Privacy Policy

1. Who We Are

ClientVault is a credential management tool built for Chartered Accountant firms in India. It is operated by ClientVault ("we", "our", "us"). For questions, contact us at privacy@clientvault.in.

2. Information We Collect

Account information: When you sign up, we collect your name, email address, and firm name.

Client credentials: Usernames and passwords you store for your clients' government portals. These are encrypted with AES-256-GCM using keys derived from your account before being written to our database. We cannot read them.

Usage data: Autofill events (which portal, which client, when) are logged for your firm's audit trail. This data is only visible to your firm's owner and admins.

Technical data: Browser type, IP address, and error logs collected automatically for security and debugging.

3. How We Use Your Information

• To provide the ClientVault service — autofill, credential management, team access
• To send transactional emails (invites, trial reminders, billing receipts)
• To detect and prevent fraud or unauthorised access
• To improve the product based on anonymised usage patterns

We do not use your data for advertising or sell it to third parties.

4. Data Storage and Security

All data is stored on Google Cloud (Firebase/Firestore) in the asia-south1 (Mumbai) region.

Client credentials are encrypted client-side with AES-256-GCM before transmission. Encryption keys are derived from your Firebase Auth token and never stored in plain form on our servers.

Access to your firm's data is protected by Firestore security rules — only authenticated members of your firm can read or write your data.

5. Data Sharing

We share data only with the following sub-processors, strictly to deliver the service:

• Google Firebase — authentication, database, hosting
• Resend — transactional email delivery
• Dodo Payments — payment processing (billing data only)

We never sell, rent, or share your data with any other party.

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all firm data including encrypted credentials and audit logs will be permanently deleted within 30 days.

Audit logs on the Free plan are retained for 1 day. Pro and Enterprise plans retain full history.

7. Your Rights

• Access: Request a copy of all data we hold about you
• Correction: Update incorrect information
• Deletion: Request deletion of your account and all associated data
• Portability: Export your client list and audit logs

To exercise any of these rights, email privacy@clientvault.in.

8. Cookies

We use only essential cookies required for authentication (Firebase Auth session). We do not use tracking or advertising cookies.

9. Changes to This Policy

We may update this policy as the product evolves. We will notify you by email and by posting a notice in the app at least 14 days before material changes take effect.

10. Contact