Terms of Service

1. Agreement

These Terms of Service ("Terms") form a legally binding agreement between Privacy Vault Technologies LLC ("Privacy Vault", "we") and the merchant or organization installing or using our platform ("Merchant", "you"). By installing the Privacy Vault application on Shopify, VTEX, Nuvemshop, Tray, or any other platform we publish on, by signing up at app.privacyvault.store, or by using any Privacy Vault service, you accept these Terms in full.

2. The service

Privacy Vault is a zero-knowledge multichannel customer retention platform. We help merchants engage their customers through Email, WhatsApp, Web Push, and on-site Banners while keeping personally identifiable information (PII) hashed and inaccessible to Privacy Vault employees. The service includes:

• Multichannel messaging engines (47 proprietary engines covering retention, churn prediction, fatigue management, and attribution);
• Hashed customer data storage in tenant-isolated databases (one set of databases per merchant);
• Integrations with e-commerce platforms (Shopify, VTEX, Nuvemshop, etc.) and ad networks (Meta CAPI, Google Enhanced Conversions);
• A merchant portal at app.privacyvault.store;
• Optional add-on integrations the merchant explicitly enables.

3. Eligibility

You may use Privacy Vault if you (a) are at least 18 years old or the legal majority age in your jurisdiction, (b) have authority to bind the legal entity using the service, (c) operate a legitimate business, and (d) comply with all applicable laws (including export controls, sanctions, anti-money-laundering, and consumer protection regulations).

We reserve the right to refuse or suspend service to any merchant operating in restricted industries (firearms, gambling, adult content where prohibited, or anything illegal under United States federal law) at our sole discretion.

4. Merchant data ownership

Merchant retains exclusive ownership of all customer data processed through Privacy Vault. Privacy Vault is a processor (and, where applicable, a sub-processor under Shopify or other platform DPAs) and never claims ownership over the merchant's customer data.

Merchant grants Privacy Vault a limited, non-exclusive, worldwide license to process customer data solely to deliver the service the merchant configured (e.g., send messages, calculate retention scores, attribute conversions). This license terminates when the merchant uninstalls the platform or deletes their account, with the retention windows described in the Privacy Policy.

5. Consent and lawful messaging (merchant obligations)

The merchant is solely responsible for collecting valid opt-in consent from their customers before transmitting customer signals to Privacy Vault. Privacy Vault will only send messages to recipients whose consent state is explicitly recorded (per the channel: email, WhatsApp, push, banner). The merchant warrants that:

• They comply with GDPR (EU), LGPD (Brazil), CAN-SPAM (USA), CASL (Canada), and any other applicable consent or anti-spam law;
• They honor unsubscribe and data subject erasure requests promptly (we will assist as a processor);
• They do not transmit prohibited content (illegal, fraudulent, harassing, deceptive, or infringing);
• They have lawful basis for any data they instruct us to process.

Privacy Vault enforces hard guardrails — we will refuse to send messages to identifiers without recorded consent, and we maintain a "Trap Score Engine" that detects and refuses to message known spam traps.

6. Acceptable use

The merchant may not, and may not permit any third party to:

• Reverse-engineer, decompile, or attempt to discover the source code of Privacy Vault;
• Bypass authentication, rate limits, or security controls;
• Use Privacy Vault to send unsolicited messages, phishing, malware, or spam;
• Use the service to compete with Privacy Vault or copy our architecture (which is patented in Brazil under BR 10 2025 022120 9 and pending in additional jurisdictions);
• Resell or sublicense the service without a written agreement;
• Use the service in violation of Shopify, VTEX, Nuvemshop, or any other platform's terms of service.

7. Pricing and billing

Privacy Vault offers tiered pricing based on the merchant's customer base. Billing is processed by the platform of installation (Shopify Billing API for Shopify merchants) or by our payment processor. The current pricing tiers are published at privacyvault.tech/#pricing.

• Subscriptions are recurring monthly until cancelled;
• Cancellation takes effect at the end of the then-current billing period;
• Refunds: prorated for the unused portion of the current period only when the cancellation is initiated due to a service-level breach attributable to Privacy Vault. Otherwise, no refunds — consistent with the Shopify billing convention;
• Failure to pay: we reserve the right to suspend service after 7 days past due and terminate after 30 days. Hashed customer data persists during suspension; on termination, we deliver an export to the merchant within 30 days and then purge it.

