Vulu VaultBack to Home

Privacy Policy

Last updated: February 18, 2026

1. Introduction

Vulu Vault ("we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform for compliance management and document collaboration.

By using Vulu Vault, you consent to the data practices described in this policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, company name, and password.
  • Business Data: Entity details, department structures, employee information as configured by your organization.
  • Documents: Files you upload to the platform for compliance and collaboration purposes.
  • Communications: Comments, task updates, and mentions within the platform.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, and actions taken within the platform.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: Essential authentication cookies and optional analytics cookies (with your consent).

3. How We Use Your Information

  • Provide, maintain, and improve our services
  • Authenticate users and maintain session security
  • Send notifications related to your account and tasks
  • Monitor platform performance and fix errors (via Sentry, with consent)
  • Comply with legal obligations and enforce our terms
  • Respond to support requests

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Compliance documents may be subject to configurable retention policies set by your organization. After account deletion, personal data is anonymized within 30 days, though audit logs may be retained for legal compliance purposes.

5. Cookies

We use the following categories of cookies:

  • Essential Cookies: Required for authentication and security (access_token, refresh_token). These cannot be disabled.
  • Analytics Cookies: Used for error tracking and performance monitoring via Sentry. These require your explicit consent.
  • Marketing Cookies: Currently not used. We will request consent before introducing any.

You can manage your cookie preferences at any time through the cookie consent banner or your account settings.

6. Data Sharing

We do not sell your personal data. We may share information with:

  • Service Providers: Cloud infrastructure (Vercel, Cloudflare, Neon) for hosting and storage.
  • Within Your Organization: Data is shared within your tenant as configured by your administrators.
  • Legal Requirements: When required by law, regulation, or legal process.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate personal data via your profile settings.
  • Erasure: Request deletion of your account and personal data.
  • Data Portability: Export your data in a machine-readable format.
  • Withdraw Consent: Withdraw consent for analytics cookies at any time.

You can exercise these rights through your account settings under Privacy, or by contacting us at privacy@vuluvault.com.

8. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (provider-level AES-256)
  • Password hashing (bcrypt)
  • Multi-factor authentication support
  • Role-based access control with tenant isolation
  • Comprehensive audit logging

9. Contact Us

For privacy-related inquiries, please contact our Data Protection Officer:

  • Email: privacy@vuluvault.com
  • Subject: Privacy Inquiry