Privacy Policy

Effective date: 10 May 2026  ·  Last updated: 10 May 2026  ·  Operator: Mansoor Al Buhmaid  ·  Contact: support@vaultandvalue.app

This Privacy Policy explains what personal information Vault & Value (the App, we, us) collects from you, how it is used, who it is shared with, and what choices you have. It is written in plain English. If a section conflicts with applicable law in your jurisdiction, Bahraini law takes precedence.

1. Who we are

Vault & Value is an iOS application that helps you estimate fair prices for jewelry, watches, and bullion, save those items into a personal collection, and track their value over time.

The App is operated by Mansoor Al Buhmaid. You can contact us at support@vaultandvalue.app.

2. What we collect

We collect only the data needed to provide the App's features. Specifically:

We do not collect: location, contacts, browsing history, microphone audio, advertising identifiers (unless ads are enabled in a future version — see Section 9), or biometric data. Face ID is processed entirely on your device by iOS — we never see your face data.

3. How we use your information

• Provide the service. Show your saved items, run price estimates, fetch live and historical material prices, send notifications.
• Authenticate you. Sign in with Apple is the primary authentication. Your Apple ID identifier is exchanged with Supabase Auth to create a server-side session.
• Sync across devices. If you sign in on a new device, your collection appears.
• Communicate with you. Optional emails for support requests you initiate. We do not send marketing email unless you opt in.
• Improve the App. Aggregated, anonymized analytics on which features are used.

We never sell your personal information. We never use your saved items, photos, or invoices for advertising or model training.

4. Third-party service providers

We use the following providers to operate the App. Each is contractually bound to handle your data only on our behalf:

• Supabase Inc. — backend database, file storage, and authentication. Stores your account, items, photos, invoices, price alerts, and shares. supabase.com/privacy
• Apple Inc. — Sign in with Apple, push notifications via APNs, App Store transactions. apple.com/legal/privacy
• Google LLC — Google Sign In (alternative login method). policies.google.com/privacy
• Resend Inc. — transactional email delivery (used to email share invitations to recipients). Receives the recipient email address only. resend.com/legal/privacy-policy
• Cloudflare Inc. — DNS, CDN, and email forwarding for our domain. cloudflare.com/privacypolicy
• (Future, if enabled) Google AdMob for advertising in the free tier. Ads use limited identifiers and you may control these via iOS Settings → Privacy & Security → Tracking.

We do NOT share your data with data brokers, advertisers (beyond what AdMob may need to serve ads), or analytics partners outside what is listed above.

5. Where your data is stored

Your data is stored in Supabase's cloud infrastructure. The default region for our project is Seoul (ap-northeast-2). Data may transit through other regions during routine operations. Supabase data centers are SOC 2 Type II certified.

6. Security

We use industry-standard security measures:

• Transport security. All connections to our servers use HTTPS / TLS 1.2+.
• Database access controls. Supabase Row-Level Security restricts every query to your own user identifier.
• Storage access controls. Item photos and invoice photos are stored in private buckets accessible only to authenticated users for their own data.
• Local encryption. iOS protects your account credentials in the device Keychain.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within the timeframes required by applicable law.

7. Your rights

You can:

• Access your data — your collection, photos, invoices, and price alerts are visible in the App at any time.
• Edit your data — every saved field is editable inside the App.
• Delete your data — Profile → Delete Account performs a complete deletion of your account, items, photos, invoices, alerts, and shares. The deletion is irreversible.
• Export your data (coming in a future release) — request a copy by emailing support@vaultandvalue.app.
• Withdraw consent — by deleting your account.

If you reside in the EU/UK, you also have rights under GDPR including data portability and the right to lodge a complaint with your supervisory authority. If you reside in California, CCPA grants additional rights including the right to know what personal information we sell (we do not sell personal information).

To exercise any right, email support@vaultandvalue.app with your account email. We will respond within 30 days.

8. Children

The App is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information to the App, contact us and we will delete it.

9. Advertising

The free tier of the App may display advertisements served by Google AdMob. AdMob may use limited identifiers (such as the iOS Identifier for Advertisers) to serve relevant ads. You can:

• Opt out via iOS Settings → Privacy & Security → Tracking → toggle off "Allow Apps to Request to Track."
• Reset your advertising identifier in iOS Settings → Privacy & Security → Tracking.
• Subscribe to Vault & Value Plus to remove all advertisements.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via in-app notice or email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Questions about your privacy or this policy:

Email: support@vaultandvalue.app