Privacy Policy
Last updated: April 26, 2026
We can't leak what we don't have.
AssetVault is offline by architecture. There is no AssetVault server holding your inventory. There are no accounts. There is no usage tracking. We cannot, even by court order, hand over data we never received. Your phone's lock screen is the security boundary. The rest of this policy is the legal long-form.
1. Your data stays on your device
AssetVault is designed from the ground up to keep your data private. All inventory items, serial numbers, photos, values, and documents are stored locally on your device using an encrypted database. Your data is never uploaded to our servers or any cloud service.
We do not collect, store, or have access to your inventory data. Not "we promise we won't" — we literally do not have a server that holds it. There's no remote replica, no cloud sync, no telemetry pipeline that includes item data. The architecture makes data leakage impossible because the data is never collected to begin with.
2. What we do collect
Crash reports. If the app crashes, an anonymous crash report is sent to our self-hosted crash reporting service (Sentry). This includes your device type, operating system version, and the technical details of the crash. No inventory data is ever included in crash reports. The crash payload is also scrubbed for any string that looks like a serial number or file path before transmission.
Purchase information. If you purchase Pro or Collector+, the transaction is processed entirely by Apple (App Store) or Google (Play Store). We use RevenueCat to verify your purchase status. We never see your payment details.
3. What we never collect
- Item names, descriptions, or categories
- Serial numbers
- Photos or documents
- Item values or purchase prices
- Your name, email, or any personal identifiers
- Your browsing history or usage patterns
4. Permissions
Camera. To take photos of your items and scan barcodes / serial numbers. Photos are stored locally only.
Biometric authentication. To lock and unlock your vault. We never store or transmit your biometric data.
File access. To import/export backup files and generate PDF reports. Files are created locally and shared only when you choose.
5. Third-party services
- Sentry (self-hosted). Crash reporting (device type, OS version, crash stack trace — no inventory data).
- RevenueCat. Purchase verification (anonymous user ID, purchase receipt).
- Apple / Google. Payment processing (handled entirely by the platform).
- Gemini (Google). Optional AI photo identification, bulk import, AI Pre-Grade. Only the photo you submit is sent — no surrounding inventory context. Subject to Google's API privacy terms.
- eBay (public web). Optional live market pricing. Only the item name + category text is queried; no personally identifying information is sent.
6. Data security
All data is stored in your device's secure storage. The app is protected by biometric or PIN authentication. Backup files are exported in JSON format — you control where they go.
7. How to delete your data
Inventory data: it lives on your device. Uninstall the app — the database, photos, and documents are removed by your operating system. There is no copy on our servers to also delete.
Optional crash reports: email [email protected] with the subject "Delete Crash Data" and we'll purge any anonymous reports linked to your device.
Purchase records: managed by Apple or Google, not by us — request deletion through their account settings.
For a one-page reference of the deletion process, see /data-deletion.html.
8. Your rights under GDPR (EU / UK)
If you are in the European Economic Area or the United Kingdom, you have the right to:
- Access any data we hold about you
- Have inaccurate data corrected
- Have your data erased
- Restrict or object to processing
- Data portability
Because AssetVault stores no inventory data on our servers and only receives anonymous crash reports plus an anonymous purchase ID, most requests resolve as "no data on file." We respond to every request within 30 days. Email [email protected] with the subject "GDPR Request" — include your device type so we can locate any anonymous crash data.
9. Your rights under CCPA (California)
California residents have the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. AssetVault does not sell, trade, or rent personal information — we never have, and we never will. Email [email protected] with the subject "CCPA Request" to exercise your rights.
10. Children's privacy
AssetVault does not knowingly collect data from children under 13 (or the equivalent age under applicable regional law).
11. Cookies and tracking
The AssetVault app uses no cookies and no third-party tracking SDKs. Our marketing website uses no cookies and no analytics that identify you. We do not participate in the IDFA / advertising-ID ecosystem.
12. Changes to this policy
If we materially change this policy we will update the "Last Updated" date at the top and surface a notice in the app on next launch. Continued use after a material change constitutes acceptance.
13. Contact us
CRL Digital
Email: [email protected]
For privacy-specific concerns, use subject lines: GDPR Request, CCPA Request, or Delete Crash Data.