Who is the data controller for Vaultody services?

The data controller is Vaultody LTD, a company registered in Bulgaria, EU (UIC 207186381), with its registered office at Doctor Yordan Yosifov 1a, 3rd floor, 1700 Sofia, Bulgaria.

What personal data does Vaultody collect?

Vaultody may collect your full name, address, email address, phone number, employer and job title, data you submit in forms or surveys, technical and usage data such as IP address, and information you provide in job applications (for example, CV, professional experience, education and certain health-related details when legally required).

For what purposes does Vaultody process personal data?

Vaultody processes personal data to provide and administer its services, manage contractual and licensing relationships, secure its platform, conduct analytics and statistics, improve and personalise services and communications, comply with legal and regulatory obligations, and detect, prevent and investigate fraud or other unlawful activities.

How long does Vaultody retain personal data?

Vaultody keeps personal data only for as long as needed for the purposes for which it was collected. Marketing-related data is stored while you maintain an active relationship with Vaultody and is deleted after your contract ends, unless you consent to continued processing. Data may be retained longer where required by law or to protect Vaultody’s legal interests, such as during ongoing legal proceedings.

What are my GDPR rights with Vaultody?

Under GDPR, you can request access to your personal data, ask for correction of inaccurate or incomplete data, request erasure or anonymisation, request restriction of processing, object to certain processing, and exercise data portability. Some rights apply only in specific situations. You can exercise your rights by contacting Vaultody at office@vaultody.com.

Does Vaultody transfer personal data outside the EU/EEA?

Yes. When necessary, Vaultody may transfer or store personal data outside the EU/EEA. In such cases, it implements appropriate safeguards, such as using EU Standard Contractual Clauses and other measures required by applicable data protection laws, to ensure an adequate level of protection.

Vaultody Privacy Policy

Last updated: 22 December 2022

This Privacy Policy explains how Vaultody LTD (“Vaultody”, “we”, “us”, or “our”) collects, uses, shares and protects personal data when you visit our website or use our services.

1. General Information

Vaultody LTD is a company registered and existing under the laws of Bulgaria, European Union, with Unique Identification Code (UIC) 207186381 and registered office at “Doctor Yordan Yosifov” 1a, 3rd floor, 1700 Sofia, Bulgaria.

Vaultody operates the website https://vaultody.com/ and provides digital asset wallet and related infrastructure services (the “Service”) as described on our website.

This Privacy Policy describes our practices regarding the collection, use, storage and disclosure of information, including personal data, when you:

browse or interact with our corporate website; and/or
use or are onboarded to Vaultody’s Service as a customer, partner, or authorised user.

Our aim is to ensure that your personal data is processed lawfully, fairly and transparently, and in accordance with the EU General Data Protection Regulation (GDPR) and applicable Bulgarian and EU data protection laws.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, misuse, alteration and destruction.

2. Data Controller

Vaultody LTD acts as the data controller for the personal data processed in connection with this website and the provision of the Service, unless stated otherwise.

You can find our contact details in section 11 of this Policy.

3. When We Collect Personal Data

We may collect personal data about you in the following situations:

Requesting a demo or contact: when you submit a demo request, contact request or any other form on our website.
Contractual relationship: when you or your organisation enter into an agreement with Vaultody to use the Service, including during onboarding and account management.
Job applications: when you apply for a position at Vaultody and provide us with your CV, cover letter and any additional information such as professional experience, education, and, where relevant and lawful, health-related information.
Forms, surveys and tests: when you voluntarily complete questionnaires, feedback forms, tests, or other information forms provided by Vaultody.
Marketing and communications: when you subscribe to newsletters, respond to marketing campaigns, participate in research or interact with our communications.
Website and service usage: when it is necessary to manage, secure and improve our website and Service or otherwise administer our relationship with you and your organisation.

4. Personal Data We Collect

4.1 Identification and contact data

Depending on your relationship with us, Vaultody may collect the following categories of personal data:

full name;
postal address and country;
business email address;
telephone number;
employer or organisation name;
job title or role at your organisation;
any additional information you voluntarily provide in forms or communications.

4.2 Technical and usage data

When you visit our website or use the Service, we may automatically collect certain technical and usage information, such as:

IP address and approximate location;
browser type and version, operating system and device information;
date, time and duration of visits;
pages visited, features used and other usage data.

4.3 Recruitment-related data

When you apply for a job at Vaultody, we may process:

your CV and application details (experience, skills, education);
references and background information provided by you or third parties (where lawful);
information regarding your eligibility to work in a specific jurisdiction;
health-related data only where strictly necessary and lawful (for example, for workplace accommodations).

4.4 Data from public and social sources

We may also collect and process information you choose to make public or share with us on:

Vaultody’s public forums or blog comments; and
Vaultody accounts on third‑party platforms such as professional or social networking sites.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or to comply with legal, regulatory or legitimate business requirements.

In particular:

Marketing and communications: personal data used for marketing purposes is stored for as long as you maintain an active relationship with Vaultody (for example, while you are a customer or newsletter subscriber) and is deleted or anonymised after your contract ends, unless you have provided consent to continued processing.
Contractual data: data related to contracts, billing and account management is stored for the duration of the agreement and for the period required by applicable commercial, tax and accounting laws.
Recruitment data: job application data is typically stored for the recruitment process and, where allowed and relevant, for a limited period thereafter in order to manage future opportunities or legal claims.

