9Vault, LLC, a South Dakota limited liability company ("9Vault", "we", "us", or "our"), operates the 9Vault web application at app.9vault.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. It should be read together with our Terms of Service.

1. Information We Collect

Account Information. When you register, we collect your name, email address, and a password (hashed and salted — never stored in plain text), along with your role, organization/team, and plan selection.

Five9 Credentials. If you store Five9 API credentials in 9Vault, their secret values are encrypted at rest using AES-256 with a user-specific derived key. We cannot read your Five9 passwords in plain text.

Configuration Data. When you connect an environment and use the Service, we read, process, and (when you direct it) store configuration from that environment — for example skills, campaigns, users, dispositions, IVR/Studio scripts, prompts, numbers/DNIS, and call lists — along with the backups, exports, comparisons, and manifests generated from it. This may include the business contact details of agents and administrators within your environment. We process it on your behalf to provide the Service.

Team & Invitation Data. Email addresses and roles of colleagues you invite, and the access and approval settings you configure.

Authentication Data. Multi-factor authentication (MFA) enrollment status and verification codes used at sign-in.

Usage & Audit Data. Records of actions taken in the Service (such as logins, backups, restores, edits, and policy changes), plus standard server logs including IP address, browser type, pages visited, and timestamps. These are used for security monitoring, audit, and service improvement.

Cookies & Session Data. We use session cookies to keep you authenticated and a bot-prevention challenge (Cloudflare Turnstile) during registration. See our Cookie Policy for details.

2. How We Use Your Information

We do not sell your personal information, and we do not use your configuration data for advertising.

3. Data Storage & Security

Your data is hosted on Google Cloud Platform (GCP) infrastructure. We implement industry-standard security measures including:

No method of transmission or storage is completely secure. You play a critical role in protecting your data: keep your credentials confidential, enable MFA, manage team roles carefully, review your audit logs, and notify us immediately at support@9vault.io if you suspect unauthorized access. As described in our Terms of Service, activity performed through valid credentials is treated as authorized by you.

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only with the service providers (subprocessors) needed to operate the Service, under confidentiality and data-protection obligations:

ProviderPurposeData involved
Google Cloud PlatformApplication hosting, database, and storage of backups, exports, and artifactsAccount data, configuration data, logs
Five9, Inc.Performing the operations you request against your environment Your credentials and configuration data (transmitted to the Five9 API)
MailgunTransactional email deliveryEmail address, message content
Cloudflare (Turnstile)Bot/abuse prevention during registrationIP address, device signals

We may also disclose information if required by law, subpoena, or court order, to enforce our Terms, to protect the rights, safety, or security of users or the public, or in connection with a merger, acquisition, or sale of assets (subject to this Policy). Connected platforms such as Five9 are independent third parties governed by their own privacy terms; we are not responsible for their practices.

5. Data Retention

Account data is retained for as long as your account is active. Backup files are retained according to your configured retention policy and our operational and legal needs. When you delete your account, we remove your personal data and stored credentials within 30 days, except where retention is required by law or to resolve disputes. Anonymized usage statistics may be retained indefinitely. You can export data you wish to keep before closing your account.

6. Legal Bases (EEA/UK)

Where the EU/UK GDPR applies, we rely on: performance of a contract (to provide the Service); legitimate interests (to secure, support, and improve the Service and prevent abuse); consent (where required); and legal obligation (to comply with law). For configuration data processed on your behalf, you are the controller and we act on your instructions as processor.

7. Your Rights

Depending on where you live, you may have the right to:

Residents of the EEA/UK have rights under the GDPR; California residents have rights under the CCPA/CPRA, including the right to know, delete, and correct, and to not be discriminated against for exercising those rights (we do not sell or "share" personal information for cross-context behavioral advertising). To exercise any of these rights, contact us at privacy@9vault.io. If you are a member of a team, certain requests may be directed to your account owner (controller). You may also lodge a complaint with your local data-protection authority.

8. International Data Transfers

We and our subprocessors may process information in countries other than your own, including the United States. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers. By using the Service, you understand that your information may be transferred to and processed in these locations.

9. Children's Privacy

9Vault is intended for business use by adults and is not directed at individuals under 18. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date, and, where appropriate, by email or in-app notice. Continued use of the service after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@9vault.io.