Overview
Plain English summary: Vaultiyo collects the data needed to run the platform and pay creators. We do not sell your personal data. We do not use it for advertising. You have rights over your data and can exercise them by emailing privacy@vaultiyo.com.
This Privacy Policy explains how Vaultiyo Ltd ("Vaultiyo", "we", "us", "our") collects, uses, stores, and protects personal data about users of our platform, including creators, subscribers, and visitors to our website at vaultiyo.com.
We are committed to protecting your privacy and handling your data transparently and responsibly, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection law.
By using Vaultiyo, you confirm that you have read this policy and understand how we process your personal data.
Who We Are
The data controller is Vaultiyo Ltd, a company incorporated in England and Wales. Our registered address and Data Protection Officer contact are provided in the Contact section at the end of this policy.
For the purposes of UK GDPR, Vaultiyo Ltd is the data controller for personal data collected through the Vaultiyo platform and website.
Data We Collect
Account Registration Data
When you create a Vaultiyo account, we collect your email address, chosen password (stored as a one-way hash), date of birth, country of residence, and account type (creator or subscriber).
Creator Identity Verification Data
Creators are required to complete identity verification before publishing content. This involves submitting a government-issued photo ID and a selfie for comparison. This data is processed by our identity verification provider and is not retained by Vaultiyo beyond the verification period, except for the verification status record.
Creator Profile Data
Creators provide a display name, username handle, profile photo, cover photo, biography, and content category. This information is displayed publicly on creator profiles.
Financial Data
- Creators: Bank account details or payment method information for payouts, processed via our payment provider. We do not store full bank account numbers.
- Subscribers: Payment card information for subscriptions, processed by Stripe. Vaultiyo does not store card numbers. We retain the last four digits and card type for display purposes only.
- Both: Transaction records including amounts, dates, and counterparties for accounting, tax, and dispute resolution purposes.
Content Data
Content uploaded by creators is stored on Vaultiyo servers. This content may include photos, videos, audio, and text. Each file is processed for watermarking before delivery to subscribers.
Communications Data
Messages sent between creators and subscribers via the Vaultiyo messaging system are stored to enable the messaging feature, resolve disputes, and enforce our Community Standards.
Usage Data
We collect data about how you use the platform, including pages visited, features used, content viewed, time and duration of sessions, and device and browser information. This data is used to improve the platform and troubleshoot issues.
Technical Data
IP addresses, device identifiers, browser type and version, operating system, and connection information are collected automatically when you use the platform.
How We Use Your Data
| Purpose | Data Used |
|---|---|
| Providing and operating the platform | Account data, content, financial data, usage data |
| Processing payments and payouts | Financial data, transaction records |
| Identity verification | ID documents, selfie, date of birth |
| Content protection and DMCA enforcement | Content data, account data |
| Customer support | Account data, communications, usage data |
| Preventing fraud and ensuring security | Technical data, usage data, financial data |
| Legal and compliance obligations | All categories as required by law |
| Platform improvement and analytics | Usage data (anonymised or aggregated) |
| Sending service notifications | Email address, account data |
We do not use your personal data for targeted advertising, and we do not sell personal data to third parties.
Legal Basis for Processing
Under UK GDPR, we rely on the following legal bases to process personal data:
- Contract performance: Processing necessary to provide the platform services you have contracted with us for, including account management, content delivery, and payment processing.
- Legal obligation: Processing required to comply with applicable law, including age verification requirements, financial reporting, and responding to lawful requests from authorities.
- Legitimate interests: Processing necessary for our legitimate interests, including fraud prevention, platform security, improving our services, and enforcing our terms, where those interests are not overridden by your rights.
- Consent: Where we rely on consent (for example, for optional marketing communications), you may withdraw your consent at any time without affecting the lawfulness of processing that took place before withdrawal.
Data Retention
We retain personal data for as long as necessary to provide the platform services and comply with our legal obligations:
- Account data: Retained for the duration of the account and for 7 years after account closure for tax and legal compliance purposes.
- Financial records: Retained for 7 years in accordance with HMRC requirements.
- Content: Deleted within 30 days of account closure at the creator's request, subject to any active legal holds.
- Identity verification records: Verification status retained for the account lifetime plus 5 years. Source documents are deleted following successful verification.
- Usage and technical data: Retained for 24 months in identifiable form, then anonymised or deleted.
- Messages: Retained for 3 years from the date of the message or until account closure, whichever is later.
Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your data where there is no lawful reason to retain it.
Right to Restriction
Ask us to limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a structured, commonly used format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
Rights re Automated Decisions
Not be subject to solely automated decisions that significantly affect you.
Right to Withdraw Consent
Withdraw consent at any time where processing is consent-based.
To exercise any of these rights, contact us at privacy@vaultiyo.com. We will respond within 30 days. If you are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
International Data Transfers
Vaultiyo primarily operates within the UK and European Economic Area. Where we transfer data outside these regions (for example, to cloud infrastructure providers), we rely on appropriate safeguards including Standard Contractual Clauses approved by the ICO and adequacy decisions.
Security
We implement technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include encryption of data in transit and at rest, access controls, regular security audits, and staff data protection training.
No system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO as required by law.
Children
Vaultiyo is not available to anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. Age verification is a condition of account creation for all users. If we become aware that we have collected personal data from a person under 18, we will delete that data immediately and close the account.
Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email and by displaying a notice on the platform at least 14 days before the changes take effect. The effective date at the top of this document will always reflect the current version.
Continued use of the platform after the effective date of an updated policy constitutes your acceptance of the changes.
Contact Us
For any questions about this policy or to exercise your data rights, contact:
Data Protection Officer
Email: privacy@vaultiyo.com
Post: Data Protection Officer, Vaultiyo Ltd, [Registered Address], United Kingdom
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113