Privacy Policy

VocalVault ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at vocalvault.co.nz ("the Platform").

By using VocalVault, you consent to the practices described in this policy. If you do not agree, please do not use the Platform.

Account Information: When you register, we collect:

• Email address
• Username and display name
• Password (stored securely using bcrypt hashing)
• Profile picture and banner image (optional)
• Bio and social media links (optional)

Payment Information: Payment processing is handled by Airwallex. We do not store your credit card numbers or bank account details. We store:

• Airwallex account identifiers for seller payouts
• Transaction records (purchase amounts, dates, items)
• Subscription status and billing history

Usage Data: We automatically collect:

• IP address (used for rate limiting, security, and approximate country detection)
• Pages visited and features used
• Audio playback activity (for analytics and recommendations)
• Device type and browser information

User-Generated Content: Audio files, reviews, messages, and custom request details you submit to the Platform.

We use your information to:

• Provide and maintain the Platform and your account
• Process purchases, subscriptions, and seller payouts
• Facilitate communication between buyers and sellers
• Send transactional emails (purchase confirmations, license delivery, 2FA codes)
• Enforce our Terms & Conditions and prevent fraud
• Improve the Platform through analytics and usage patterns
• Detect and prevent security threats, abuse, and unauthorized access
• Comply with legal obligations

We do not sell your personal information to third parties.

We share your information only in the following circumstances:

• Payment Processing: Transaction data is shared with Airwallex to process payments and payouts
• Email Delivery: Your email address is shared with our email service provider (Mailgun) to send transactional emails
• File Storage: Uploaded files (audio, images) are stored on Amazon S3 cloud storage
• Audio Fingerprinting: Pro subscribers' vocals may be processed by ACRCloud for derivative works scanning
• Other Users: Your public profile (username, display name, profile picture, bio) is visible to other users. Buyer/seller identities are shared within transactions
• Legal Requirements: We may disclose information if required by law or to protect rights, safety, or property

We implement security measures to protect your data, including:

• Passwords are hashed using bcrypt (never stored in plain text)
• Two-factor authentication (2FA) is available for all accounts
• All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
• Rate limiting and account lockout to prevent brute-force attacks
• JWT-based authentication with token versioning for session management
• Regular security audits and vulnerability assessments

While we take reasonable steps to protect your data, no system is 100% secure. We encourage you to use a strong, unique password and enable 2FA on your account.

VocalVault uses browser local storage (not traditional cookies) to:

• Maintain your login session (authentication tokens)
• Store your theme preference (dark/light mode)
• Cache shopping cart contents

We do not use third-party tracking cookies. We do not serve third-party advertisements.

We retain your data as follows:

• Account Data: Retained for as long as your account is active. You may delete your account at any time through account settings
• Transaction Records: Retained for 7 years for legal and financial compliance
• Uploaded Content: Audio files and images are removed when you delete the associated content or your account
• Messages: Conversation history is retained while both participants have active accounts
• Server Logs: IP addresses and access logs are retained for up to 90 days for security purposes

Under New Zealand's Privacy Act 2020, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal information
• Deletion: Delete your account and associated data through account settings, or request deletion by contacting us
• Complaint: Lodge a complaint with the New Zealand Privacy Commissioner if you believe your privacy has been breached

To exercise these rights, contact us at the email address below.

VocalVault is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected data from a user under 18, we will promptly delete their account and associated information.

VocalVault operates from New Zealand. Your data may be processed and stored in other countries (including the United States and Australia) through our service providers (Amazon S3, Airwallex, Mailgun). By using the Platform, you consent to this transfer. We ensure our service providers maintain appropriate data protection standards.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Platform. Continued use of the Platform after changes constitutes acceptance of the updated policy.

For privacy-related questions or requests, contact us at:

Vocal Vault Limited

NZBN: 9429053404800

47 Chaucer Road South, Hospital Hill, Napier, Hawke's Bay 4110, New Zealand

Phone: 022 850 3753

support@vocalvault.co.nz