Support
Direct line: admin@privacyvault.tech — we read every message and respond within one business day (Monday–Friday, 9:00–18:00 EST). For urgent production issues, write "URGENT" in the subject line; for security disclosures, write "SECURITY".
How to reach us
General questions, billing, account help
Email: admin@privacyvault.tech
Response time: within one business day (often within 4 hours).
Production incidents (service down, messages not sending, urgent bugs)
Email: admin@privacyvault.tech with "URGENT" in the subject line
Response target: within 4 hours, business days. Best-effort during weekends and holidays.
Security vulnerability disclosures
Email: admin@privacyvault.tech with "SECURITY" in the subject line
We acknowledge security reports within 24 hours. Please do not open public issues — coordinated disclosure preserves both your customers and ours.
We will publicly acknowledge contributors who responsibly disclose vulnerabilities (with permission).
Privacy and data subject rights (GDPR / LGPD)
Email: admin@privacyvault.tech with "DPO/LGPD" or "DPO/GDPR" in the subject line
If you are a customer of a merchant who uses Privacy Vault: please contact the merchant directly. They are the controller of your data; we act as processor on their instructions. We assist any merchant Data Subject Access Request within 72 hours of receiving the merchant's instruction.
Common questions
How do I install Privacy Vault on my Shopify store?
Once our app is published in the Shopify App Store, search for "Privacy Vault" and click Add app. The app requests read-only access to products, customers, orders, checkouts, inventory, fulfillments, price rules, and discounts so it can run retention without writing to your store. The OAuth flow is standard Shopify — you approve the scopes and you are redirected to the Privacy Vault onboarding wizard. You can uninstall at any time from your Shopify admin.
What does "zero-knowledge" actually mean here?
It means we hash all personally identifiable information (email, phone, name, address, tax ID) at the moment we receive it, using SHA-256 with a salt that is unique to your store and that we cannot read. Behavioral signals are tied to those hashes, not to plaintext PII. The decryption keys live in an enclave (the "Dark Chamber") that requires your explicit owner approval to access. We do not have a master key. This is covered by patent BR 10 2025 022120 9 in Brazil and is what makes Privacy Vault different from a typical email-marketing tool.
How does Privacy Vault compare to Klaviyo, Omnisend, or Mailchimp?
- Architecture: they store plaintext customer PII; we store hashes only.
- Channels: they focus on email/SMS; we cover Email + WhatsApp + Web Push + on-site Banners (and we deliberately do not offer SMS — see the Privacy Policy for why).
- Compliance: they are designed for opt-out (CAN-SPAM); we are designed opt-in-first for GDPR/LGPD compliance from day one.
- Lock-in: they own your customer list; we do not — your data is yours, exportable on demand.
What happens when I uninstall the app?
Per Shopify policy, when you uninstall, Shopify sends us the app/uninstalled webhook and the three GDPR webhooks (customers/data_request, customers/redact, shop/redact). We honor each:
- Stop processing immediately;
- Make a final export of your hashed data and audit trail available for 30 days (downloadable from the merchant portal or via email request);
- Purge all data after 30 days unless you request earlier deletion.
Pricing and free tier
We offer a free tier for stores with up to 500 active customers. Above that, paid tiers scale with the customer base. Current tiers are published at privacyvault.tech/#pricing and on the Shopify App Store listing.
Where is my data stored?
On Cloudflare's global edge — the closest POP to where your customers shop. EU/UK customer data is processed in EU edge POPs by default. There is no central database; each merchant has tenant-isolated databases (the "14 D1" architecture). Encrypted backups go to Cloudflare R2 with three retention temperatures (hot 30 days, warm 90 days, cold 5 years).
Can I export my data?
Yes. The merchant portal has a one-click export of all data we process for you (hashed identifiers, behavioral events, consent state, attribution data). Format: JSONL or CSV. Available 24/7.
Does Privacy Vault read my customer data?
Privacy Vault employees cannot decrypt your customer data without your explicit owner-controlled key approval. We see hashed identifiers, behavioral signals, consent states, and aggregate metrics. We do not see plaintext email addresses, phone numbers, or names. Architectural verification is publicly auditable in 30 seconds via the Cloudflare binding inspector (the central dispatcher has zero database bindings — we cannot route reads to tenant data even if we wanted to).
I am a researcher / pentester — do you have a bug bounty?
Not formally yet. Until a public program launches, please email admin@privacyvault.tech with "SECURITY" in the subject line. We acknowledge within 24 hours and provide a coordinated-disclosure timeline. Researchers who responsibly disclose vulnerabilities can be acknowledged in our security hall of fame on this page (with their permission).
Status and uptime
The Privacy Vault status page will live at status.privacyvault.tech (in development as of May 2026). For now, you can monitor service health by visiting app.privacyvault.store/health — a simple health endpoint that returns 200 when our portal is up. Real-time backend telemetry is available to Enterprise customers via the Cloudflare Logpush integration.
Office hours
We hold a virtual "Privacy Vault Office Hours" weekly on Wednesdays, 14:00 EST, where merchants can ask anything about the platform, GDPR/LGPD compliance, or zero-knowledge architecture. Email admin@privacyvault.tech with subject "Office Hours RSVP" and we will send the calendar invite.
Mailing address
Privacy Vault Technologies LLC
Doral, Florida, USA
Email: admin@privacyvault.tech
Patent BR 10 2025 022120 9 — Zero-Knowledge Vendor Architecture (ZKVA)