Privacy Policy
Last updated: 2026-06-26 · Production version with finalized subprocessor list
The short version. We collect the minimum data necessary to operate the service: a hashed recovery key, your tier, your storage usage, and your file metadata. Your file contents are encrypted in your browser and we cannot read them. We do not collect your email or name at signup. We do not use tracking pixels, advertising trackers, or analytics that identify individual users.
1. What we collect, and why
| Data | Why we need it | Source |
| Recovery key hash (argon2id) |
To verify it's you on login. We cannot reverse the hash to obtain your actual key. |
Generated by us at purchase |
| Tier (Starter, Pro, Family) |
To enforce storage caps. |
Your purchase |
| Storage usage in bytes |
To enforce storage caps. |
Tracked as you upload |
| File metadata (name, tags, notes, size, date) |
To let you search, filter, and organize. Plaintext on our servers. |
You, when uploading |
| Encrypted file bytes |
This is what you're paying us to store. We cannot read them. |
You, encrypted in your browser |
| Hashed IP address (briefly) |
Abuse prevention only. Stored as a SHA-256 hash truncated to 32 chars, retained 30 days max. |
Your browser |
| Stripe customer ID |
To process refunds. Does not contain your email; that lives at Stripe. |
Stripe webhook |
2. What we explicitly do not collect
- Your email address — that lives at Stripe, the payment processor. We never access it.
- Your name, address, phone number, or other contact information.
- Cookies for tracking or advertising. We use one cookie: a session token after login.
- Web analytics that identify individual users (we may use aggregate, anonymized counts).
- Browser fingerprinting, device IDs, or cross-site identifiers.
- Your file contents — these are encrypted in your browser and we cannot decrypt them.
3. Subprocessors
We rely on the following third parties to operate the service. Each has its own privacy policy:
| Provider | Purpose | Data shared |
| Cloudflare R2 |
Storing encrypted file bytes |
Encrypted ciphertext only; cannot be decrypted by Cloudflare or us |
| Neon (Postgres host) |
Storing user accounts and file metadata |
Recovery key hash, tier, file metadata (plaintext) |
| Stripe |
Payment processing |
Your payment details and email (held by Stripe, not by us) |
| Railway |
Running the application server |
Standard request logs (HTTP requests, response codes; we minimize what's logged) |
4. How long we keep data
Our legal basis for processing the data above is performance of the contract you purchased (GDPR Article 6(1)(b)) and, where noted, our legitimate interest in operating the service securely (Article 6(1)(f)). Retention periods reflect what is necessary for those purposes:
- Account and files: retained for as long as we operate the service, regardless of whether you actively log in. This retention is necessary to perform the contract you purchased — inactivity is not a deletion trigger. See our Shutdown Policy for what happens to data at end-of-service. You can request deletion at any time (see Section 5).
- Hashed IP for abuse prevention: 30 days maximum.
- Audit log of significant events: retained for 1 year. Contains event types and timestamps; does not contain file contents or filenames.
- Stripe transaction references: retained as long as we operate, for refund and dispute purposes.
5. Your rights (GDPR, CCPA, and other regimes)
You have the right to:
- Access: see what data we hold about your account. Since we hold so little, this is straightforward — the dashboard already shows it.
- Export: retrieve your encrypted files and metadata via the "Export all" button at any time.
- Delete (right to erasure under GDPR Article 17): request deletion at any time by emailing privacy@permanentstorage.cloud with your purchase reference (Stripe session ID or your account's first-4-digit recovery key prefix). We will respond within 30 days. On deletion, your user record is removed, which cascades to delete all your files (from R2 and our database) and metadata. We retain a minimal hashed record that a deletion occurred, to prove compliance if challenged.
- Object to processing: we don't profile, advertise, or use your data for anything beyond running the service. There's nothing meaningful to object to. If we ever start doing more, this policy will be updated and you can request a refund.
Because we don't collect your email, we cannot proactively contact you. All rights-of-the-data-subject requests must be initiated by you, identified by your purchase reference.
6. Children
Vault is not intended for use by individuals under the age of 16. We do not knowingly collect data from anyone under 16. If you believe a minor has used the service, please contact us and we will close the account.
7. International data transfers
Our infrastructure providers (Cloudflare, Neon, Stripe) operate globally. Your encrypted file bytes and metadata may be stored or processed in countries other than your own. We rely on the providers' standard contractual clauses and adequacy decisions where applicable.
8. Changes to this policy
We will announce material changes on the homepage at least 30 days before they take effect. The "Last updated" date at the top reflects the current version.
9. Contact
Questions, requests, complaints: privacy@permanentstorage.cloud. For users in the EU, you also have the right to lodge a complaint with your national data protection authority.