1. Data We Collect

We collect only the data needed to provide VaultDevLabs diagnostic tools, reviews, support, payments, and related fix services.

This may include your name, email address, site URL, store details, support messages, review intake details, scanner inputs, scanner outputs, screenshots, logs, CSV exports, order IDs, payment IDs, and issue descriptions you choose to send.

Payment checkout data is handled by Stripe. We do not store full card details on our systems.

Support and review emails may be processed through Resend so we can receive requests, send confirmations, and reply to customers.

We may collect analytics events such as scan starts, scan completions, review CTA clicks, and support submissions to understand whether the site and tools are working.

2. Scan Credentials

WooCommerce and Stripe credentials submitted to the scan are used only to perform the requested scan. The app does not save them to application storage.

Use restricted, read-only, or least-privilege credentials where available. Do not submit credentials you are not authorized to use.

Diagnostic scans are designed to avoid write actions such as refunds, captures, cancellations, order edits, deletes, or payment changes.

3. Data We Do Not Collect

We do not run advertising networks or behavioral ad tracking.

We do not sell personal data.

We do not share personal data with third parties for advertising.

We do not intentionally store WooCommerce or Stripe API credentials submitted to the scan.

4. How We Use Data

We use data to operate the tools, run requested scans, process payments, handle review intake, provide support, send service emails, improve reliability, prevent abuse, and complete agreed fix or setup work.

Review intake data may be matched to Stripe checkout records by review ID, customer email, or related payment details so we can connect payment and submitted evidence.

We do not use your data for unrelated marketing profiling.

5. Service Providers

We use service providers needed to run the site and services, including payment processing through Stripe, email delivery through Resend, hosting and infrastructure providers, analytics providers, and APIs you ask us to call for diagnostics.

Providers are used for service delivery and are expected to apply appropriate safeguards.

Some diagnostic or review work may involve third-party systems you control, such as WordPress, WooCommerce, Stripe, hosting providers, plugins, or automation tools.

6. Data Retention

We keep support requests, review records, intake details, billing records, and operational logs only for as long as needed to provide services, manage payments, comply with legal requirements, resolve disputes, and improve reliability.

Scanner inputs and credentials are handled for the requested scan. Scanner findings, exported evidence, support messages, and review records may be retained when needed for support, diagnostics, or agreed service delivery.

On platforms with ephemeral storage, local operational records may not be durable. Email alerts and payment provider records may remain the operational source of truth unless durable storage is configured.

7. Your GDPR Rights

If you are in the UK or EEA, you have rights under data protection law, including access, correction, deletion, restriction, objection, and data portability where applicable.

You may also withdraw consent where processing is based on consent, and you may lodge a complaint with your data protection authority.

To exercise your rights, contact us using the details below.

8. Security

We use reasonable technical and organizational measures to protect personal data from unauthorized access, loss, or misuse.

No online service can guarantee absolute security. Use restricted credentials, avoid sending passwords by email, and revoke temporary access when work is complete.

9. Contact

For privacy questions or requests, contact support@vaultdevlabs.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the Last updated date on this page.

Continuing to use the services after changes means you accept the updated policy.