We may retain data for a longer period where required by law or where necessary to establish, exercise or defend legal claims or protect our legitimate interests (for example, in connection with ongoing legal proceedings).

6. Purposes of Processing

6.1 Provision and administration of the Service

We process personal data primarily to:

provide, operate and maintain the Vaultody Service and its features;
manage our contractual and licensing relationships with customers and partners;
respond to support requests and other enquiries;
ensure the security, integrity and availability of our systems.

6.2 Analytics, development and marketing

We may also process your data to:

conduct market and customer analytics, statistics and performance monitoring;
improve existing features and develop new products and services;
carry out customer and user surveys or research;
send you information, recommendations or offers about Vaultody solutions that may be relevant to your role, organisation or interests, where allowed by law.

In some cases, we may segment, link or analyse data to personalise communications or content, for example by industry, company type or product usage.

6.3 Compliance and fraud prevention

We process personal data to:

comply with legal and regulatory obligations, including anti‑money laundering (AML), sanctions and other compliance checks where applicable;
detect, prevent and investigate fraud, abuse, security incidents or other prohibited or unlawful activities;
protect Vaultody, our users and third parties from harm.

7. Legal Basis for Processing

Under GDPR, Vaultody relies on several legal bases for processing personal data, depending on the specific context:

Performance of a contract: where processing is necessary to enter into or perform a contract with you or your organisation, for example to provide the Service, manage your account or handle billing and support.
Legitimate interests: where processing is necessary for our legitimate business interests and these are not overridden by your interests or fundamental rights and freedoms. This includes, for example, service improvement, security, analytics, and certain marketing to existing customers.
Consent: where we rely on your explicit consent, such as for certain marketing communications or optional features. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Legal obligations: where processing is required to comply with applicable laws or regulatory requirements.

If you withdraw consent and we have no other legal basis to continue processing, we will stop processing the relevant data for the purposes based on consent.

8. Data Security and Integrity

Protecting the confidentiality, integrity and availability of your personal data is a core priority for Vaultody.

We implement appropriate technical, organisational and administrative safeguards, which may include, among others:

access controls and role‑based permissions;
encryption and secure communication protocols where appropriate;
network and infrastructure security measures;
regular security reviews, monitoring and improvements;
internal policies, training and procedures for staff and contractors.

While we strive to provide a high level of security, no system can be guaranteed as completely impenetrable. If you notice any suspicious or unauthorised activity related to the Service, please notify us immediately using the contact details in section 11.

9. Sharing and International Transfers of Personal Data

9.1 Internal staff and advisors

Depending on the specific Service you use, your personal data may be accessed by:

authorised Vaultody employees and management;
our professional advisers, such as legal or financial consultants, where necessary and subject to confidentiality obligations.

9.2 Service providers and business partners

We may share personal data with trusted third parties that process data on our behalf, for example:

IT infrastructure, hosting and cloud service providers;
customer support and ticketing platforms;
compliance, backup, recovery and security vendors;
analytics, communication or marketing tools where lawful.

These recipients act as data processors and may process personal data only according to our documented instructions and under data processing agreements that require appropriate technical and organisational security measures.

9.3 Legal and regulatory disclosures

We may disclose personal data where necessary to:

comply with applicable laws, regulations, court orders or regulatory requests;
respond to lawful requests from public authorities, including for national security or law enforcement requirements;
protect our rights, property or safety, or those of our users or third parties;
detect, investigate or prevent fraud, security or technical issues.

9.4 Transfers outside the EU/EEA

Your personal data may be transferred to or stored in countries outside the European Union (EU) or European Economic Area (EEA). Whenever such transfers occur, we implement appropriate safeguards, such as:

using the European Commission’s Standard Contractual Clauses for international data transfers; and/or
other mechanisms permitted by applicable data protection law.

We ensure that any international transfer is carried out in accordance with this Privacy Policy and GDPR.

10. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the Service.

When we make material changes, we will notify you in an appropriate way before the changes take effect, for example via our website or by direct communication where appropriate. The latest version will always be available at https://vaultody.com/privacy-policy.

If a change requires your consent under applicable law, we will seek your consent again.

11. Your Rights and How to Contact Us

11.1 Data subject rights

Subject to applicable law, you have the following rights in relation to your personal data processed by Vaultody:

Right of access: to obtain confirmation whether we process your personal data and, if so, to receive a copy of the data and information about the processing.
Right to rectification: to request correction of inaccurate, outdated or incomplete personal data.
Right to erasure (“right to be forgotten”): to request deletion or anonymisation of your personal data where there is no longer a legal basis for processing.
Right to restriction of processing: to request that we limit the processing of your data in certain situations (for example, while we verify accuracy or handle an objection).
Right to object: to object to processing based on legitimate interests, including profiling, and to object at any time to the use of your data for direct marketing.
Right to data portability: to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible and legally required.

Some rights are subject to conditions and legal limitations. For example, the right to data portability applies when we process your data by automated means and on the basis of consent or a contract.

11.2 Exercising your rights

To exercise any of your rights or to ask questions about how we process personal data, please contact us in writing using the details below. For security reasons, we may need to verify your identity before acting on your request.

11.3 Contact details

Email: [email protected]

Postal address:
Vaultody LTD
“Doctor Yordan Yosifov” 1a, 3rd floor
1700 Sofia
Bulgaria

Contact person: Nashwan Khatib, CEO