Vaultix

Privacy Policy

Last Updated: January 21, 2026

Introduction and Commitment to Privacy

At Vaultix Wallet, privacy is not an afterthought-it's foundational to our product design and business philosophy. We believe that true self-custody extends beyond protecting your cryptographic keys to protecting your personal data.

Our Privacy Principles:

  • Data Minimization: We collect only what is necessary to provide our services
  • Zero Telemetry Hardware: Our hardware wallet collects no usage data, ever
  • Transparency: We clearly communicate what data we collect and why
  • User Control: You have complete control over your personal information
  • Security First: All collected data is protected with industry-leading encryption

This Privacy Policy explains our data practices for the Vaultix website and pre-order process. Please note that the Vaultix hardware device itself operates with zero data collection-details in Section 4 below.

Table of Contents

1. Data Collection Practices

What is Personal Data?

Personal data is any information that relates to an identified or identifiable individual. At Vaultix, we distinguish between two categories:

Website Data Collection

We collect minimal data when you visit our website or join our pre-order list:

  • Email address (required for pre-order confirmation)
  • Country location (required for shipping estimates)
  • Cryptocurrency interests (optional survey question)
  • Standard web analytics (page views, device type, anonymized)

Hardware Device Data Collection

Zero data collection. Period.

  • No telemetry or usage tracking
  • No internet connection required for operation
  • No account registration or KYC
  • Keys never transmitted off-device
  • No cloud backups or services

⚠️ Important Distinction

This Privacy Policy primarily covers our website and pre-order process. The Vaultix hardware wallet itself is designed to operate with absolute zero data collection. See Section 4 for full details on our no-telemetry commitment.

2. Pre-Order List Data

What We Collect During Pre-Order Registration

When you join the Vaultix pre-order waitlist, we collect the following information:

Email Address Required. Used to send order confirmation, shipping updates, and important product announcements. You can unsubscribe from marketing emails at any time.
Country Required. Used to determine shipping availability, estimate delivery timelines, and comply with export regulations for cryptographic hardware.
Cryptocurrency Interest Optional. Helps us prioritize which blockchain integrations to develop first (Bitcoin, Ethereum, etc.). Purely for product roadmap planning.

What We Do NOT Collect

  • No payment information during pre-order (reservation is free)
  • No government ID or KYC documents
  • No social security numbers or financial account details
  • No tracking of your crypto holdings or wallet addresses
  • No biometric data or device fingerprinting

Purpose and Legal Basis for Processing

We process your pre-order data under the following legal bases (GDPR Article 6):

  • Contractual Necessity: To fulfill your pre-order reservation and eventual product shipment
  • Legitimate Interest: To communicate product updates relevant to your reservation
  • Consent: For optional marketing communications (you can withdraw consent anytime)

3. How We Store and Protect Your Data

Security Measures

We implement industry-standard security practices to protect your personal information:

  • Encryption in Transit: All data transmitted to our servers uses TLS 1.3 encryption
  • Encryption at Rest: Pre-order data is stored in encrypted databases with AES-256 encryption
  • Access Control: Only authorized personnel with business need can access customer data
  • Security Audits: Regular third-party security assessments of our infrastructure
  • Data Segregation: Customer data isolated from marketing and analytics systems

Third-Party Service Providers

We use carefully vetted service providers to operate our website and pre-order system. These providers have access to limited data only as necessary to perform their functions:

Email Service Provider Manages pre-order confirmation emails and product updates. Provider: [Email platform name]. Data shared: Email address, country. View their privacy policy
Web Analytics Anonymized website traffic analysis (page views, bounce rates). Provider: Privacy-focused analytics. No personal identifiers tracked.
Web Hosting Secure hosting infrastructure with data encryption and DDoS protection. Provider: [Hosting provider]. Data location: EU/US data centers.

Data Processing Agreements: All service providers sign Data Processing Agreements (DPAs) committing to GDPR-compliant data handling, security standards, and prohibiting unauthorized use of customer data.

