Vault Horizon

PRIVACY POLICY (VAULT HORIZON APP)

Vault Horizon Privacy PolicyLast Modified: January 27, 20261. Introduction1.1. Vault Horizon ("we", "our", or "the App") is committed to protecting your privacy with the highest level of security architecture available. 1.2. This Privacy Policy explains how we collect, use, and safeguard your information when you use our document expiry tracking application. 1.3. By using Vault Horizon, you agree to the collection and use of information in accordance with this policy. 1.4. We have designed our systems with a "privacy-first" philosophy, ensuring your sensitive documents remain under your exclusive control.2. Zero-Knowledge ArchitectureHOST-PROOF HOSTING 2.1. Vault Horizon implements Host-Proof Hosting through a true Zero-Knowledge Architecture. 2.2. All encryption and decryption operations occur exclusively on your device before any data transmission. 2.3. Our servers receive only encrypted blobs of ciphertext that are mathematically impossible to decrypt without your unique cryptographic keys. 2.4. All document scans are encrypted on-device using AES-256 before transmission. 2.5. We receive and store only encrypted ciphertext—not your actual documents. 2.6. No employee, contractor, government agency, or third party can decrypt your vault. 2.7. Even under legal compulsion or subpoena, we can only surrender unintelligible encrypted data. 2.8. A breach of our servers would yield only cryptographically protected blobs.3. Row-Level Security (RLS)PRIVACY GUARANTEED BY MATH AND ARCHITECTURE 3.1. Your privacy is not protected by policy—it is guaranteed by mathematics and system architecture. 3.2. Vault Horizon enforces Row-Level Security (RLS) at the database kernel level, providing cryptographic isolation that makes your data invisible to all other users and administrators. 3.3. Each user's data exists in a cryptographically isolated partition. 3.4. Database queries are mathematically filtered to your authenticated session only. 3.5. RLS policies execute before any application code, making bypasses impossible. 3.6. Your authenticated account (Apple ID or email) serves as the cryptographic key to your data partition.4. Biometric SecurityON-DEVICE BIOMETRIC PROTECTION 4.1. When you enable Face ID or Touch ID, your biometric data never leaves your device. 4.2. Biometric data is not transmitted to our servers or any third party. 4.3. Authentication occurs entirely within Apple's iOS Secure Enclave—a dedicated security coprocessor. 4.4. Vault Horizon receives only a success/failure signal, never your actual biometric data. 4.5. We have no technical capability to access, extract, or replicate your biometric information.5. Double-Guard Notification SystemPROACTIVE EXPIRY REMINDERS 5.1. Two reminder emails are sent before each document expires: an initial friendly reminder and a final notice. 5.2. Reminder timing is calculated based on your chosen "days before expiry" setting. 5.3. Push notifications are sent locally from your device and do not transmit data to our servers. 5.4. Email reminders contain only the document name, category, and expiry date—never your actual document scans. 5.5. Disabling email alerts will cancel all pending reminder emails for your account.6. Home Screen WidgetsWIDGET DATA SHARING 6.1. Widget data is shared securely between the main app and widget extension via App Groups. 6.2. Only document titles, categories, and expiry dates are shared—never your document scans. 6.3. Widget data is stored locally on your device in a shared container and is never transmitted to external servers.7. Data Collection Disclosure7.1. WHAT WE DO NOT COLLECT 7.1.1. We do not track your physical location or movement patterns. 7.1.2. We do not sell, rent, license, or share your data with any third parties. 7.1.3. We do not use any third-party advertising SDKs, tracking pixels, or ad networks. 7.1.4. We do not access your contacts, photo library, microphone, or other device sensors.7.2. WHAT WE DO COLLECT 7.2.1. Authentication credentials: Apple ID identifier (anonymized hash) or email address if you choose email signup. 7.2.2. Document metadata you voluntarily enter (titles, expiry dates, categories). 7.2.3. Document scans you choose to upload (encrypted on-device before transmission). 7.2.4. Notification preferences and timestamps of account creation/authentication events.8. Right to ErasureCOMPLETE DATA DESTRUCTION 8.1. In compliance with GDPR (Article 17), CCPA, and Apple App Store Guidelines, you have the absolute right to trigger an immediate and permanent deletion of all your data. 8.2. When you tap 'Delete Account' in Settings, all authentication records, storage files, and database rows are permanently purged. 8.3. Deletion propagates to all backup systems within 72 hours. 8.4. This deletion is immediate and irreversible; we have no technical capability to recover your data once executed.9. Children's Privacy9.1. Vault Horizon is not intended for use by children under 13 years of age. 9.2. We do not knowingly collect personal information from children.10. Contact Us10.1. For privacy-related inquiries or to exercise your rights, please contact: [email protected]