Legal page
How Vaulto handles account sign-in, personal data, collection information, alert and plan data, support communication, and privacy requests.
Last updated: 3 June 2026
Vaulto is operated by Jan Prochazka, Nad Ulickou 275, 252 65 Holubice, Czech Republic, Company ID: 01314955, VAT ID: CZ8909230319.
For privacy questions or requests, contact us at support@paprikadad.com or by phone at +420 608887977.
We may process account information, email addresses, sign-in identifiers, authentication provider identifiers, collection data, item details, alert and plan data, tester application data, purchase or subscription status, support communication, and technical or diagnostic data that is necessary to operate, secure, and improve the service.
Collection, alert, and plan data may include information you choose to enter into Vaulto, such as item names, categories, notes, quantities, links, dates, budgets, checklist items, and approximate value information.
Vaulto supports account access by email and password, Google sign-in, and Apple sign-in. For email and password accounts, Vaulto does not store your password in readable form and does not have access to your password in readable form.
Account authentication, password handling, verification emails, and password reset emails are provided through Supabase authentication infrastructure. If we later use a separate email delivery provider for account emails, this policy will be updated to describe that provider where required.
We process data to provide Vaulto, create and maintain user accounts, authenticate sign-ins, send verification and password reset emails, store and display collection information, respond to support requests, protect the service, and meet applicable legal obligations.
Depending on the context, processing may be based on performance of a contract, legitimate interests in operating and securing the service, compliance with legal obligations, or consent where required by applicable law.
We keep personal data only for as long as reasonably necessary for the purposes described in this policy, unless a longer retention period is required by law or needed to resolve disputes or protect legal rights.
Account, collection, item, alert, and plan data is generally kept while your account is active. If you request account deletion, we delete or anonymize related data where technically and legally possible, except information that must be retained for legal, tax, accounting, security, or dispute-resolution reasons.
Vaulto uses Supabase for backend infrastructure such as authentication, database, storage, and related server-side functions. Supabase may process account data, email addresses, authentication identifiers, password reset and verification email events, collection records, item details, photos, alerts, plans, and technical records needed to operate the service.
Vaulto uses RevenueCat to manage subscriptions and premium access. RevenueCat may process purchase identifiers, entitlement status, subscription status, product identifiers, and related app or device information needed to verify premium access.
If you sign in with Apple or Google, the relevant provider may process authentication information according to its own privacy terms. Vaulto receives the information needed to create or access your account, such as a provider user identifier and, where provided, an email address.
Vaulto may use Expo and EAS Updates to deliver app updates and maintain the application. These services may process technical information such as app version, platform, device or installation identifiers, update status, and logs required to deliver and troubleshoot updates.
On iOS and Android, purchases and subscriptions may also be processed by Apple App Store or Google Play. These platforms handle payment information under their own terms; Vaulto receives purchase or entitlement information needed to unlock premium features.
Under applicable law, you may have the right to request access to your personal data, correction, deletion, restriction of processing, objection to processing, or data portability.
To exercise privacy rights, contact support@paprikadad.com. We may ask for information needed to verify your identity and locate the relevant account before processing the request.
