Privacy Policy

Effective Date: April 25, 2026

TL;DR. Your financial data is yours. We don't sell it, run ads against it, or use it to train AI models. We store it under your account, scoped so only you (and household members you invite) can see it. Bank connections and AI chat are optional and consent-gated. You can export or delete everything at any time from inside the app.

1. Who we are

VaultKeeper ("we", "our", "us") is a personal finance application operated by Sinkoff LLC. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

For privacy questions, data requests, or to exercise any right described below, contact info@vaultkeepermoney.com.

2. What we collect

2.1 Information you provide

Account credentials — your email address and (when applicable) profile data from Sign in with Apple or Google. We never see or store your password in a readable form.
Financial data you enter — wallet names and balances, transactions (date, amount, type, note, category), categories, and scheduled transactions. All under your account.
Household membership — if you invite others or accept an invite, we store the relationship so household members can share data.
App preferences — theme, currency, app-lock passcode, two-factor secret if enabled, biometric-unlock toggle.

2.2 Information from optional integrations

Bank transactions (Plaid) — if you connect a bank, we receive transactions, account balances, and account identifiers for the accounts you authorize. Access tokens are stored on our backend and never exposed to your device.
Subscription status — if you purchase Premium, we receive subscription state (active, trial, expiration, product) from Apple via our subscription provider. We don't see your payment method.
AI chat context — only when you've explicitly opted in to VaultKeeper AI, the app sends a sanitized snapshot of your finances (wallet names, balances, category names, and your transactions) to Anthropic's Claude API to generate the response. No identifiers attached. See Section 5 for details.
Wallet share links — if you create a read-only share link for a wallet, the wallet's data is mirrored to a public-but-unguessable URL. You can revoke at any time.

2.3 Automatically collected

Crash reports — if the app crashes we collect a stack trace, device model, OS version, and an opaque user ID for diagnostics. No financial data or app content is included.
Routine request logs — our backend logs API activity (endpoint, status, rate-limit counter) for abuse prevention. Retained briefly, then discarded.
No analytics, telemetry, advertising identifiers, or behavioral tracking.

3. How we use your information

Operate the financial-tracking service across iOS and web.
Authenticate you and keep your account secure (including app-level passcode and two-factor authentication).
Sync data across your devices and, when you invite them, household members.
Import bank transactions on your request.
Process subscription payments and maintain entitlement state.
Generate AI responses about your finances (only when you've enabled AI chat).
Diagnose crashes and operational issues.
Comply with legal obligations where they apply.

We do not sell, rent, or trade your data. We do not use it to train machine-learning models. We don't display ads.

4. Service providers

VaultKeeper relies on a small number of established service providers to operate. They process data only as needed to provide their service, under contractual agreements that include GDPR-aligned data-protection terms where applicable. The user-facing ones you may interact with directly are:

Apple — Sign in with Apple (optional), in-app purchases, subscription management.
Google — Sign in with Google (optional).
Plaid — bank connectivity (only if you choose to connect a bank). Plaid handles your bank credentials directly; we never see them.
Anthropic — AI chat responses (only when you opt in). See Section 5.

Other providers handle authentication, hosting, and storage in the background. We're happy to share details on request — email info@vaultkeepermoney.com.

5. VaultKeeper AI and Anthropic

VaultKeeper AI is an optional premium feature. It lets you ask questions about your finances ("How much did I spend on groceries last month?") and uses Anthropic's Claude language model to generate the response.

5.1 Consent gating

AI chat is disabled by default. On first use you see an explicit consent prompt describing what is sent. Nothing leaves the app until you accept. You can revoke consent at any time from Settings → VaultKeeper AI; further sends are blocked until you opt back in.

