9Vault ("we", "us", or "our") operates the 9Vault web application at app.9vault.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
1. Information We Collect
Account Information. When you register, we collect your name, email address, and a password (hashed and salted — never stored in plain text).
Five9 Credentials. If you store Five9 API credentials in 9Vault, they are encrypted at rest using AES-256 with a user-specific derived key. We cannot read your Five9 passwords.
Usage Data. We automatically collect standard server logs including IP address, browser type, pages visited, and timestamps. These logs are used for security monitoring and service improvement.
Cookies & Session Data. We use session cookies to keep you authenticated. See our Cookie Policy for details.
2. How We Use Your Information
- To provide, operate, and maintain the 9Vault service
- To authenticate you and manage your account
- To connect to the Five9 API on your behalf using your stored credentials
- To execute scheduled backup jobs and export tasks you configure
- To send transactional emails (job notifications, password resets, account alerts)
- To monitor for security threats and prevent abuse
- To improve and develop new features
3. Data Storage & Security
Your data is hosted on Google Cloud Platform (GCP) infrastructure. We implement industry-standard security measures including:
- AES-256 encryption for stored Five9 credentials
- HTTPS/TLS for all data in transit
- Server-side session management with secure, HTTP-only cookies
- Role-based access control within the application
- Regular security updates and dependency audits
4. Data Sharing & Third Parties
We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:
- Five9 API: Your credentials are transmitted directly to Five9's servers to perform the operations you request (backups, exports, configuration reads/writes).
- Infrastructure providers: Google Cloud Platform hosts our application and stores backup data. GCP acts as a data processor under our control.
- Email delivery: We use Mailgun to send transactional notifications. Only your email address and message content are shared.
- Legal requirements: We may disclose information if required by law, subpoena, or court order.
5. Data Retention
Account data is retained for as long as your account is active. Backup files are retained according to your configured retention policy. When you delete your account, we remove your personal data and stored credentials within 30 days. Anonymized usage statistics may be retained indefinitely.
6. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate information
- Request deletion of your account and associated data
- Export your data in a portable format
- Withdraw consent for optional data processing
To exercise any of these rights, contact us at privacy@9vault.io.
7. Children's Privacy
9Vault is not directed at individuals under 18. We do not knowingly collect personal information from minors.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance.
9. Contact Us
If you have questions about this Privacy Policy, please contact us at privacy@9vault.io.