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we commit to:

  • Notify affected users within 72 hours of breach discovery
  • Report breach to relevant supervisory authorities as required by law
  • Provide clear information about what data was compromised and steps you should take
  • Implement immediate remediation measures to prevent further unauthorized access

4. Product Telemetry Policy: Zero Data Collection

The Vaultix hardware wallet collects ZERO data. This is not a privacy setting-it's a hardware design principle.

πŸ”’

No Telemetry

The device does not track usage patterns, transaction history, wallet balances, or any behavioral data. There is no analytics code in the firmware.

πŸ”Œ

No Internet Dependency

Vaultix operates air-gapped with offline transaction signing. It never connects to the internet or transmits data to Vaultix servers.

πŸ‘€

No Account or KYC

No registration, user accounts, or identity verification required to use the device. Anonymous purchase and operation are supported.

πŸ”‘

Keys Never Leave Device

Private keys are generated and stored exclusively within the secure element chip. They are never transmitted, uploaded, or backed up to any external system.

Architectural Guarantee

This is not a privacy promise we could break-it's an architectural impossibility. The Vaultix firmware is open-source and auditable. Security researchers and users can verify that no telemetry, tracking, or data transmission code exists in the codebase.

Planned third-party security audits (Q2 2026) will independently verify our no-telemetry architecture before public launch.

What About Firmware Updates?

Firmware updates are delivered through the Vaultix desktop application. The update process:

  • Users manually initiate updates (never automatic or forced)
  • Firmware binaries are cryptographically signed and verified before installation
  • Update download does not transmit device information or user data
  • Open-source update code allows community verification

5. Third-Party Service Providers

This section provides detailed information about external services that process personal data on behalf of Vaultix:

Email Marketing Platform

Provider: [Email service provider name]
Purpose: Sending pre-order confirmations, shipping notifications, and optional product updates
Data Shared: Email address, first name (if provided), country
Data Location: EU and US data centers (GDPR-compliant)
Privacy Policy: View provider privacy policy

Web Analytics

Provider: [Privacy-focused analytics platform]
Purpose: Understanding website traffic patterns to improve user experience
Data Shared: Anonymized page views, device type, referral source (no personal identifiers)
Cookie-less Tracking: Uses privacy-respecting methods without persistent cookies
Privacy Policy: View provider privacy policy

Web Hosting and CDN

Provider: [Hosting provider name]
Purpose: Secure website hosting and content delivery
Data Shared: Standard server logs (IP addresses, access times) retained for 30 days for security purposes
Data Location: EU and US data centers with GDPR compliance
Privacy Policy: View provider privacy policy

Data Processing Agreements

All third-party providers listed above have signed Data Processing Agreements (DPAs) with Vaultix, contractually obligating them to:

  • Process data only as instructed by Vaultix (no independent use)
  • Implement appropriate security measures to protect your data
  • Notify Vaultix immediately of any data breaches
  • Delete or return data upon request when service relationship ends
  • Comply with GDPR and other applicable data protection regulations

We Do NOT Share Data With:

  • Social media platforms for advertising or tracking purposes
  • Data brokers or marketing aggregators
  • Government agencies (except when legally required by valid court order)
  • Cryptocurrency exchanges or blockchain analytics companies
  • Any third party for purposes unrelated to providing Vaultix services

6. Cookies and Website Tracking

What Are Cookies?

Cookies are small text files stored on your device by websites you visit. They help websites remember your preferences and understand how you use the site.

Types of Cookies We Use

Essential Cookies Required for basic website functionality (form submission, security features). Cannot be disabled. No personal data stored. Example: Session tokens, CSRF protection.
Analytics Cookies Help us understand website performance (page views, bounce rates, navigation paths). Anonymized data only. Can be disabled via cookie consent banner.
Marketing Cookies Currently NOT used. If we implement marketing cookies in the future, you will be asked for explicit consent.

