vaultbase

Privacy Policy

Last updated: April 2026

What we collect

When you create a VaultBase Cloud account, we collect your email address and display name. Payment information is processed by Stripe — we never see or store your card details.

Your vault content (markdown files, decision traces, and all knowledge base data) is stored on our servers when using VaultBase Cloud. Self-hosted users' data stays entirely on their own infrastructure.

How we use your data

  • Provide the VaultBase service (sync, RBAC, search, MCP access)
  • Send transactional emails (verification, invites, password reset)
  • Process payments via Stripe
  • Calculate storage usage for billing

We do not sell your data. We do not use your vault content to train AI models. We do not share your data with third parties except as needed to provide the service (Stripe for payments, AWS SES for email).

Data isolation

Each VaultBase Cloud tenant has its own isolated SQLite database and vault directory. There is no shared database between tenants. Your data cannot be accessed by other customers.

Data retention

Your data is retained for the duration of your subscription. Upon cancellation, your data is preserved for 30 days (grace period), then archived to cold storage for 90 days, then permanently deleted.

You can export your vault at any time — it's plain markdown files.

Security

  • TLS encryption in transit (HTTPS everywhere)
  • Encrypted storage volumes at rest
  • Passwords hashed with bcrypt
  • API keys hashed with SHA-256 (we never store plaintext keys)
  • Per-tenant database and filesystem isolation
  • Full audit log of all access and modifications

Self-hosted

If you self-host VaultBase, your data never touches our servers. We have no access to self-hosted instances. This privacy policy applies only to VaultBase Cloud.

Contact

Questions about privacy: privacy@getvaultbase.com