Chat Vault is an independent Chrome extension developed and operated as an indie software product. Our website is chatvault.site.
We collect the minimum data necessary to operate the service:
We do not collect: your chat conversations, browsing history, device identifiers, IP address logs linked to your identity, location data, or any other personal information beyond what is listed above.
All backed-up conversations (messages, titles, metadata) are stored exclusively on your device using Chrome's built-in chrome.storage.local API. This data never leaves your browser and never reaches our servers.
If you enable Google Drive sync, your conversation archive is uploaded directly from your browser to your personal Google account via OAuth2. This transfer goes browser โ Google. Chat Vault's servers are not involved and we have no access to your Drive files. We request only the drive.file scope, which limits our access to files the extension itself created.
If you uninstall the extension, your local backup data is permanently removed from your device. We cannot recover it.
Your email address and subscription data are used solely for:
We do not use your data for advertising, profiling, resale, or any purpose unrelated to providing the Chat Vault service.
Paddle โ payment processing. Your card details are entered directly on Paddle's secure PCI-compliant payment page. We receive only a payment confirmation and your email address. We never see or store card numbers, CVV codes, or banking details.
Resend โ transactional email delivery (OTP codes, receipts). Your email is shared with Resend only for this purpose, not for marketing.
Google OAuth2 โ optional Google Drive sync. We request only the drive.file scope. We do not access your existing Drive files, Gmail, Calendar, or any other Google service.
Google Fonts โ our website loads fonts (Outfit, DM Mono) from Google Fonts. Google may log font requests per their own privacy policy.
Google Cloud Platform โ our backend server is hosted on GCP in the EU (Frankfurt, europe-west3). All data transmission uses HTTPS/TLS.
Account data (email, subscription status, hashed session tokens) is stored on our server on Google Cloud Platform. We use HTTPS for all external connections. We do not use passwords โ authentication uses one-time codes sent to your email, which are valid for 10 minutes only.
Your account data is retained as long as your account is active. Accounts inactive for 24 consecutive months may be deleted. You may request deletion at any time by contacting support@chatvault.site. Deletion is completed within 14 days.
Depending on your location, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise any of these rights, contact us at support@chatvault.site.
If you are located in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.
We do not use Google Analytics, Mixpanel, or any third-party analytics service. We may review aggregate, anonymous server metrics (total request counts, error rates) to monitor system health. These cannot be linked to any individual user.
Our main website (chatvault.site) does not use tracking or advertising cookies. The account page (api.chatvault.site/account) uses a single session cookie for login state. Google Fonts may set cookies per Google's policy.
Chat Vault is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this policy occasionally. We will notify Pro subscribers by email of any material changes at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision. Continued u