Vault

Privacy Policy

Last updated: June 2, 2026

1. How this product handles data

Vault's free core experience works without creating an account. Portfolio entries, transaction history, goals, tags, and reminder settings live first in local storage on your phone. When Kasa Plus is enabled, transactions and tags may be encrypted on the device for backup and shared-vault access.

  • Your portfolio records and transaction history are stored on your device.
  • Kasa Plus can back up transactions and tags in encrypted form.
  • The core app does not require a central portfolio account for basic use.

2. What technical data may still be sent by default

Vault may keep anonymous usage metrics enabled by default. That means the app should not be described as fully offline or as a zero-transfer system. Limited technical data may still be sent to understand product usage and performance.

  • Anonymous usage metrics may be sent unless the user disables them.
  • This setting can be turned off in the app.
  • Because they may be on by default, technical data transfer can happen until the user changes that choice.

3. What we aim not to share

Vault's current design aims not to collect the contents of your portfolio as analytics input. Even so, no technical system should be described as risk-free. This page should not be read as an absolute promise of perfect isolation.

  • Portfolio values and gold quantities are not intended to be analytics payloads.
  • Personal notes and record contents are not intended to be telemetry targets.
  • Technical usage context and device-level diagnostics may still reach third-party infrastructure.

4. Third-party infrastructure and data transfer

The app may use third-party services for usage metrics, phone verification, encrypted backup, diagnostics, and iOS subscription management. Firebase Phone Auth may send and store phone numbers with Google for abuse prevention. RevenueCat and Apple may process subscription status.

  • Google Firebase, RevenueCat, and Apple may process limited data for their respective roles.
  • When Kasa Plus is used, encrypted vault records are stored in cloud infrastructure.
  • Third-party providers may also apply their own retention and security policies.

5. User controls and user rights

Vault aims to keep user controls visible. A user can remove local records from a device or delete an account together with encrypted cloud data. Deleting an account does not automatically cancel an active Apple subscription; that must also be managed through the App Store.

  • The usage-sharing setting can be turned off.
  • The usage-metrics setting can be turned off.
  • Privacy Mode can hide visible portfolio amounts on screen.
  • The Data Management screen can remove device records or delete cloud data together with the account.

6. Retention, data-loss risk, and practical limits

In free local use, resetting, replacing, damaging, or uninstalling the app may lead to data loss. Kasa Plus backs up transactions and tags in encrypted form, but the recovery code must be stored safely to open the vault on a new device.

  • Local records depend on the life cycle of the device and app installation.
  • Uninstalling the app or resetting the device may cause data loss.
  • If the recovery code is lost, encrypted records may not always be recoverable.

7. Transparency and future updates

This page is meant to reflect the app's current technical behavior as clearly as possible. If new data flows, new third-party services, or sync features are added, this page should be updated without delay. Before launch, the formal operator identity and legal contact details should also be completed.

  • The legal text should stay aligned with the technical product behavior.
  • New data collection paths should be disclosed separately.
  • Formal controller identity and legal contact details should be completed before publication.