Privacy Policy
Política de Privacidade
Effective Date: January 15, 2026
Last Updated: January 15, 2026
🌍 Multi-Jurisdictional Compliance:
This Privacy Policy complies with GDPR (EU), LGPD (Brazil), CCPA (California), PIPEDA (Canada),
and other international data protection laws.
1. Introduction
Welcome to The Dollar Vault ("we," "us," "our," or "the Service").
We are committed to protecting your privacy and personal data. This Privacy Policy explains:
- What information we collect
- How we use, store, and protect that information
- Your rights regarding your personal data
- How we comply with international data protection laws
By using The Dollar Vault, you agree to this Privacy Policy.
If you do not agree, please do not use our Service.
2. Data Controller & Contact
For purposes of GDPR and other applicable data protection laws, the data controller is:
3. Information We Collect
3.1 Information You Provide
- Vault Content: Titles and content you create when locking vaults
- Session Data: Automatically generated session IDs to maintain your wallet balance
- Transaction History: Records of your purchases, vault openings, and fund additions
3.2 Payment Information
When you add funds via Stripe, we do NOT collect or store your payment card information.
All payment data is processed directly by Stripe, a PCI-DSS Level 1 certified payment processor.
We only receive:
- Transaction confirmation (success/failure)
- Transaction amount
- Stripe session ID (for reference)
- Payment method type (e.g., "card")
3.3 Automatically Collected Information
We collect MINIMAL technical data:
- Session ID: A unique identifier stored in your browser cookies (PHP session)
- Timestamps: When you create vaults, make transactions, or access the service
⚠️ What We DO NOT Collect:
- Your name, email, phone number, or postal address
- IP addresses (not logged)
- Browser fingerprints or device information
- Geolocation data
- Cookies for advertising or tracking
- Social media profiles or third-party account data
4. Legal Basis for Processing (GDPR)
We process your data based on:
-
Contract Performance (Art. 6(1)(b) GDPR):
To provide the Service, process transactions, and maintain your wallet balance.
-
Legitimate Interest (Art. 6(1)(f) GDPR):
To prevent fraud, ensure security, and improve the Service.
-
Legal Obligation (Art. 6(1)(c) GDPR):
To comply with payment processing regulations and tax laws.
5. How We Use Your Information
We use collected data ONLY for:
- Service Operation: Maintaining your wallet, processing transactions, displaying vaults
- Payment Processing: Facilitating payments through Stripe
- Security: Detecting and preventing fraud, abuse, or unauthorized access
- Legal Compliance: Meeting legal obligations (taxes, financial regulations)
- Service Improvement: Anonymous analytics to improve user experience
✅ We DO NOT:
- Sell, rent, or share your data with third parties for marketing
- Use your data for targeted advertising
- Create user profiles for commercial purposes
- Share data with data brokers or affiliates
6. Data Sharing & Third Parties
6.1 Payment Processor - Stripe
We use Stripe (Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA)
for payment processing. When you add funds:
- You are redirected to Stripe's secure checkout
- Stripe collects payment information directly (not us)
- Stripe's Privacy Policy applies: stripe.com/privacy
- Stripe is PCI-DSS Level 1 compliant
6.2 Legal Disclosure
We may disclose information if required by law:
- Court orders, subpoenas, or legal processes
- Fraud investigations or law enforcement requests
- Protection of our rights, property, or safety
6.3 No Other Third Parties
We do NOT share your data with analytics companies, advertisers, social networks, or any other third parties.
7. Data Retention
-
Session Data: Retained while your browser session is active.
Deleted when you clear cookies or after 30 days of inactivity.
-
Vault Content: Stored indefinitely as it becomes public once opened.
You can request deletion (see Section 9).
-
Transaction Records: Retained for 7 years for tax/legal compliance, then deleted.
-
Payment Data: Stored by Stripe per their retention policy (not by us).
8. Data Security
We implement industry-standard security measures:
- Encryption: HTTPS/TLS for all data transmission
- Database Security: Encrypted storage, access controls, regular backups
- SQL Injection Protection: Prepared statements (PDO)
- XSS Protection: Input sanitization and output encoding
- Access Controls: Limited personnel access to databases
- Regular Updates: Software and security patches applied promptly
Note: While we strive to protect your data, no system is 100% secure.
Use the Service at your own risk and do not share genuinely sensitive information.
9. Your Rights (GDPR, LGPD, CCPA)
Depending on your location, you have the following rights:
🇪🇺 GDPR Rights (EU/EEA)
- Access (Art. 15): Request a copy of your data
- Rectification (Art. 16): Correct inaccurate data
- Erasure (Art. 17 - "Right to be Forgotten"): Delete your data
- Restriction (Art. 18): Limit processing of your data
- Data Portability (Art. 20): Receive data in machine-readable format
- Object (Art. 21): Object to processing based on legitimate interest
- Lodge Complaint: File complaint with your supervisory authority
🇧🇷 LGPD Rights (Brazil)
- Confirmation of data processing
- Access to your data
- Correction of incomplete/inaccurate data
- Anonymization, blocking, or deletion
- Data portability
- Information about third-party sharing
- Revoke consent
🇺🇸 CCPA Rights (California)
- Right to Know: What personal information we collect
- Right to Delete: Request deletion of your data
- Right to Opt-Out: We don't sell data (N/A)
- Right to Non-Discrimination: Equal service regardless of rights exercise
How to Exercise Your Rights:
Contact us at: privacy@thedollarvault.com
We will respond within 30 days (GDPR/LGPD) or 45 days (CCPA).
We may request verification of your identity before processing requests.
10. Cookies & Tracking
We use ONLY essential cookies:
- PHP Session Cookie (PHPSESSID): Maintains your wallet and session state
- Stripe Cookie: Used during checkout (managed by Stripe)
✅ We DO NOT use:
- Advertising cookies
- Analytics cookies (Google Analytics, etc.)
- Social media tracking pixels
- Third-party tracking technologies
You can disable cookies in your browser, but this will prevent the Service from functioning.
11. International Data Transfers
Our servers may be located in various countries. When you use the Service, your data may be transferred
to and processed in countries outside your residence.
For EU/EEA users: Transfers to non-EU countries are protected by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for certain countries
- Stripe's data processing agreement
12. Children's Privacy
⚠️ The Dollar Vault is NOT intended for children under 18 (or under 16 in the EU).
We do not knowingly collect data from minors. If you believe a child has provided data to us,
contact us immediately at privacy@thedollarvault.com,
and we will delete it.
13. "Do Not Track" Signals
We do not track users across websites. Since we don't use tracking technologies,
Do Not Track (DNT) browser signals do not apply to our Service.
14. California "Shine the Light" Law
California residents may request information about personal data shared with third parties for marketing purposes.
We DO NOT share data for marketing purposes.
15. Changes to This Privacy Policy
We may update this Policy from time to time. Changes will be posted on this page with a new "Last Updated" date.
Continued use of the Service after changes constitutes acceptance of the updated Policy.
For material changes, we will provide prominent notice on the Service.
16. Contact Us
For questions, concerns, or to exercise your rights, contact:
17. Supervisory Authorities
EU/EEA users: Right to lodge complaint with your national data protection authority:
Brazil users: ANPD (Autoridade Nacional de Proteção de Dados)
← Back to The Dollar Vault •
Terms of Service •
FAQ
© 2026 The Dollar Vault. All rights reserved.