Privacy Policy
Dabreux Vault — effective date May 2026
1. Who we are
Dabreux Vault is operated by [OPERATOR NAME — TO BE CONFIRMED]. References to 'we', 'us', or 'our' in this policy refer to the operator of Dabreux Vault. Contact: [CONTACT EMAIL — TO BE CONFIRMED].
2. What data we collect and why
Account data
When you create an account we collect your email address, account type (individual or business), and country of residence. These are stored unencrypted on our servers and are used to operate your account and apply the correct product features for your jurisdiction. Legal basis: contract performance.
Vault contents
All items you add to your vault — including item details, purchase prices, quantities, dates, documents, and notes — are encrypted on your device before being transmitted to our servers. We use zero-knowledge encryption, which means we cannot read your vault contents. We store only ciphertext. Legal basis: contract performance.
Aggregate taxonomy data
When you add or record the sale of a vault item, we record a classification of that event in a separate analytics table. This record contains only the type of item (for example: gold coin, Britannia, 1oz), the event type (added or sold), and the calendar month. It contains no information about you, your account, or the financial value of your item. It cannot be linked to you in any way. We use these counts in aggregate to understand the UK precious metals market and may publish findings or share aggregate statistics with commercial partners. No individual data is ever shared. Legal basis: legitimate interests.
Usage data
We collect standard server logs and usage analytics to operate and improve the service. This may include device type, browser version, and page views. We do not use advertising trackers. Legal basis: legitimate interests.
3. Dealer referral
If you choose to request a quote from a bullion dealer through the app, you will be asked to submit your name and contact details directly to the dealer. At that point your details are transmitted to the relevant dealer partner and governed by their privacy policy. Dabreux Vault does not retain your contact details after transmission. This feature is not yet live.
4. Data sharing
We do not sell your personal data. We do not share your personal data with third parties except: (a) service providers who help us operate the platform (including Supabase for database and storage, and Vercel for hosting), each bound by data processing agreements; (b) where required by law.
5. Data retention
Account data is retained for as long as your account is active. If you delete your account, your encrypted vault contents and account data are deleted within 30 days. Aggregate taxonomy data (which is not personal data) is retained indefinitely as it cannot be linked to any individual.
6. Your rights
As a UK resident you have the right to access, correct, or delete your personal data; to object to processing; and to lodge a complaint with the ICO (ico.org.uk). To exercise your rights contact us at [CONTACT EMAIL — TO BE CONFIRMED].
7. Cookies
Dabreux Vault uses only essential cookies required for authentication. We do not use advertising or tracking cookies.
8. Changes to this policy
We will notify you of material changes to this policy via the app or by email. Continued use of the service after changes constitutes acceptance.