Your information belongs to you.

Account information. When you register, we collect your email address and display name. Your password is hashed using bcrypt, so we never store it in plaintext and cannot recover it.

Vault content. The information you enter into your vault (medical details, financial contacts, your pets' favorite treats or groomer) is end-to-end encrypted. It is encrypted in your browser with a key derived from your password before it ever reaches us, and we store only ciphertext. We never receive your password or your keys, so we cannot read your vault content: not for support, not for analytics, not at all. (Final messages and family-managed vaults are the disclosed exceptions, described under “How data is stored.”)

Billing information. Payments are processed by Stripe. We never see or store your card number. Stripe provides us with basic transaction metadata (plan type, payment status) and a customer identifier so we can manage your subscription.

Usage analytics. We use PostHog to collect pseudonymous product analytics: which features are used, where users drop off, how many people complete onboarding. No vault content is ever sent to PostHog. Before you sign in, your activity is tied only to a random anonymous identifier. Once you sign in, it is tied to a random internal account identifier, never your email or name. We honor the “Do Not Track” and Global Privacy Control browser signals, and you can also opt out with a content blocker.

Error logs. We use Sentry for error monitoring. If a bug occurs, Sentry captures the error and some context about what was happening (page, action type, user ID). We never send vault field values to Sentry.

We do not sell your data, and we never share your vault content or account details with advertisers. We do not use your information for any purpose other than providing and improving the service. And we do not (and cannot) read your vault content: it is end-to-end encrypted and we hold no key to it. We do use the Meta Pixel to measure advertising on our public marketing pages, but it never runs inside your vault and never receives personal or vault data—see “Advertising measurement” below. (The two disclosed exceptions, final messages and family-managed vaults, are described below.)

Your account and vault data is stored on DigitalOcean Managed PostgreSQL, hosted in U.S. data centers. Vault fields are end-to-end encrypted in your browser before they reach us, so the stored data is ciphertext we have no key to open, neither us nor DigitalOcean. We can still see structural metadata (which sections exist, which fields are filled, your completeness score, who you have shared with), but never the contents.

All data in transit is encrypted using TLS.

We use a small number of trusted third parties to operate the service:

• Stripe: payment processing. Stripe Privacy Policy
• Resend: transactional email delivery (invites, notifications, receipts)
• Sentry: error monitoring
• PostHog: anonymous product analytics
• DigitalOcean: database and application hosting
• Meta (Facebook): advertising measurement on our public marketing pages only. Meta Privacy Policy

Meta's pixel runs only on our public marketing pages, never inside your signed-in vault. PostHog (usage analytics) and Sentry (error monitoring) do operate inside the app, but are configured never to receive your vault content—no field values are sent to either, and Sentry has no session replay or page capture. DigitalOcean stores your vault content only as end-to-end-encrypted ciphertext it cannot read. None of these vendors can read your vault.

We advertise MyVaultedLife, and to understand whether those ads work we use the Meta (Facebook) Pixel and its server-side counterpart, the Conversions API. We have configured both to gather as little as possible.

Marketing pages only. The pixel loads only on our public marketing pages (such as the home, pricing, and about pages). It is never present inside your signed-in vault, so it cannot observe any vault field, account detail, or activity there. Our Content-Security-Policy enforces this boundary at the network level.

What it measures, and what it never sees. Page views, plus a few conversion events (such as starting a vault or subscribing) reported server-side. We do not send Meta your name, email, phone number, or any vault data: Automatic Advanced Matching is turned off and Limited Data Use is enabled. Matching relies only on Meta's own pseudonymous cookies, your IP address, and your browser's user-agent.

U.S. only, and easy to turn off. Measurement stays off unless we can confirm you are in the United States, and it never runs when your browser sends a Global Privacy Control or “Do Not Track” signal. You can opt out at any time on our Do Not Sell or Share My Personal Information page.

Your account data is retained for as long as your account is active. If you delete your account, your data is purged from our systems within 30 days. Backups may retain the data for up to 60 days after deletion.

If you have a paid subscription, we retain billing records as required by applicable law (typically 7 years for financial records).

You have the right to access the data we hold about you, correct inaccuracies, and request deletion of your account. To exercise any of these rights, email us at privacy [at] myvaultedlife.com.

If you are in the EU or UK, you may also have rights under GDPR or UK GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

Questions about this policy: privacy [at] myvaultedlife.com

MyVaultedLife LLC
United States