
• Process purchases and manage order fulfilment
• Assign physical item minting to registered jewellers
• Send push notifications about your orders (minting updates, shipping, activation)
• Enable QR code scanning and item activation
• Facilitate ownership transfers between users
• Generate and display authenticity certificates and provenance records
• Provide customer support and respond to enquiries
• Detect, prevent, and address fraud or security issues
• Comply with legal obligations

4. Sharing Your Information

We do not sell your personal data. We share information only in the following circumstances:

• Jewellers: assigned jewellers receive your order details (item information, order ID) necessary to manufacture and ship your physical item. They do not receive your email address or payment details.
• Stripe: payment processing. Subject to Stripe's Privacy Policy.
• Firebase (Google): push notification delivery and authentication services.
• Public provenance: when any person scans a VaultMint QR code, they can see the item name, status, and current owner's display name only. Email addresses and private identifiers are never exposed publicly.
• Legal requirements: if required by law, court order, or governmental authority.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained until you request deletion
• Order and transaction records are retained for 7 years for legal and tax compliance
• Push notification tokens are updated each session and cleared on logout
• Transfer history is permanently associated with item provenance records

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your account and personal data (see Section 7)
• Portability: request your data in a structured, machine-readable format
• Objection: object to processing of your data in certain circumstances
• Withdrawal of consent: withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at sales@vaultmint.net

7. Account & Data Deletion

You may request deletion of your account and associated personal data at any time by:

• Emailing sales@vaultmint.net with subject line "Data Deletion Request"
• Using the delete account option within the app under Profile → Settings

Upon receiving your request, we will:

• Delete your account, name, email, profile picture, delivery addresses, and FCM token within 30 days
• Anonymise your historical order and transfer records (required for provenance integrity) — your name will be replaced with "Deleted User"
• Retain transaction records for legal and tax compliance as required by law (up to 7 years)

8. Security

We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• Bcrypt password hashing (rounds: 12)
• JWT-based authentication with short-lived access tokens and rotating refresh tokens
• Firebase Storage with access-controlled file uploads
• Stripe-handled payment processing — card data never touches our servers

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to prompt notification if a breach affecting your data occurs.

9. Children's Privacy

VaultMint is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at sales@vaultmint.net and we will delete it promptly.

10. Third-Party Services

Our Platform integrates with the following third-party services, each governed by their own privacy policies:

• Stripe — stripe.com/privacy
• Google Firebase — firebase.google.com/support/privacy
• Google Sign-In — policies.google.com/privacy
• Apple Sign-In — apple.com/legal/privacy

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by sending a push notification or email, and by updating the "Last Updated" date at the top of this page. Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: