Privacy Policy
About this website. The AI Vault app collects nothing (see §2). The only thing aivaultapp.com stores is the email you choose to submit in the “Request access” form — kept on our own Cloudflare infrastructure solely to contact you about early access, never sold or shared, with no third-party trackers, ad networks, or analytics on the site. Want it removed? Email [email protected] and we'll delete it.
TL;DR
AI Vault is offline-first. It does not phone home. It does not collect telemetry. It does not transmit your data to any AI Vault server because there is no AI Vault server. Everything you put in the vault stays on the device you put it on, encrypted with a key derived from your master password.
If this paragraph is enough for you, you can stop reading. The rest is the legal-grade detail.
1. Who we are
AI Vault is published by DD (publisher display name shown in the Microsoft Store). Contact:
[email protected] (also surfaced via the in-app Support page). The same entity does not
operate any AI Vault cloud, sync, telemetry, or analytics service — none exist.
2. Data we collect from you (in the app)
None. AI Vault does not collect, transmit, or store on any server controlled by us:
- the contents of your vault (passwords, API keys, seed phrases, notes, files, photos, configs);
- your master password, vault PIN, or derived encryption keys;
- usage statistics, crash reports, or performance telemetry;
- your IP address, MAC address, hardware fingerprint, or machine ID, except where those values are derived locally and remain locally (see §4);
- diagnostic logs (logs stay on your device);
- the model or content of AI prompts you send through the bring-your-own-key AI integration (see §5).
This is enforced architecturally, not just promised. A static test-no-telemetry.js gate in
the project's test suite blocks any banned SDK or auto-outbound URL from entering the codebase, and runs on
every push and pull request in CI.
3. Data stored locally on your device
AI Vault writes the following to your device's user-data directory (typically %APPDATA%\ai-vault\
for direct installs, or the package LocalCache path for Microsoft Store installs):
| File | Contents | Encryption |
|---|---|---|
vault.enc | Your vault payload: credentials, notes, configs, snapshots, projects, crypto-wallet entries | AES-256-GCM, key derived via PBKDF2-SHA512 (100,000 iterations) from your master password + a per-vault random salt |
vault.enc.bak | Atomic-write backup of the previous vault state | Same as vault.enc |
config.json | UI preferences (theme, language, sidebar order) | Plain JSON — non-sensitive |
tags.db | SQLite database of file tags | Plain SQLite — non-sensitive |
thumbs/ | Generated file thumbnails | Cached pixel data; regenerable |
bin/, media/ | Files you import through the vault | Stored as-is; not encrypted by default (the file vault wraps the filesystem) |
Key handling: the master password never leaves the device. The derived encryption key never leaves
the running process's memory and is wiped when the vault is locked or the app exits. If vault.enc
is corrupted, AI Vault automatically falls back to its backups and shows a recovery dialog rather than a silent empty vault.
4. Local-only system info
These values are read locally and remain locally (used by the anti-tamper module and the System Health widget) — they are not transmitted off the device: machine ID, process memory usage, module activation/hibernation timestamps, and the last vault-unlock timestamp.
5. Third-party services you may choose to use
In every case the integration is user-triggered, optional, and uses keys you provide. AI Vault ships no vendor keys and relays nothing through any AI Vault server (there is none). If you don't enter a key, the integration is dormant and generates no traffic.
| Integration | What is sent | Where it goes |
|---|---|---|
| Anthropic / OpenAI / Google Gemini (BYO key) | Your prompt + conversation history | The respective AI provider's API |
| Ollama (local AI) | Your prompt | Your own machine (127.0.0.1) |
| Tenor GIF search (BYO key) | Your search query text | Google (Tenor) |
| RetroAchievements (opt-in) | RA username, current ROM hash | retroachievements.org |
| WebTorrent / BitTorrent | Torrent infohash, your IP, peer traffic | DHT swarm / trackers |
| mDNS / DLNA / BLE pairing | Discovery beacons / pairing handshake | Your local network / your phone only |
6. Cookies, tracking, fingerprinting
None. The app embeds no web tracking, loads no remote analytics, sets no tracking cookies, and does not fingerprint your device. This website likewise uses no third-party trackers or analytics; the only data it records is the early-access email you submit (and basic anti-abuse metadata: approximate country and a timestamp).
7. Children's data
AI Vault is not directed at children under the applicable age thresholds (COPPA/GDPR/LGPD). We do not knowingly collect data from children because we do not collect data at all (§2).
8. Your rights (GDPR / CCPA / LGPD)
Because the app stores your data only on your own device, the usual data-subject rights apply directly there:
access (open the vault), rectification (edit entries), erasure (delete entries, wipe the
vault, or uninstall and delete the user-data directory), and portability (export your vault as an
encrypted .42f archive). For the early-access email on this site, email
[email protected] to access or delete it.
9. Security disclosures
Found a vulnerability? Email [email protected] with subject “Security disclosure — AI Vault”.
We aim to acknowledge within 72 hours and ship a fix as quickly as the severity warrants.
10. Changes to this policy
If the policy changes materially, the new version ships with an updated Last updated date; the previous text is preserved in version history. We will never silently expand the data we collect — the “collect nothing” position in the app is architectural.
11. Contact
General inquiries / support: [email protected] ·
Website & early access: [email protected] ·
Security: [email protected] (subject “Security disclosure — AI Vault”).
© 2026 AI Vault · Encrypted. Offline. Yours. · Written in plain English; if any clause is found unenforceable, the remainder remains in force.