Privacy Policy

01

Introduction and Scope

VaultCoreSecurity ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase our hardware wallets and crypto security devices, or use our services. We understand that users of cryptocurrency hardware wallets and cold storage solutions require the highest level of data protection and privacy. This policy applies to all personal data processed by VaultCoreSecurity across our operations in Germany, Austria, and Switzerland, and complies with the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and other applicable data protection laws. By using our services, you acknowledge that you have read and understood this Privacy Policy.

02

Information We Collect

We collect several types of information to provide and improve our services. Personal Identification Information: When you create an account, purchase products, or contact us, we may collect your name, email address, phone number, billing address, and shipping address. Payment Information: We process payment data through secure, PCI-DSS compliant payment processors. We do not store complete credit card numbers or sensitive payment credentials on our servers. Device and Technical Information: We collect information about your device, including IP address, browser type, operating system, device identifiers, and access times when you visit our website. Product Registration Data: When you register your hardware wallet, we may collect the device serial number and firmware version for warranty and support purposes. Communication Data: Records of your correspondence with our customer support team, including emails, chat logs, and support tickets. Important Note: We do NOT collect, store, or have access to your cryptocurrency private keys, seed phrases, wallet balances, transaction data, or any sensitive cryptographic information stored on your hardware wallet devices. Your crypto assets remain entirely under your control.

03

How We Use Your Information

We process your personal data for specific, legitimate purposes. Order Processing and Fulfillment: To process your orders, arrange shipping, handle returns, and provide customer service related to your purchases of hardware wallets and security devices. Product Support and Updates: To provide technical support, send firmware updates, security patches, and important product notifications that may affect the security of your devices. Account Management: To create and maintain your user account, verify your identity, and manage your preferences. Communication: To respond to your inquiries, send transactional emails (order confirmations, shipping notifications), and provide customer support. Security and Fraud Prevention: To detect, prevent, and address technical issues, fraudulent activities, and security threats to our systems and users. Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests. Business Analytics: To analyze website usage, improve our products and services, and understand customer preferences (using anonymized or aggregated data where possible). Marketing (with consent): To send you promotional materials, product announcements, and newsletters, only if you have opted in to receive such communications. You may opt out at any time.

04

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds: Contractual Necessity: Processing is necessary to fulfill our contract with you when you purchase our products or services, including order processing, delivery, and customer support. Legitimate Interests: We have legitimate business interests in processing your data for fraud prevention, security monitoring, improving our services, and maintaining our business operations, provided these interests do not override your fundamental rights and freedoms. Legal Obligation: We process data to comply with legal requirements, such as tax laws, accounting regulations, and responses to lawful requests from authorities. Consent: For marketing communications, cookies (beyond strictly necessary ones), and other processing activities, we rely on your explicit consent, which you can withdraw at any time. Vital Interests: In rare cases, processing may be necessary to protect your vital interests or those of another person. We always ensure that our processing activities are proportionate, necessary, and respect your rights as a data subject.

05

Data Sharing and Third-Party Disclosure

We do not sell, rent, or trade your personal information to third parties. However, we may share your data with trusted partners in the following circumstances: Service Providers: We engage third-party companies to perform services on our behalf, such as payment processing (Stripe, PayPal), shipping and logistics (DHL, FedEx), cloud hosting (AWS, Google Cloud), email services (SendGrid), and customer support platforms (Zendesk). These providers are contractually obligated to protect your data and use it only for the purposes we specify. Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections. Legal Requirements: We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to government requests. Affiliate Companies: We may share data with our affiliated entities in Germany, Austria, and Switzerland for business operations, provided they adhere to this Privacy Policy. Analytics and Advertising Partners: We use analytics services (Google Analytics) to understand website usage. These services may collect data about your online activities, but we configure them to respect your privacy rights and comply with GDPR.

06

Data Security and Protection Measures

As a company specializing in cryptocurrency security hardware, we take data protection extremely seriously and implement industry-leading security measures. Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3 or higher. Sensitive data at rest is encrypted using AES-256 encryption. Access Controls: We implement strict access controls, ensuring that only authorized personnel can access personal data on a need-to-know basis. All access is logged and monitored. Secure Infrastructure: Our systems are hosted in secure, ISO 27001 certified data centers with physical security measures, redundant systems, and regular security audits. Regular Security Testing: We conduct penetration testing, vulnerability assessments, and security audits to identify and remediate potential vulnerabilities. Employee Training: All employees undergo regular data protection and security training to ensure they understand their responsibilities. Incident Response: We maintain a comprehensive incident response plan to quickly address any data breaches or security incidents. In the event of a breach affecting your personal data, we will notify you and relevant authorities as required by law. Data Minimization: We collect only the minimum amount of data necessary for our specified purposes and delete data when it is no longer needed.

07

Your Privacy Rights and Choices

Under GDPR and other applicable laws, you have comprehensive rights regarding your personal data: Right of Access: You can request a copy of the personal data we hold about you and information about how we process it. Right to Rectification: You can request correction of inaccurate or incomplete personal data. Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data, subject to certain legal exceptions (e.g., we may need to retain data for legal compliance or contract fulfillment). Right to Restriction of Processing: You can request that we limit how we use your data in certain circumstances. Right to Data Portability: You can request to receive your personal data in a structured, machine-readable format and transmit it to another controller. Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes at any time. Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal. Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority if you believe we have violated your privacy rights. To exercise any of these rights, please contact us at [email protected] or write to our Data Protection Officer at our Germany headquarters.

08

Data Retention and International Transfers

Data Retention: We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically: account data is retained while your account is active and for 3 years after account closure; order and transaction data is retained for 7 years for tax and accounting purposes; marketing consent records are kept until you withdraw consent; technical logs are retained for 12 months. After the retention period expires, we securely delete or anonymize your personal data. International Data Transfers: Your data is primarily processed within the European Economic Area (EEA) and Switzerland. If we transfer data outside these regions (e.g., to cloud service providers in other countries), we ensure appropriate safeguards are in place, such as: EU Standard Contractual Clauses (SCCs), adequacy decisions by the European Commission, or other legally recognized transfer mechanisms. We ensure that any international data transfers comply with GDPR Article 44-50 and provide adequate protection for your personal data. You have the right to obtain information about the safeguards we have in place for international transfers.

09

Changes to Privacy Policy and Contact Information

Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date, and, where appropriate, by sending you an email notification. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Continued use of our services after changes are posted constitutes your acceptance of the updated policy. Contact Information: If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: VaultCoreSecurity | Email: [email protected] | Phone: +49 5217 9435071 | Germany (Headquarters): Friedrichstraße 68, 10117 Berlin, Germany | Austria: Kärntner Ring 12, 1010 Vienna, Austria | Switzerland: Bahnhofstrasse 45, 8001 Zurich, Switzerland. For data protection matters, you may also contact our Data Protection Officer at the Germany headquarters address. We are committed to addressing your concerns and resolving any privacy issues promptly and transparently.