Vault — Privacy Policy

1) Scope

This Privacy Policy explains how we process personal data when you use the Vault mobile/desktop applications, Telegram Mini App, our websites, and support channels (together, the "Services"). It applies to our current TRON integration; future networks may be added.

2) Personal Information Collection Statement (PICS)

Data minimization: We only collect the minimum personal data necessary to operate the Services.

Device & usage data: In addition to the data listed above, we may collect limited device and app data (such as operating system version, app version, language, and time zone) solely to improve reliability, diagnose issues, and enhance security.

IP addresses: Your IP address may be logged temporarily when you interact with our Services (e.g., when sending requests or transactions) for security, rate-limiting, and abuse prevention. These logs are retained only for a short period (typically 30–90 days) and then deleted.

What we collect

  • Account identifiers: your email address (required for login, account identification, essential service communications, and sending account confirmation emails).
  • Wallet linkage: a mapping between your email and wallet address(es) created or added in the app, to help you manage addresses and to enable security/abuse prevention, support and debugging.
  • If you use our Telegram Mini App, we may receive your Telegram user ID, display name and avatar from Telegram to operate the Mini App.
  • Optional saved data: your address book / payee labels and (if enabled by you) fiat payout templates or other references you store in-app; these are stored encrypted.
  • Service & security telemetry (minimal): app version, OS version, language, time zone, IP address at request time, timestamps, error codes and basic event logs (for diagnostics, rate-limiting, and anti-abuse).
  • Relayer (gasless) metadata: for sponsored network fees on TRON we may process your wallet address, transaction hash, signature metadata, nonce and timestamps, plus basic anti-abuse signals (e.g., request rate, IP at request time).
  • Support content optional: messages/attachments you send to support. Please do not send seed phrases, private keys or identity documents to support.
  • We use a third-party mobile attribution and analytics service, Appsflyer, to help us understand how users discover and install Vault and to measure the effectiveness of our marketing campaigns. Appsflyer collects limited device and event data (e.g., install source, app version, engagement events) solely for attribution and performance analytics. We do not use Appsflyer for cross-app behavioral advertising. For more details, please see Appsflyer's Privacy Policy. You may opt out of Appsflyer tracking as described in their policy.

What we never collect/store

Private keys and seed phrases are never transmitted to or stored on Vault servers. Private keys and seed phrases are generated and remain on your device only, stored locally under your control (we never receive them on our servers).

Purposes of collection

  • Provide and maintain the Services (authentication, sessions, wallet functionality, querying public blockchain data through RPC).
  • Enable gasless transactions via a relayer/energy provider on TRON and protect the Services against abuse.
  • Diagnose issues, ensure security and integrity (rate-limits, anomaly detection, incident response).
  • Provide customer support upon your request.
  • Comply with applicable laws and enforce our Terms.
  • We do not use your personal data for direct marketing without your prior consent. If we ever do, we will provide a PDPO-compliant notice and obtain your consent first.

Voluntary/mandatory

  • Email is required to create and access your account.
  • Wallet address linkage is mandatory for basic functionality and support
  • Address book entries and any optional saved templates are voluntary.

Possible transferees / classes of transferees

  • Infrastructure & hosting providers (cloud/IaaS, managed databases).
  • Vercel https://vercel.com/high-vault (tools and cloud infrastructure to build, scale, and secure a faster, more personalized web) with the following Privacy Policy (https://vercel.com/legal/privacy-policy);
  • https://supabase.com (Supabase is the Postgres development platform) with the following Privacy Policy (https://supabase.com/privacy)
  • Blockchain infrastructure (e.g., TRON RPC nodes/explorers) to retrieve public on-chain data; requests may include your wallet address and standard network metadata (e.g., IP):
  • https://www.trongrid.io (an easy to use hosted API, load balanced full nodes, secure and reliable developer tools with direct access to the TRON and BTTC Network) with the following API (https://api.trongrid.io/v1 )
  • TronScan (https://docs.tronscan.org) with the following Privacy Policy (https://tronscan.org/#/aboutUs/privacyPolicy)
  • Relayer/Energy provider for gasless transactions on TRON (to submit/sponsor your transaction).
  • app.apitrx.com (Professional Energy API);
  • tr.energy (a service that helps save on fees in the TRON network) with the following API (https://tr.energy/ru/consumers/dashboard). TR.ENERGY operates under Petrovskogo LLC, a licensed company registered in Sharjah Media City (Shams), UAE. License No. 2111641.01, valid until February 23, 2026.
  • Support tooling (if used) for ticketing and communications.
  • Regulatory/law enforcement if required by applicable law or to protect rights, safety, and integrity.
  • Access and correction rights Under the PDPO you have the right to request access to and correction of your personal data held by us (see §10).

