Privacy Policy

The data controller responsible for your personal data is Vault Business LLC, which operates the VaultElite platform (vault-elite.com, futures.vault-elite.com).

For all privacy queries, including requests to exercise the rights set out below, contact us at support@vault-elite.com.

This Policy explains how we process personal data of users of the VaultElite platform — including the Spot and Futures engine software, the marketing website, and the Vault Business single sign-on flow that authenticates VaultElite users.

We collect and process the following categories of personal data:

• Account & identification data: name, email address, profile photo (avatar), Vault Business user ID, role/tier.
• Authentication data: SSO access tokens, refresh tokens, session expiry timestamps, IP address used to authenticate.
• Exchange-connection data: the exchanges you connect, encrypted API keys, the read/trade permissions you grant, and metadata about each connected account. We never store withdrawal-enabled keys; users must configure trade-only permissions.
• Trading-activity data: orders the engine submits on your behalf, fills, realised PnL, balances reported by the exchange, and engine telemetry. This data is used solely to operate the engine and provide your dashboard.
• Licence & billing data: the licence tier(s) you have acquired, activation timestamps, licence status, and licence-cap utilisation. Payment is processed on the Vault Business store; we do not store full payment instrument data.
• Support & communication data: emails and messages you send to support, and our replies.
• Technical & log data: IP address, browser type, device type, operating system, language, timestamps, and pages or features accessed, collected automatically when you use the Platform.

We do not store private keys, seed phrases, bank-account numbers, credit-card numbers, or any withdrawal credentials for your exchanges or wallets.

We rely on the following lawful bases under the EU/UK GDPR:

• Performance of a contract (Art. 6(1)(b)): to create and maintain your account, activate Engine Licences, operate the engine against your Connected Exchange Account, and provide your dashboard.
• Legal obligation (Art. 6(1)(c)): to comply with anti-money-laundering, sanctions screening, tax-reporting, and other regulatory requirements applicable to us.
• Legitimate interests (Art. 6(1)(f)): to secure the Platform against fraud and abuse, to maintain audit trails of trading and licence activity, and to improve the engine software. Where we rely on legitimate interests we balance them against your rights and freedoms.
• Consent (Art. 6(1)(a)): for non-essential cookies and marketing communications, where applicable. Consent can be withdrawn at any time.

We share personal data only with the third parties needed to run the Platform. Each sub-processor receives only the minimum data needed for its function and is bound by appropriate contractual safeguards.

• Vault Business LLC infrastructure: authentication, billing, licence issuance, affiliate / commission tracking (VaultElite is operated by Vault Business).
• Cloud hosting provider: infrastructure hosting for the VaultElite and Vault Business backend services, under appropriate data-processing agreements.
• Cloudflare R2: object storage for static assets and user-uploaded content (e.g. avatars).
• Centralised exchanges and on-chain venues: the engine routes orders to the exchanges and venues that you connect (e.g. Binance, OKX, Bybit, MEXC, KuCoin, Bitget, Gate.io, Kraken, BingX, HTX, Hyperliquid, Astra). The exchange receives the order data necessary to execute it on your account.
• Gravatar: when no profile picture is set, we generate a default avatar via Gravatar from a hash of your email address.

We do not sell, rent, or trade your personal data. We may disclose data where required by law, court order, or competent regulatory authority, or to protect our rights or the rights of users.

Some sub-processors operate outside the European Economic Area or the United Kingdom. Where personal data is transferred internationally we rely on appropriate safeguards under GDPR, such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Agreement.

We retain personal data only for as long as needed for the purposes for which it was collected, and to meet our legal obligations. In particular:

• Account & identification data: for the life of the account, plus a reasonable period thereafter for audit and dispute purposes.
• Authentication tokens: for the duration of each session, then deleted.
• Encrypted API keys: until you delete them from your account or close your account.
• Trading-activity & licence records: retained as required by applicable record-keeping and tax-reporting laws.
• Support correspondence: typically up to 36 months.

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption in transit (TLS) for all traffic to the Platform.
• AES-256 encryption at rest for exchange API keys.
• Access controls and least-privilege principles for engineering and support staff.
• Audit logs of authentication, licence activation, and trading activity.
• Regular security review of subprocessors.

No method of transmission or storage is perfectly secure. You are responsible for the secrecy of your account credentials and for configuring exchange API keys with trade-only permissions.

We use cookies and browser local storage strictly to keep you signed in across the spot (vault-elite.com) and futures (futures.vault-elite.com) subdomains, to remember UI preferences, and to keep purchase sessions resumable. We do not use third-party advertising cookies.

Subject to applicable law, you have the following rights in respect of your personal data:

• Access: to receive a copy of the personal data we hold about you.
• Rectification: to correct inaccurate or incomplete data.
• Erasure: to request deletion, subject to overriding legal obligations (e.g. financial record-keeping).
• Restriction: to ask us to limit processing in certain circumstances.
• Portability: to receive your data in a structured, commonly used, machine-readable format.
• Objection: to object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent.
• Complain: to lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@vault-elite.com. We will respond within the timeframes required by applicable law.

The Platform is not directed at, and we do not knowingly collect personal data from, anyone under the age of 18.

We may update this Policy from time to time. Material changes will be notified through the Platform or by email to the address on your account. Continued use of the Platform after the effective date of the updated Policy constitutes acceptance of the changes.

Questions about this Privacy Policy or about how your data is processed can be sent to support@vault-elite.com.