Privacy Policy
Last updated: June 14, 2026
The short version: CorpVault stores company login credentials securely to enable autofill for your team. We never sell your data, never show passwords to employees, and you can delete everything at any time.
1. What We Collect
When you use CorpVault, we collect the following information:
- Account information: Company name, administrator email address, and encrypted password hash used to authenticate admins.
- Credentials you add: Website URLs, usernames, and passwords you store in your vault. Passwords are encrypted with AES-256-GCM before being stored on our servers.
- Authentication tokens: Session tokens stored locally on your device to keep you logged in between browser sessions.
2. What We Do NOT Collect
- We do not collect browsing history or the websites employees visit
- We do not collect personal information about employees beyond their use of the autofill feature
- We do not collect payment card details (payments are handled by Stripe)
- We do not collect health, location, or any other personal data
- We do not use cookies for tracking or advertising
3. How We Use Your Data
We use the data we collect solely to:
- Authenticate admin accounts and maintain secure sessions
- Store and retrieve encrypted credentials for autofill
- Process subscription payments via Stripe
- Provide customer support when requested
We never use your data for advertising, marketing profiling, or any purpose unrelated to providing the CorpVault service.
4. How We Protect Your Data
- Encryption at rest: All passwords are encrypted using AES-256-GCM before being stored. Your encryption key is derived from your admin credentials and is never stored in plaintext.
- Encryption in transit: All data is transmitted over HTTPS/TLS.
- Employee access controls: Employees can trigger autofill but can never read, copy, or view stored passwords through any method.
- No plaintext passwords: We never store or transmit passwords in plaintext at any point.
5. Data Sharing
We do not sell, rent, or share your data with third parties, except:
- Stripe: Our payment processor handles billing. Stripe's privacy policy applies to payment data.
- Railway: Our hosting provider stores encrypted data on secure servers.
- Legal requirements: We may disclose data if required by law or to protect our legal rights.
6. Data Retention
We retain your data for as long as your account is active. When you cancel your subscription or delete your account, all associated credentials and account data are permanently deleted from our servers within 30 days.
7. Your Rights
You have the right to:
- Access all data stored in your CorpVault account at any time via the admin panel
- Delete any or all credentials from your vault at any time
- Request complete deletion of your account and all associated data
- Export your credential list (usernames only — passwords are encrypted)
8. Children's Privacy
CorpVault is a business tool intended for use by adults and business entities. We do not knowingly collect data from anyone under the age of 18.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify active customers of any material changes via email. Continued use of CorpVault after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have any questions about this privacy policy or how we handle your data, please contact us at:
privacy@corpvault.app
corpvault.app