Privacy Policy

1. Who We Are

VaultSync Solutions, Inc. ("VaultSync", "we", "us", or "our") operates the GDBS Scientific Computing Platform, accessible at gdbs.getvaultsync.com and through official mobile applications. Our registered business address and primary contact is listed in Section 11 below.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use GDBS, visit our websites, or interact with our services.

2. Information We Collect

Account & Identity

• Full name and email address provided at registration
• Password (stored as a one-way bcrypt hash — never in plaintext)
• License tier and subscription status
• Account creation date and last login timestamp

Usage & Technical Data

• IP address at time of login and API requests
• Browser type, operating system, and device type
• Pages visited and features accessed within GDBS
• Session tokens (JWT, stored client-side; not persisted server-side)

Payment Data

• Payment is processed entirely by Stripe, Inc. — we never store card numbers, CVV, or full payment credentials
• We retain Stripe customer IDs, subscription IDs, and transaction references for billing support

Investment Data (Friends & Family Round)

• Name, email, phone (optional), and investment amount
• Accredited investor declaration and acceptance of terms
• Reference code, tier, and revenue share percentage
• IP address at time of submission

Simulation Inputs

• Parameters entered into GDBS simulation modules (e.g., material properties, boundary conditions) are processed in-browser and in our computation API
• We do not store simulation inputs or outputs beyond the active session unless you explicitly save a report

3. How We Use Your Information

• Authenticate you and maintain your account session
• Deliver licensed platform features based on your subscription tier
• Process payments and manage billing through Stripe
• Send transactional emails: account confirmations, password resets, payment receipts, and investment confirmations
• Respond to support requests and troubleshoot issues
• Monitor platform stability, detect abuse, and enforce our Terms of Service
• Comply with legal obligations

4. Third-Party Services

• Stripe, Inc. — payment processing. Stripe's privacy policy governs payment data: stripe.com/privacy
• Google Play / Android — app distribution. Google's privacy policy applies to Play Store interactions
• SMTP Email Provider — transactional email delivery (no marketing lists)
• Public Legal APIs — the Legal Research module queries CourtListener, Federal Register, and other public government APIs. No personal data is transmitted to these services beyond your search query

5. Data Retention

• Active accounts: data retained for the life of your account plus 90 days after closure
• Payment records: retained for 7 years for tax and legal compliance
• Investment records: retained indefinitely as part of the legally binding commitment record
• Session logs / IP logs: retained for up to 90 days then purged

6. Data Security

We implement industry-standard security measures including:

• TLS encryption in transit for all platform communications
• Bcrypt hashing for all stored passwords
• JWT-based stateless authentication with configurable expiry
• Server-side API key storage — third-party API keys you configure are stored server-side and never exposed in client responses
• Access controls limiting data access to authorized personnel only

No method of transmission or storage is 100% secure. We will notify affected users in the event of a data breach as required by applicable law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data (subject to retention obligations)
• Portability — receive your data in a machine-readable format
• Objection — object to processing in certain circumstances

To exercise any of these rights, contact us at privacy@getvaultsync.com. We will respond within 30 days.

8. Children's Privacy

GDBS is a professional scientific computing platform intended for users aged 18 and older. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us personal information, we will delete it promptly.

9. Cookies & Local Storage

GDBS keeps your authenticated session and UI preferences (e.g. last active module, API keys you configure) in your browser's local storage on your device. We do not use third-party tracking cookies or advertising cookies, and we do not share session data with any third party. A single, non-tracking session-presence cookie (a 1/0 flag, no token material, no PII) is set on the parent .getvaultsync.com domain so the marketing site can show "Sign In" instead of "Register" to returning visitors. No cookie consent banner is required as we do not deploy non-essential cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and by updating the "Last updated" date at the top of this page. Continued use of GDBS after changes constitutes acceptance of the revised policy.

11. Contact Us