Vaultix

Privacy Policy

Last updated: May 31, 2026 · Version 1.0

Quick summary · Vaultix is built on one principle: we can't see your data. Nor do we want to. This policy tells you exactly what information we handle, how and why — without unnecessary legal jargon.

If you only have 30 seconds:

1. Who we are

Vaultix is an application developed by Vaultix, based in Valencia, Spain, complying with the EU General Data Protection Regulation (GDPR).

Data controller contact: info@transformtoapp.com

2. What data we collect and why

2.1 Data we NEVER collect

2.2 Data we collect ONLY if you choose to enable cloud sync

For your vault to sync between devices we need:

DataWhyWhere it's stored
EmailIdentify your sync accountFirebase Auth
Authentication hashVerify it's you when you sign inFirebase Auth
Encrypted blob of your vaultStore it so you can download it on other devicesCloud Firestore

Key note: the "authentication hash" is what we send to Firebase Auth as your "password" from Firebase's perspective. It's the result of PBKDF2 over your master password with 210,000 iterations. We never see your master password.

The "encrypted vault blob" is your entire vault passed through AES-256-GCM with a key derived from your master password. The blob is impossible to decrypt without your master password, and that key never leaves your device.

2.3 Family Vault

If you activate the family vault, we generate a public ID (not secret) that serves to locate your vault in Firestore. The family vault passphrase is generated on your device and is NEVER sent to the server. Family items are encrypted with that passphrase before being uploaded.

2.4 In-app purchases (Vaultix Pro)

Subscription management is handled by Apple via StoreKit. Vaultix only receives from Apple an "active / not active" indicator via RevenueCat. We have no access to your card, nor to your purchase history outside the app.

2.5 Diagnostics / Crashes

Starting with v1.0, if the app crashes we send a report to Firebase Crashlytics. That report does NOT include the content of your vault, your PIN, your passwords, or any identifying data about you. It only includes the error trace (which line of code failed, which device, which iOS version). You can disable sending in Settings → Privacy → Diagnostics.

3. How we protect your data

4. Do we share your data with third parties?

To make the app work:

For nothing else:

5. How long do we keep your data?

6. Your rights (GDPR)

As an EU / EEA resident you have the right to:

7. Minors

Vaultix is not directed at children under 13. We do not knowingly collect data from minors. If you discover that a child under 13 has created a sync account, contact us and we will delete it.

8. Changes to this policy

If we change this policy, we will notify you inside the app before it takes effect. The "last updated" date above always reflects the current version.

9. Contact

Email: info@transformtoapp.com
Postal address: Valencia, Spain
Data Protection Officer: info@transformtoapp.com