8. Service-level objectives

We target 99.9% monthly availability (excluding planned maintenance) for the merchant portal and webhook receivers. We are not a real-time messaging service — message delivery latency depends on third parties (AWS SES, Meta Cloud API, etc.). Service-level credits are not currently offered; we will publish formal SLAs when we launch enterprise tiers.

9. Intellectual property

Privacy Vault, the Shield Diamond logo, the Zero-Knowledge Vendor Architecture (ZKVA), the Dark Chamber, and all related trademarks and patents (including BR 10 2025 022120 9) are the exclusive property of Privacy Vault Technologies LLC. The merchant receives a non-exclusive, non-transferable, revocable license to use the service for the duration of the subscription.

Feedback the merchant provides may be used by Privacy Vault to improve the service without obligation to compensate or attribute, while not disclosing the merchant's identity without permission.

10. Privacy and security

Our handling of personal data is governed by the Privacy Policy, which is incorporated into these Terms by reference. We commit to the security practices described there, and to incident notification within 72 hours of confirmed unauthorized access affecting the merchant's data.

11. Disclaimers

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR UNINTERRUPTED OPERATION. WE DO NOT WARRANT THAT THE SERVICE WILL MEET ALL OF THE MERCHANT'S REQUIREMENTS OR THAT IT WILL BE ERROR-FREE.

12. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, PRIVACY VAULT'S TOTAL CUMULATIVE LIABILITY FOR ANY CLAIM ARISING OUT OF OR RELATED TO THE SERVICE IS LIMITED TO THE FEES PAID BY THE MERCHANT IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR ONE HUNDRED US DOLLARS (USD 100), WHICHEVER IS GREATER. IN NO EVENT WILL WE BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, REVENUE, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY.

Some jurisdictions do not allow exclusion of certain warranties or limitations on liability, so portions of this section may not apply to you to the extent prohibited by law.

13. Indemnification

The merchant agrees to indemnify and hold harmless Privacy Vault Technologies LLC and its officers, employees, and agents from any claim, damage, loss, or expense (including reasonable attorneys' fees) arising from (a) the merchant's customer data or content, (b) the merchant's violation of these Terms or applicable law, or (c) the merchant's failure to obtain proper consent from their customers before transmitting their data to us.

14. Term and termination

These Terms apply from the moment the merchant installs Privacy Vault and continue until either party terminates. The merchant may terminate by uninstalling the application from their store and following the account-deletion process in the merchant portal. Privacy Vault may terminate or suspend service immediately for material breach (including non-payment, prohibited use, or violation of consent obligations), or with 30 days' notice for any reason.

Sections 4, 9, 10, 11, 12, 13, 15, and 16 survive termination.

15. Governing law and dispute resolution

These Terms are governed by the laws of the State of Florida, USA, without regard to conflict-of-laws principles. Any dispute will be resolved exclusively in the state or federal courts of Miami-Dade County, Florida, and the merchant consents to personal jurisdiction in those courts. The parties waive any right to a jury trial.

Before initiating any formal proceeding, the parties agree to attempt informal resolution by emailing admin@privacyvault.tech with the subject "Dispute Resolution Request" and engaging in good-faith discussion for at least 30 days.

16. Miscellaneous

• Entire agreement. These Terms, together with the Privacy Policy and any platform-specific addenda (e.g., Shopify Partner DPA), constitute the entire agreement between the parties.
• No assignment. The merchant may not assign these Terms without Privacy Vault's written consent. We may assign these Terms to a successor in connection with a merger, acquisition, or asset sale.
• Severability. If any provision of these Terms is found unenforceable, the remaining provisions remain in full effect.
• No waiver. Our failure to enforce any right is not a waiver of that right.
• Force majeure. Neither party is liable for delays or failures caused by events beyond reasonable control (natural disasters, infrastructure outages affecting Cloudflare, AWS, or Meta, governmental orders, etc.).
• Notices. We send notices by email to the merchant's primary admin address. The merchant sends notices to admin@privacyvault.tech.
• Updates to these Terms. We will notify merchants of material updates by email at least 30 days before they take effect. Continued use of the service after the effective date constitutes acceptance.