HomeTimeLockJournalContactGet on Android

Legal

Privacy Policy

How 180Vault handles your data. