Privacy Policy

This Privacy Policy describes how Credit Vault LLC ("Credit Vault," "we," "us," or "our") collects, uses, discloses, and protects information in connection with the websites, applications, products, and services we provide, including creditvaultapp.com and mycreditvault.io (collectively, the "Service").

This Privacy Policy applies to:

• visitors to our marketing website;
• people who submit demo requests or other lead forms;
• business customers who create and use accounts; and
• data processed through the Service on behalf of business customers.

If you do not agree with this Privacy Policy, do not use the Service.

1. Scope; Business Customer Data

The Service is designed for business customers such as trading card shops, collectibles stores, and independent vendors.

In many cases, our business customers enter, upload, or manage information about their own customers, employees, and business operations. When we process that information on behalf of a business customer, we do so as a service provider, processor, vendor, or similar role, as applicable under law and any applicable Data Processing Addendum.

Our business customers are responsible for:

• providing their own privacy notices;
• obtaining necessary rights, consents, and authorizations;
• responding to requests from their own customers or employees;
• determining the legal basis for collection and use; and
• complying with applicable privacy and consumer protection laws.

2. Information We Collect

2.1 Information Collected from Website Visitors and Leads

We may collect:

• name;
• email address;
• phone number;
• business or shop name;
• tier of interest or similar information;
• messages or form submissions;
• scheduling information;
• IP address;
• browser type;
• device information;
• cookie identifiers; and
• other technical or usage data.

2.2 Information Collected from Business Account Holders

We may collect:

• username;
• password and password hash;
• account role or permissions;
• store or tenant association;
• login history;
• authentication activity;
• billing and subscription information;
• support communications; and
• any other information submitted through the Service.

2.3 Information About End Customers Entered by Business Users

Business customers may submit information about their own customers, including:

• name;
• phone number;
• notes, which may include email addresses or other contact details;
• trade-in history;
• store-credit balances;
• redemption history;
• transaction history;
• inventory or pricing information; and
• related operational records.

2.4 Automatically Collected Information

We and our service providers may automatically collect:

• IP address;
• device and browser type;
• pages viewed;
• session and usage data;
• referral data;
• cookie and similar tracking data;
• timestamps; and
• log data.

3. How We Use Information

We may use information to:

• provide, maintain, and improve the Service;
• create and administer accounts;
• process subscriptions and payments;
• manage customer support;
• schedule demos and respond to inquiries;
• send transactional and operational communications;
• monitor security and prevent fraud or abuse;
• maintain store-credit ledgers and operational records;
• generate reporting and analytics;
• comply with law and enforce our rights; and
• create aggregated or de-identified data.

4. How We Share Information

We may share information with:

• service providers and subprocessors that host, store, process, support, or secure the Service;
• payment processors such as Stripe, if and when payments are processed through them;
• scheduling tools such as Calendly;
• email and productivity providers such as Google Workspace;
• hosting and deployment providers such as Vercel;
• database, authentication, and storage providers such as Supabase;
• pricing, grading, or market data providers such as PriceCharting, eBay, PSA, or CGC, to the extent used in the Service;
• shipping providers such as EasyPost, if used;
• legal, compliance, and safety recipients when disclosure is necessary to protect rights, comply with law, or respond to lawful requests; and
• successors in connection with a merger, acquisition, financing, or sale of assets.

We may also disclose information:

• with your direction or consent;
• to enforce our Terms or protect the Service;
• to prevent fraud, security issues, or illegal activity; and
• as otherwise permitted by law.

5. Stripe and Payment Information

If payment processing is enabled, payment information is handled by our third-party payment processor, currently expected to be Stripe, and not stored by Credit Vault except as needed for billing records, fraud prevention, or reconciliation.

Payment processors may collect and use payment information according to their own privacy policies and terms.

6. Cookies and Tracking

We use cookies and similar technologies for:

• basic site operation;
• remembering consent choices;
• security;
• session management; and
• usage analysis, if enabled.

Some third-party tools may also place cookies or similar identifiers when you use embedded scheduling or other integrated services.

You can manage certain cookie settings through your browser or device settings. However, disabling cookies may affect functionality.

7. Data Retention

We retain information for as long as reasonably necessary to:

• provide the Service;
• comply with legal obligations;
• resolve disputes;
• enforce agreements; and
• maintain security and audit logs.

Retention periods vary based on the type of data, the nature of the relationship, legal obligations, and operational needs.

When a business customer closes its account, we may retain data for a period of time to:

• permit account recovery;
• address chargebacks or disputes;
• comply with legal obligations; or
• support legitimate business records, audit, and security functions.

We may delete or anonymize data at our discretion, subject to legal retention obligations and any applicable DPA.

8. Security

We use administrative, technical, and physical safeguards designed to protect information. These measures may include:

• access controls;
• role-based permissions;
• hashed passwords;
• logging and monitoring;
• least-privilege access;
• vendor due diligence; and
• other reasonable security practices.

No method of transmission or storage is completely secure. We do not guarantee absolute security.

9. Data Processing Addendum

Where required or applicable, our processing of business customer data is governed by our Data Processing Addendum, which is incorporated by reference into the applicable agreement with the business customer.

10. California Privacy Addendum

If you are a California resident, the California Privacy Addendum supplements this Privacy Policy. For business customers acting in an enterprise context, the Service is intended to be provided on a business-to-business basis, and we generally do not sell or share personal information as those terms are defined under California law, except as described in the California Addendum or as otherwise disclosed.

11. Children's Privacy

The Service is intended for business use and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have done so, we will take reasonable steps to delete such information.

12. International Users

The Service is primarily intended for users in the United States. If you access the Service from outside the United States, you understand that your information may be processed in the United States and other jurisdictions that may have different data protection laws than your home jurisdiction.

13. Your Choices and Rights

Depending on your jurisdiction and relationship to us, you may have rights to:

• access,
• correct,
• delete,
• restrict,
• object to, or
• receive a copy of certain information.

For business customer data entered by our business customers, requests should generally be directed to the relevant business customer first, because that customer determines the purposes and means of processing for its own data, subject to any applicable DPA and law.

To submit a request to Credit Vault, contact: Support@creditvaultapp.com

We may need to verify your identity and may decline requests where permitted or required by law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised effective date. Your continued use of the Service after an update becomes effective constitutes acceptance of the revised Privacy Policy to the extent permitted by law.

15. Contact Us

Credit Vault LLC
PO Box 284
Winchester, KY 40391
Support@creditvaultapp.com