Managing Cookie Preferences

You control your cookie preferences through:

  • Cookie Consent Banner: Appears on first visit to our website. You can accept or reject optional cookies.
  • Browser Settings: Configure your browser to block or delete cookies. Note: blocking essential cookies may impair website functionality.
  • Cookie Policy Page: Visit our Cookie Policy for detailed information and preference management.

Third-Party Cookies

We do not allow third-party advertising networks to place cookies on our website. The only third-party cookies present are from our privacy-focused analytics provider (optional, requires your consent).

7. Your Privacy Rights

Under data protection laws (GDPR, CCPA, and similar regulations), you have the following rights regarding your personal data:

Right to Access

What it means: You can request a copy of all personal data we hold about you.

How to exercise: Email privacy@vaultix.com with subject line "Data Access Request". We will provide your data in a commonly used electronic format within 30 days.

Right to Rectification

What it means: You can request correction of inaccurate or incomplete personal data.

How to exercise: Email privacy@vaultix.com specifying what information needs correction. We will update your data within 14 days.

Right to Erasure ("Right to be Forgotten")

What it means: You can request deletion of your personal data when it's no longer necessary for the purposes it was collected.

How to exercise: Email privacy@vaultix.com with subject line "Data Deletion Request". We will delete your data within 30 days, except where legal retention requirements apply (e.g., tax records).

Right to Data Portability

What it means: You can request your data in a machine-readable format to transfer to another service provider.

How to exercise: Email privacy@vaultix.com with subject line "Data Portability Request". We will provide your data in JSON or CSV format within 30 days.

Right to Object

What it means: You can object to data processing based on legitimate interests or for direct marketing purposes.

How to exercise: Click "Unsubscribe" in any marketing email, or email privacy@vaultix.com. Marketing opt-out takes effect immediately.

Right to Restrict Processing

What it means: You can request temporary restriction of data processing in specific circumstances (e.g., while disputing data accuracy).

How to exercise: Email privacy@vaultix.com explaining the circumstances. We will respond within 14 days.

Right to Withdraw Consent

What it means: Where data processing is based on consent, you can withdraw that consent at any time.

How to exercise: Use unsubscribe links in emails, or contact privacy@vaultix.com. Withdrawal does not affect the lawfulness of processing before withdrawal.

Response Timeline

We commit to responding to all privacy rights requests within 30 days of receiving your request. If we need additional time (e.g., for complex requests), we will notify you and explain the reason for the delay.

No fees: Exercising your privacy rights is always free, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee).

8. Data Retention Policies

How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes it was collected. Specific retention periods:

Pre-Order Data (Active Reservations) Retained until product ships or you cancel your reservation. Includes email, country, and crypto interest preferences.
Pre-Order Data (Cancelled/Unfulfilled) Deleted 6 months after cancellation or 12 months after planned ship date if not fulfilled. You can request immediate deletion.
Marketing Emails (Subscribers) Retained until you unsubscribe or 2 years of inactivity (no email opens/clicks), whichever comes first.
Customer Support Correspondence Retained for 3 years after last interaction for quality assurance and legal compliance purposes.
Transaction Records (Post-Launch) Retained for 7 years as required by tax and accounting regulations. Includes order history, payment records, shipping information.
Website Server Logs Retained for 30 days for security monitoring, then automatically deleted. Contains IP addresses and access timestamps.

Deletion Procedures

When retention periods expire or you request deletion:

  • Data is permanently deleted from active databases and backups within 90 days
  • Secure deletion methods prevent data recovery (cryptographic erasure)
  • Third-party processors are instructed to delete data in accordance with our DPAs
  • Deletion confirmation available upon request

Legal Hold Exceptions

In rare circumstances, we may be required to retain data beyond standard retention periods:

  • Valid legal holds (e.g., pending litigation, government investigation)
  • Regulatory requirements specific to cryptographic hardware exports
  • Fraud prevention (e.g., suspended accounts due to suspected fraudulent activity)

If your data is subject to legal hold, we will notify you and explain the circumstances when legally permitted to do so.

