1. Information We Collect

Account Information

When you register, we collect your name, email address, and a hashed password via Firebase Authentication. If you use Google or Apple sign-in, we receive the email address and display name associated with those accounts.

Profile & Identity Data

To process payouts you voluntarily provide: residential address, phone number, government ID details (type, number, expiry, issuing country), and tax identification information (SSN/EIN for W-9, or foreign tax ID for W-8BEN). Documents sent to kyc@vaultfunded.com are stored on encrypted servers and accessed only by compliance staff.

Trading Activity

We record orders, positions, trade history, profit/loss figures, and account balance snapshots to evaluate performance against our prop-firm rules and to calculate payouts.

Payment Information

We collect Wise email addresses and bank details (bank name, account number, routing/SWIFT code) solely for the purpose of processing payout transfers. We do not store full card numbers on our servers; card details entered at checkout are handled by our payment processor under PCI-DSS standards.

Technical Data

We automatically collect: IP address, browser type, device identifiers, operating system, pages visited, and timestamps. This data is used for security monitoring and product analytics.

2. How We Use Your Information

• Authenticate your identity and maintain your account
• Evaluate your trading performance against evaluation rules
• Process payout requests and comply with tax-reporting obligations
• Verify your identity (KYC) to comply with applicable regulations
• Send transactional emails (payout confirmations, account alerts)
• Detect fraud, investigate security incidents, and enforce our Terms
• Improve our platform through anonymised analytics

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your data on the following legal bases:

• Contract performance — processing necessary to operate your trading account and pay out profits
• Legal obligation — KYC/AML checks and tax-form collection required by law
• Legitimate interests — fraud prevention and platform security
• Consent — marketing communications (you may withdraw consent at any time)

4. Data Sharing

We do not sell your personal data. We share data only with:

• Firebase / Google — authentication and database infrastructure
• Wise — to execute payout transfers where Wise is selected
• Tax authorities — as required by law (e.g. IRS 1099-MISC reporting)
• Compliance partners — third-party KYC review services
• Law enforcement — when required by a valid legal order

5. Data Retention

We retain account and trading records for 7 years to comply with financial record-keeping requirements. KYC documents are retained for 5 years after account closure. You may request deletion of marketing data at any time; core financial records cannot be deleted while a legal hold applies.

6. Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We support two-factor authentication (TOTP) for all accounts. KYC documents are stored in access-controlled storage accessible only to authorised compliance personnel.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion (subject to legal retention requirements)
• Withdraw consent for non-essential processing
• Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at privacy@vaultfunded.com.

8. Cookies

We use essential cookies for session management and authentication. We do not use third-party advertising or cross-site tracking cookies. You can disable cookies in your browser settings, but this may prevent login from functioning.

9. Changes to This Policy

We may update this policy periodically. We will notify you of material changes by email or via a notice in the dashboard. Continued use of Vault after notification constitutes acceptance of the updated policy.