Privacy Policy
Last updated: April 11, 2026
1. Introduction
XVaultPro Shop ("we," "our," or "us"), operated by XDRIP Digital Management LLC, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit shop.xvaultpro.com and purchase XVaultPro Shop / Aegis subscriptions and related products.
By using our services, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Personal Information
We collect information you voluntarily provide when creating an account, contacting support, subscribing to updates, or completing a purchase: name, email address, billing address, payment information (processed by Stripe), and phone number.
2.2 Automatically Collected Information
When you visit our site we may collect IP address, browser type, OS, pages viewed, and referring site — only with your consent for analytics purposes.
2.3 What We Do NOT Collect
XVaultPro operates on a zero-knowledge architecture. We never collect, store, or transmit your master password, vault contents, stored credentials, encryption keys, or recovery phrases. All cryptographic operations occur exclusively on your own device.
3. Legal Basis for Processing (GDPR Art. 6)
| Purpose | Legal Basis |
|---|---|
| Processing orders and Aegis subscriptions | Art. 6(1)(b) — Contract performance |
| Delivering XVaultPro software and license keys | Art. 6(1)(b) — Contract performance |
| Customer support and account management | Art. 6(1)(b) — Contract performance |
| Transactional emails (order confirmation, updates) | Art. 6(1)(b) — Contract performance |
| Marketing emails / newsletter | Art. 6(1)(a) — Consent (explicit opt-in) |
| Analytics (Matomo, self-hosted) | Art. 6(1)(a) — Consent (cookie consent) |
| Fraud prevention and security | Art. 6(1)(f) — Legitimate interest |
| Legal and tax compliance | Art. 6(1)(c) — Legal obligation |
4. Information Sharing
We do not sell your personal information. We may share it with:
- Stripe: Payment processing and fraud prevention (PCI-DSS Level 1 certified).
- Matomo: Self-hosted analytics — no data shared with third parties.
- Legal requirements: When required by law or to protect our rights.
5. Data Security
- SSL/TLS encryption for all data transmission
- PCI-DSS compliant payment processing through Stripe
- Regular security audits and updates
- Access controls, data minimization, and employee training
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Orders and billing records | 7 years (tax/legal obligation) |
| User account data | Until account deletion + 30 days |
| Marketing email consent | Until unsubscribe / consent withdrawal |
| Analytics data (Matomo) | 13 months (consent-based) |
| Security and access logs | 90 days |
| Customer support records | 3 years from ticket resolution |
7. International Transfers
XDRIP Digital Management LLC is based in the United States. For transfers from the EEA to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) for transfers to Stripe and other processors. For more information: contact@xvaultpro.com.
8. Your Rights — EEA Residents (GDPR)
- Access, correct, delete your data
- Object to or restrict processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with your national supervisory authority — edpb.europa.eu
To exercise these rights: contact@xvaultpro.com
9. California Residents — CCPA / CPRA
California residents have the right to Know, Delete, Correct, and Opt-Out of sale (we do not sell personal data). No discrimination for exercising these rights.
Email contact@xvaultpro.com — subject: "California Privacy Rights Request" — response within 45 days.
10. Colorado Residents — Colorado Privacy Act (CPA)
Colorado residents have rights to Access, Correct, Delete, and Port their data under CRS §6-1-1301 et seq. (effective July 1, 2023).
Email contact@xvaultpro.com — subject: "Colorado Privacy Request" — response within 45 days.
11. EU Representative (GDPR Art. 27)
XDRIP Digital Management LLC processes EU personal data primarily for direct purchase transactions and believes it qualifies for the exemption under GDPR Art. 27(2)(a). EU residents may contact us directly at contact@xvaultpro.com.
12. Children's Privacy
Our services are not intended for individuals under 18. We do not knowingly collect personal information from minors.
13. Contact Us
XVaultPro Shop — XDRIP Digital Management LLC
1345 Diana Lane, Colorado Springs, CO 80909, United States
Email: contact@xvaultpro.com