Privacy Policy

Last updated: March 11, 2026

1. Introduction

Sandy Labs operates Vault Drive (vault-drive.com), a SaaS document management platform. We are committed to protecting your privacy and being transparent about how we handle your data.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.

2. Information We Collect

Account Information

  • Name and email address
  • Password (stored securely using one-way hashing — we never store plaintext passwords)
  • Organization and team details

Billing Information

All billing and payment information is handled entirely by Paddle, our Merchant of Record. We do not store your credit card numbers, bank account details, or any other payment credentials. Paddle manages all payment processing, invoicing, and tax compliance on our behalf.

Usage Data

  • Pages visited and features used within the application
  • IP address and approximate geographic location
  • Browser type and version, operating system
  • Device type and screen resolution

Files & Documents

Your files are stored in encrypted form. We do NOT access, read, analyze, or mine your file contents. Your documents are your private property, and we treat them as such.

3. How We Use Information

We use the information we collect to:

  • Provide the service — authenticate you, store your files, and deliver the features you use
  • Process billing — coordinate with Paddle for subscription management
  • Provide support — respond to your inquiries and troubleshoot issues
  • Improve the product — understand usage patterns to build better features
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access

4. Data Processors & Third Parties

We work with the following third-party data processors:

Cloudflare

Our infrastructure provider for file storage (Cloudflare R2), CDN, and edge computing. Your files are stored in the geographic region you select during setup. Cloudflare processes data in accordance with their privacy policy and our data processing agreement.

Paddle

Our Merchant of Record for payment processing, invoicing, and tax compliance. Paddle collects and processes your payment information directly. We only receive confirmation of payment status and subscription details from Paddle.

We do NOT sell your personal data to anyone. We do not share your data with advertisers or data brokers.

5. Cookies & Tracking

  • Essential cookies only — we use cookies for session management and authentication
  • No third-party advertising cookies — we do not serve ads or allow ad trackers
  • No cross-site tracking — we do not track your activity outside of Vault Drive

6. Data Storage & Regions

  • Your files are stored in Cloudflare R2 in the geographic region you select
  • Available regions: Middle East, Europe, United States, and Asia Pacific
  • Once selected, your files remain in your chosen region unless you explicitly request a change
  • Account metadata (profile, settings) is processed globally on Cloudflare's edge network for optimal performance

7. Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of account closure.
  • Files — deleted when you delete them. Deleted files are recoverable from trash for 30 days before permanent deletion.
  • Audit logs — retained according to your plan limits (30 days for Starter, 1 year for Business, 2 years for Business Plus).

8. Your Rights

You have the following rights regarding your data:

  • Access — view all your personal data directly within the application
  • Export — download all your data at any time using our one-click full data export feature
  • Delete — delete your account and all associated data from your account settings
  • Correction — update your profile information at any time from your account settings

9. Data Security

We take the security of your data seriously and implement the following measures:

  • Encryption at rest for all stored files
  • TLS 1.3 for all data in transit
  • Role-based access controls
  • Comprehensive audit logging
  • Regular security assessments

10. Children's Privacy

Vault Drive is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child under 16 has provided us with personal data, please contact us and we will promptly delete it.

11. International Transfers

Vault Drive operates on Cloudflare's global network. While your files are stored in your selected region, account metadata may be processed across Cloudflare's global edge network to ensure fast and reliable service. Our region selection feature allows you to maintain data sovereignty over your files by keeping them in your preferred geographic location.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email. We encourage you to review this policy periodically to stay informed about how we protect your data.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

support@vault-drive.com