PopVaulty Privacy Policy
Effective Date: 2025.11.24
Operator: PopVaulty Operations Team
Contact: privacy_pv@popvaulty.com (For personal data and copyright inquiries only)
Article 1 (Purpose)
This Privacy Policy explains how PopVaulty ("the Service") collects, uses, stores, and protects users' personal information. It applies to all versions of the PopVaulty mobile application and related online services.
Article 2 (Personal Data Collected)
Depending on the user's activity within the Service, PopVaulty may collect the following personal information:
| Category | Details | Retention Period |
|---|---|---|
| Account Information | Email, nickname, nationality, social login identifiers (Apple, Google, Facebook account IDs), login credentials | Retained during account use; permanently deleted 30 days after account deletion |
| Usage Information | App activity logs, access time, device information (OS, version, etc.) | Retained for 90 days, then anonymized |
| Uploaded Content | Photos and other content uploaded by users | Deleted immediately upon request or within 30 days after account deletion |
| Inquiry Information | Customer support inquiries and feedback | Retained for 3 years (per consumer complaint record regulations) |
| Analytics / SDK Data | Anonymous data collected via analytics SDKs | Retained for 1 year in anonymized form |
| Backup Data | System backup for disaster recovery | Retained on a 30-day rolling overwrite basis |
PopVaulty does not collect sensitive information (e.g., religion, political views, health data) except when required by law.
Article 3 (Legal Basis for Processing)
PopVaulty processes personal information under the following legal bases:
- User Consent: When the user voluntarily provides information during registration
- Contractual Necessity: To provide and maintain the Service
- Legal Obligation: To comply with applicable laws (e.g., tax, accounting retention)
- Legitimate Interest: To prevent misuse and improve service quality
Article 4 (Purpose of Use)
Collected personal data is used strictly for the following purposes:
- Providing and maintaining the Service
- User authentication and fraud prevention
- Improving features and analyzing performance
- Responding to inquiries and customer support
- Legal compliance and dispute resolution
Article 5 (Storage and Deletion Policy)
- Personal data is securely stored in the AWS Singapore region (ap-southeast-1).
- Data is retained only for the duration necessary to fulfill its collection purpose or to meet legal obligations.
- Upon expiration of the retention period, data is permanently deleted or irreversibly anonymized.
- Backup data is automatically overwritten every 30 days.
- "Anonymization" means processing data so that individuals can no longer be identified; anonymized data is no longer treated as personal information.
Article 6 (Third-Party Provision and Sharing)
PopVaulty does not sell or trade personal data. However, information may be shared with the following trusted third-party service providers, limited to operational necessity:
| Recipient | Service Provided | Location | Purpose |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting | Singapore | Service operation and data storage |
| Database Backend | MySQL-based data management | Singapore | Service database operation |
| Google LLC | Google Sign-In (OAuth 2.0) | United States | Account authentication and login |
| Apple Inc. | Sign in with Apple | United States | Account authentication and login |
| Meta Platforms, Inc. | Facebook Login Service | United States | Account authentication and login |
| Google Firebase Analytics | Analytics SDK | United States | App performance analysis and metrics |
PopVaulty does not store personal information beyond authentication purposes during social logins. Email or profile information obtained through such logins is used solely for account identification and maintenance.
Article 7 (User Rights)
Users have the following rights concerning their personal data:
- Access: Request access to their personal information
- Rectification: Request correction of inaccurate or incomplete information
- Erasure: Request deletion of personal information (unless legally restricted)
- Restriction: Request suspension of processing
- Withdrawal of Consent: Withdraw previously given consent (which may limit Service access)
All requests may be submitted to privacy_pv@popvaulty.com and will be processed within 30 days of receipt.
Article 8 (Security Measures)
- All data transmissions are protected by TLS (HTTPS) encryption.
- Access rights are limited to authorized personnel bound by confidentiality obligations.
- Regular security audits and access log reviews are conducted.
- In the event of a data breach, affected users will be notified within 72 hours.
Article 9 (International Data Transfer)
PopVaulty may transfer data to reliable service providers located in Singapore, the United States, and South Korea. All transfers comply with the EU Standard Contractual Clauses (SCCs) or equivalent safeguards. Users may refuse international transfers, though service access may be limited. Any future changes to data transfer mechanisms will be announced in advance.
Article 10 (SDKs and Analytics Tools)
PopVaulty does not use cookies, but it employs the following SDKs:
| SDK Name | Provider | Data Collected | Purpose of Use |
|---|---|---|---|
| Firebase Analytics | Device ID, session data, country code | App performance and error analysis | |
| Mixpanel | Mixpanel Inc. | In-app events (anonymized) | User behavior analytics |
| Meta SDK | Meta Platforms, Inc. | Advertising ID, device info, event logs | Advertising performance and retargeting |
| Google Sign-In SDK | Google LLC | User ID token, email, authentication state | Google account login |
| Apple Authentication SDK | Apple Inc. | User ID token, email | Apple account login |
| Facebook Login SDK | Meta Platforms, Inc. | User ID, authentication state | Facebook account login |
All SDKs collect anonymous or pseudonymous data, and users may stop collection by deleting the app or deleting their account.
Article 11 (Protection of Children's Personal Data)
PopVaulty does not permit registration by users under 14 years of age. If personal data of a child is discovered, it will be deleted immediately. Guardians may request data deletion via privacy_pv@popvaulty.com.
Article 12 (Changes to This Policy)
This Policy may be updated due to legal, regulatory, or operational requirements. Significant changes will be announced at least seven (7) days before taking effect. The latest version is always available in the app under Settings → View Policies.