Privacy Policy
Vault by iSwiss
Last updated: 22 June 2026 · Versione italiana
Vault is a private messaging app built on the open Matrix protocol, with end-to-end encryption. This policy explains what data we process, why, and what rights you have. It is written in line with the EU General Data Protection Regulation (GDPR) and Canadian privacy law (PIPEDA).
Transparency on who we are and where we operate. Vault is operated by iSwiss Inc., a company registered in Canada. The servers that run the service are hosted in Germany (European Union). The phrase “Swiss privacy” is a brand attribute and does not indicate the jurisdiction or the hosting location.
1. Data controller
The data controller is iSwiss Inc. (Canada). For any request regarding your data, write to privacy@iswisspay.ca.
2. Data we process
- Account. To use Vault you create a username and a password. No phone number is required. You may optionally add a display name and a profile picture.
- Messages, files and calls. The contents of your conversations are protected by end-to-end encryption: they are encrypted on your device and stored on our servers only in encrypted form.
- Key backup. To let you recover access and use multiple devices, Vault may store an encrypted backup of your encryption keys on our servers, protected by a recovery secret managed by our authentication system.
- Technical and connection data. To run and protect the service we process technical data such as IP address, connection date and time, device type and technical identifiers (room ID, event ID, device ID). We keep access logs for a limited period for security and diagnostics.
- Push notifications. If enabled, notifications are delivered through Google Firebase Cloud Messaging. The message content is not disclosed: the notification carries only the technical references needed to retrieve the encrypted message on your device.
- Location (optional). If you choose to use location sharing, your location is sent into the conversation, end-to-end encrypted, only on your explicit action (never in the background for other purposes). To display the map, the app requests map data from MapTiler (a third-party map provider): MapTiler may receive the technical requests needed to render the map, but we do not disclose your identity to it.
3. What we do NOT do
- We do not sell, share or monetise your data.
- We do not profile you and we do not show advertising.
- We do not request or upload your address book.
- We do not collect usage statistics: telemetry and analytics tools are disabled.
4. Purposes and legal bases
We process data to: provide the messaging service (performance of the contract), ensure its security and prevent abuse (legitimate interest), and comply with legal obligations. Push notifications and optional features rely on your consent, which you can withdraw at any time in the settings.
5. Data retention
Encrypted messages remain on the servers until deleted by you or from the conversation. Account data is kept while the account is active. Technical logs are retained for a limited period and then deleted or anonymised.
6. International transfers
iSwiss Inc. is based in Canada and the servers are in Germany (EU): processing may involve transfers of data between Canada and the European Union, carried out with the safeguards required by applicable law.
7. Your rights
You have the right to access, rectify, erase, restrict the processing of, port, and object to the processing of your data. You can exercise these rights by writing to privacy@iswisspay.ca. You also have the right to lodge a complaint with the competent supervisory authority (in the EU, your national data protection authority; in Canada, the Office of the Privacy Commissioner).
8. Children
Vault is intended for users aged 17 and over. We do not knowingly collect data from children below that age.
9. Changes to this policy
We may update this policy over time. Material changes will be published on this page with a new “last updated” date.