Privacy Policy

1. Information We Collect

We collect information in several ways depending on how you interact with the Service:

1.1 Information You Provide Directly

• Account registration data — email address, display name, and password (stored as a salted hash) when you create an account.
• Billing information — payment method details (card number, expiry, billing address) are collected and processed by Stripe. Vultax does not store full card numbers on its servers.
• Support communications — messages, attachments, and associated metadata when you contact us via email or in-app support.
• Preferences and configurations — watchlists, alert settings, terminal layout preferences, and notification configurations you save within the Service.
• Feedback and surveys — any comments, feature requests, or survey responses you voluntarily submit.

1.2 Information Collected Automatically

• Usage data — pages visited, features used, modules accessed, session duration, click events, search queries, and interaction patterns within the terminal.
• Device and browser information — IP address, browser type and version, operating system, device type, screen resolution, language preference, and timezone.
• Referral data — the URL that referred you to our site, landing page, and marketing campaign identifiers.
• Log data — server access logs including timestamps, request URLs, response codes, and error details for security monitoring and debugging.

1.3 Information from Third Parties

• Payment processor — Stripe may provide us with transaction confirmations, subscription status, and limited billing details necessary to manage your account.
• Analytics providers — Google Analytics and Google Tag Manager provide aggregated and anonymized usage statistics.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery — to create and manage your account, provide access to terminal features, process subscriptions, and deliver alerts and notifications.
• Personalization — to remember your preferences, display relevant content, and improve your experience within the terminal.
• Billing and payments — to process transactions, send invoices and receipts, manage subscription lifecycle, and handle refund requests.
• Communication — to send transactional emails (account confirmation, password reset, billing receipts), product updates, and service announcements. You may opt out of non-essential communications at any time.
• Security and fraud prevention — to detect and prevent unauthorized access, abuse, fraud, and other security incidents. This includes monitoring login patterns, rate-limiting API access, and analyzing usage anomalies.
• Analytics and improvement — to understand how users interact with the Service, identify bugs and performance issues, and develop new features.
• Legal compliance — to comply with applicable laws, regulations, legal processes, or governmental requests.

3. Cookies, Tracking & Similar Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and understand usage patterns.

3.1 Types of Cookies We Use

3.2 Managing Cookies

You can control or disable cookies through your browser settings. Please note that disabling essential cookies may prevent you from using certain features of the Service. You may also opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

4. How We Share Your Information

We do not sell, rent, or trade your personal data.

We may share limited information with third parties only in the following circumstances:

• Service providers — we share data with trusted third-party processors who help us operate the Service, including Stripe (payment processing), cloud hosting providers (infrastructure), email delivery services (transactional emails), and analytics tools (Google Analytics/GTM). Each provider is contractually obligated to process your data only as instructed and in accordance with this Policy.
• Legal obligations — we may disclose information if required to do so by law, regulation, court order, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of Vultax, our users, or the public.
• Business transfers — in the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email or prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.
• With your consent — we may share information in other ways if you explicitly consent.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account data — retained for the lifetime of your account plus 30 days after deletion request.
• Billing records — retained for up to 7 years as required for tax and accounting purposes.
• Usage logs — retained for up to 12 months for analytics and security purposes, then aggregated or anonymized.
• Support correspondence — retained for up to 3 years after the last communication.

When data is no longer needed for its original purpose, we securely delete or anonymize it.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+) for all data transmitted between your browser and our servers.
• Encryption at rest for sensitive data stored in our databases.
• Salted password hashing — we never store passwords in plaintext.
• Role-based access controls limiting employee access to personal data on a need-to-know basis.
• Regular security audits, dependency scanning, and infrastructure monitoring.
• Rate limiting and anomaly detection to prevent unauthorized API access.

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incident and notifying affected users as required by applicable law.

7. International Data Transfers

Vultax operates globally, and your data may be processed in countries other than your country of residence. When we transfer personal data across borders, we ensure that appropriate safeguards are in place to protect your data in accordance with this Policy and applicable data protection laws, including the use of Standard Contractual Clauses where required.

8. Your Rights & Choices

Depending on your jurisdiction (including under GDPR, CCPA/CPRA, and other applicable privacy laws), you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete personal data.
• Deletion — request deletion of your personal data, subject to legal retention requirements.
• Portability — request a copy of your data in a structured, machine-readable format.
• Restriction — request that we restrict certain processing activities.
• Objection — object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing performed before withdrawal.
• Non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, email us at support@vultax.com with the subject line “Privacy Request.” We will verify your identity and respond within 30 days (or sooner if required by applicable law). If we need additional time, we will notify you of the extension and the reason.

9. Additional Information for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information. In addition to the rights described in Section 8 above:

• You have the right to know what categories of personal information we collect, the purposes for collection, and the categories of third parties with whom we share it.
• We do not “sell” or “share” personal information as defined under the CCPA/CPRA.
• You may designate an authorized agent to submit requests on your behalf, provided you verify the agent's authority.

10. Additional Information for EEA & UK Residents

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

• Contract performance — processing necessary to provide the Service under our Terms of Service.
• Legitimate interests — processing for analytics, security, fraud prevention, and service improvement, where our interests do not override your fundamental rights.
• Consent — processing for non-essential cookies, marketing communications, and any other purpose for which you have given explicit consent.
• Legal obligation — processing required to comply with applicable laws and regulations.

You have the right to lodge a complaint with your local supervisory authority if you believe we have not adequately addressed your concerns.

11. Children's Privacy

The Service is not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data promptly. If you believe a child has provided us with personal data, please contact us at support@vultax.com.

12. Third-Party Links & Services

The Service may contain links to third-party websites, exchanges, or services that are not operated by Vultax. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal data.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Effective date” at the top of this page.
• Provide notice via email or a prominent banner on the Service at least 14 days before the changes take effect.

Your continued use of the Service after the revised Policy becomes effective constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@vultax.com
• Subject line: “Privacy Inquiry”
• Website: vultax.com

We aim to respond to all privacy-related inquiries within 30 days.