Privacy Policy

For users of our cloud platform, data is processed on secure servers located in the European Union. VaultAI acts as a data processor on behalf of our customers.

• All data is hosted on EU-based servers (GDPR-compliant)
• End-to-end encryption for data in transit and at rest
• Regular security audits and updates
• VaultAI administrators may access data for maintenance purposes (under NDA when required)

For our self-hosted solution deployed on customer infrastructure:

• All data remains within your infrastructure
• VaultAI does not have access to your data unless explicitly granted for support purposes
• You are the data controller for all information processed within your instance
• We may collect minimal telemetry data for license validation and service monitoring (see Section 10)

• Account information (name, email address)
• Usage logs and platform interactions
• Technical information (browser type, device information)
• Payment information (processed by our payment provider)

Documents and files you upload to VaultAI for analysis and processing, including but not limited to:

• PDFs, Word documents, Excel spreadsheets
• Images and presentations
• Text files and code
• Any other files you choose to upload

When you authorize VaultAI to connect to third-party services, we access data with your explicit consent:

• Google Drive: User files (read-only access)
• Notion: User pages and databases (read-only access)
• SharePoint / OneDrive: User files (read-only access)
• Google Calendar: Events, participants, meeting links (read-only access)
• Gmail: Emails (read-only access) — planned feature
• Outlook Calendar: Events and meetings (read-only access) — planned feature

Important: VaultAI operates in read-only mode for all third-party integrations. We do not modify or delete any files in your connected services.

When you use our meeting transcription feature, we collect:

• Video recordings (configurable — can be disabled)
• Audio recordings (configurable — can be audio-only or disabled)
• Automatic transcriptions
• AI-generated summaries and action items

You have full control over recording settings and can choose to capture video + audio, audio only, or transcription only.

To provide personalized assistance, VaultAI stores:

• User preferences and settings
• Project context and notes
• Conversation history with the AI assistant
• Custom instructions and prompts

You have full control over this memory and can view, modify, or delete any stored memories at any time.

When you use web search features within VaultAI, we process:

• Search queries submitted through our interface
• Search results retrieved from standard search engines

For certain features (especially the Legal Module), VaultAI may access public data sources:

• Pappers: French company data (paid API — Pappers is the data controller for this data)
• Judilibre: French case law database (public database)
• Légifrance: French laws and regulations (public database)

To provide AI capabilities, we may share data with AI model providers:

• OpenAI (GPT models)
• Anthropic (Claude models)
• Google (Gemini models)
• Mistral AI
• Other AI providers as selected by you

Important: VaultAI does not use data obtained through Google Workspace APIs to develop, improve, or train generalized AI and/or ML models. Data accessed via Google Workspace APIs is used solely for providing the specific functionalities of our application as described in our Terms of Service.

We may share data with essential service providers:

• Cloud hosting providers (EU-based)
• Payment processors
• Analytics services (anonymized data only)

We do not sell, rent, or share your personal data with third parties for commercial or advertising purposes.

We may disclose data when required by law, court order, or to protect our legal rights.

We retain your data for as long as your account is active and as needed to provide our services.

After account termination or subscription cancellation:

• Your data is retained for 90 days to allow for data export and account reactivation
• After 90 days, all personal data is permanently deleted from our active systems
• Backup copies may be retained for up to 180 days for disaster recovery purposes

You may request immediate deletion of your data at any time by contacting us at hello@vaultai.eu. We will process such requests within 30 days.

You can disconnect any third-party integration (Google Drive, Notion, SharePoint, etc.) at any time through your account settings. Upon disconnection:

• Access tokens are immediately revoked
• Indexed data from that integration is deleted within 24 hours
• You can reconnect at any time with a new authorization

You have full control over the AI conversational memory:

• View all stored memories in your account settings
• Modify or correct any memory
• Delete individual memories or clear all memory
• Disable memory feature entirely

To exercise any of these rights, please contact us at hello@vaultai.eu. We will respond to your request within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the French data protection authority (CNIL):

• CNIL — Commission Nationale de l'Informatique et des Libertés
• 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
• Website: www.cnil.fr