3) Public Blockchain Data

We use personal data strictly to:

  • operate the app and show balances/transactions;
  • authenticate and secure accounts;
  • facilitate gasless transactions via a relayer;
  • provide support;
  • maintain logs necessary for reliability, security, and abuse prevention;
  • comply with legal obligations and enforce our Terms.

We do not sell, rent, or share your personal data for monetary or other valuable consideration as defined under the California Consumer Privacy Act (CCPA) or similar laws.

5) Cookies & Similar Technologies

The app does not use advertising trackers. Our website may use strictly necessary cookies for security and basic functionality. We do not use third-party analytics or ad pixels.

6) Disclosures to Third Parties

We share personal data only as reasonably necessary to provide the Services or as required by law:

  • Infrastructure & hosting providers: We use reputable cloud hosting providers (e.g., AWS, Google Cloud, or equivalent) to securely run our encrypted infrastructure.
  • Relayer / Energy provider (TRON gasless): limited transaction metadata (address, hash, signature meta, nonce, timestamps) to sponsor fees and mitigate abuse.
  • RPC/explorer providers: requests to public nodes/APIs to fetch chain data may reveal your wallet address and standard request metadata (e.g., IP).
  • Support tools: for handling user requests.
  • Legal/safety: if required to comply with law, regulations, or to protect users, the public, Vault, or others.

We require service providers to implement appropriate confidentiality and security measures and to process data only on our instructions.

7) International Data Transfers

Your data may be stored and processed outside Hong Kong. We implement contractual and technical safeguards appropriate for cross-border transfers (e.g., we ensure an adequate level of protection for cross-border data transfers by implementing the Standard Contractual Clauses (SCCs) approved by the European Commission, as well as by conducting a Transfer Impact Assessment (TIA)). Details on hosting regions are available on request.

8) Data Retention

We keep personal data no longer than necessary for the purposes stated above:

Public blockchain data persists on-chain and is not controlled by Vault.

9) Security

  • No key custody: private keys/seed phrases never leave your device.
  • Encryption: TLS in transit; encrypted storage at rest; secret segregation.
  • Access controls: least-privilege, role-based access, audit logging.
  • Abuse protection: rate-limits, anomaly checks, relayer allow-listing.
  • Your responsibility: secure your device and seed phrase. We cannot recover lost keys/seed.

10) Your Rights

You have the right to request access to and correction of personal data we hold about you. To make a Data Access Request (DAR) or correction request, contact our Privacy Officer at privacy@stablevault.app. We may need to verify your identity as permitted by law. Under the PDPO, we reserve the right to charge a reasonable fee for processing a data access request. In practice, we strive to fulfill legitimate user requests free of charge. You may also request account deletion in-app or via support. Deleting your account deletes associated personal data we control (subject to retention in backups/logs for the periods above). On-chain data is unaffected.

11) Children and the Age of consent

Vault is not directed to children. Do not use the Services if you are under 18.

12) Third-Party Links

12.1. Service Providers

We may engage certain third-party service providers to support the operation of Vault. These providers process limited categories of data strictly on our instructions and under appropriate confidentiality and security measures. Such providers include:

  • Analytics and attribution: Appsflyer, used to measure app installs, attribution, and basic in-app events. Appsflyer does not use this data for cross-app behavioral advertising. See Appsflyer Privacy Policy.
  • Relayer and energy providers: used to sponsor gasless transactions on TRON. In this case, we may share wallet address, transaction hash, signature metadata, and anti-abuse signals necessary to process the transaction.
  • Infrastructure and hosting providers: cloud hosting, database, and security vendors, who help us deliver and protect the Services.
  • Customer support platforms: tools that enable us to manage and respond to your requests.

These service providers only have access to the data necessary to perform their functions and are not permitted to use it for other purposes.

12.2. External Links

The Application and our websites may contain links to third-party websites, blockchain explorers, or services. Please note that we are not responsible for the privacy practices of such third parties. Their collection and use of your data are governed by their own privacy policies, and we encourage you to review those policies before submitting any personal information to them.

13) Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new effective date and, where appropriate, notify you in-app.

14) Contact

AdSkill Limited (Hong Kong)
Attn: Privacy Officer
[Address, Hong Kong]
Email: privacy@stablevault.app

VAULT logo iconVAULT logo text

Privacy by Design. Every detail of VAULT exists to protect your identity and make digital money truly yours.

2025 All Rights Reserved Terms Of Use | Privacy Policy | Support