9. GDPR and International Compliance

GDPR Compliance (European Union)

Vaultix complies with the General Data Protection Regulation (GDPR) for all users, regardless of location. Key GDPR commitments:

  • Lawful Basis: All data processing has a lawful basis (consent, contract, or legitimate interest)
  • Data Minimization: We collect only data necessary for specified purposes
  • Purpose Limitation: Data used only for purposes disclosed at collection time
  • Storage Limitation: Data deleted when no longer needed (see Section 8)
  • Integrity and Confidentiality: Appropriate security measures protect your data
  • Accountability: We maintain records demonstrating GDPR compliance

CCPA Compliance (California, USA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of "sale" of personal information (Note: Vaultix does not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

To exercise CCPA rights, email privacy@vaultix.com with subject line "CCPA Request".

International Data Transfers

Vaultix is headquartered in [Country]. Pre-order data may be processed in the following locations:

  • European Union: Primary data storage in EU data centers (GDPR-compliant)
  • United States: Backup systems and certain service providers (Standard Contractual Clauses in place)

Data Transfer Mechanisms: When data is transferred outside the EU/EEA, we use approved transfer mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service providers with EU-US Data Privacy Framework certification (where applicable)
  • Supplementary measures ensuring adequate protection (encryption, access controls)

Other Jurisdictions

Vaultix respects data protection laws in all jurisdictions where we operate, including:

  • UK GDPR: Post-Brexit UK data protection regulation (equivalent to EU GDPR)
  • Canada (PIPEDA): Personal Information Protection and Electronic Documents Act
  • Australia (Privacy Act): Australian Privacy Principles compliance
  • Brazil (LGPD): Lei Geral de Proteção de Dados compliance for Brazilian users

10. Updates to This Privacy Policy

When We Update This Policy

We may update this Privacy Policy to reflect:

  • Changes in our data practices as Vaultix evolves from pre-order to full product launch
  • New legal or regulatory requirements
  • Introduction of new features or services
  • Feedback from users and privacy advocates

How We Notify You of Changes

When we make updates to this Privacy Policy:

1

Material Changes

For significant changes affecting your rights or how we use your data, we will email all users at least 30 days before the changes take effect. The email will clearly explain what's changing and how it affects you.

↓
2

Non-Material Changes

For minor updates (e.g., clarifications, formatting, updated contact information), we will update the "Last Updated" date at the top of this page and post a notice on our homepage for 30 days.

↓
3

Review Period

You have 30 days to review material changes before they take effect. If you disagree with the changes, you can close your pre-order reservation or unsubscribe before the effective date.

Version History

Previous versions of this Privacy Policy are archived and available upon request. Email privacy@vaultix.com to access historical versions.

Your Continued Use

Continued use of the Vaultix website or services after the effective date of policy changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you must discontinue use and contact us to delete your data.

11. Privacy Inquiries and Contact

πŸ“§

Have Questions About Your Privacy?

We're committed to transparency and protecting your rights. Our privacy team is here to help.

Email: privacy@vaultix.com
Response Time: We respond to all privacy inquiries within 48 hours (business days).

Data Protection Officer: For formal GDPR inquiries, contact our DPO at dpo@vaultix.com

What to Include in Your Privacy Request

To help us process your request efficiently, please include:

  • Your full name and email address associated with your Vaultix account/reservation
  • Specific nature of your request (access, deletion, correction, etc.)
  • Any relevant details to help us locate your information
  • Preferred format for data delivery (if requesting access or portability)

Identity Verification: For security reasons, we may ask you to verify your identity before processing requests that involve accessing or deleting your data. This typically involves confirming details from your pre-order registration.

Supervisory Authority Contact

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority:

  • EU Residents: Contact your national Data Protection Authority (Find your authority)
  • UK Residents: Information Commissioner's Office (ICO) - ico.org.uk
  • US Residents: Federal Trade Commission (FTC) - ftc.gov

We encourage you to contact us first so we can address your concerns directly before escalating to regulatory authorities.

Questions About Our Privacy Practices?

We're committed to transparency. Reach out anytime with privacy questions or concerns.

Contact Privacy Team

Return to Homepage