5.2 What is sent

When you send an AI message, we build a sanitized text snapshot and include it in the prompt:

Today's date and your base currency
Active wallets: name, type, balance, currency code
Active expense and income category names
Your transactions: date, type, amount, category name, wallet name, note (truncated)
Your conversation history within the current session

5.3 What is never sent

Your user ID, email, or any other identifier we use internally
Household member emails or IDs
Bank-connection access tokens or account fingerprints
Wallet share tokens or authentication tokens
Internal record IDs for transactions, wallets, or categories (we send names only)
Icons, colors, or any visual metadata

5.4 Retention and training

Anthropic does not use API inputs to train its models. They retain API request data for a short trust-and-safety window before deletion. See Anthropic's privacy policy for their full terms.

5.5 Session-only history

Your AI conversations are not saved by us. When you close the chat sheet, messages are discarded. A fresh conversation starts each time you reopen the chat.

6. Data security

All data in transit is encrypted using industry-standard TLS.
Data at rest is encrypted by our infrastructure providers.
Access is governed by per-user and per-household authorization rules so your data isn't visible to other users.
Premium entitlement is managed server-side; the app cannot self-grant access to paid features.
Bank-integration access tokens are stored server-side only and never reach your device.
Optional on-device controls: app-level passcode lock, Face ID / Touch ID unlock, two-factor authentication via an authenticator app.
The app keeps an encrypted on-device cache so it works offline. The cache is scoped to the device and cleared when you sign out.
We take routine, encrypted backups of database content for disaster recovery, retained for a limited operational window.

7. Data sharing

We do not sell, rent, or share your personal data with third parties except:

Service providers as described in Section 4, solely to operate the Service.
Household members — people you invite to share a household can read and write the household's shared financial data. Subscription state and personal preferences remain per-user.
Wallet share links — if you create one, anyone with the link can view a read-only snapshot of that wallet. You control creation and revocation.
Legal requirements — we may disclose data if required by a valid legal process or applicable law.

8. Data retention

Account and financial data — retained while your account is active. Delete individual records at any time from inside the app.
Full account deletion — Settings → Delete Account permanently removes your account, your data, your bank-connection tokens, your share links, your AI rate-limit counters, and your authentication profile. The action is irreversible.
Crash reports — retained for a limited diagnostic window, then deleted.
Backend request logs — retained briefly, then discarded.
AI requests — not retained by us. Anthropic holds API requests for a short trust-and-safety window.
Backups — retained for a limited operational period; deletion requests propagate to backups in the next routine cycle.

9. Your rights

Regardless of jurisdiction, we aim to honor the following rights:

Access — Settings → Export to CSV downloads every transaction. For data not covered by CSV (preferences, subscription state), email us.
Correction — edit any wallet, transaction, or category from within the app.
Deletion — delete individual records in-app, or delete your entire account from Settings → Delete Account.
Portability — CSV export is in a machine-readable format suitable for import into other finance apps.
Objection / restriction — disconnect bank accounts, revoke AI consent, or opt out of crash reporting at any time.
Withdraw consent — revoke AI consent in Settings to stop all future data transfer to Anthropic.
Lodge a complaint — EU/UK users may lodge a complaint with a supervisory authority.

10. International transfers

Your data is processed by service providers based primarily in the United States. If you access the Service from outside the US, your data is transferred to and processed in the US. Standard Contractual Clauses apply where required under GDPR.

11. Children's privacy

VaultKeeper is rated 4+ in the App Store but is not designed for children. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where that threshold applies). If you believe a child has provided us with personal information, contact us and we will delete it.

12. Subscription payments

Premium subscriptions are processed by Apple through In-App Purchases. We don't receive or store your payment-method details — those stay with Apple. We receive only subscription status (active / inactive / in-trial) and the product ID. Cancel any time at Settings → Apple ID → Subscriptions on your iOS device.

13. Changes to this policy

We may update this policy from time to time. When changes are material, we will update the Effective Date at the top and notify users in-app. Minor edits (clarifications, typo fixes) may be made without notice.

14. Contact

For privacy questions or to exercise any right described above, email info@vaultkeepermoney.com. We respond within 30 days.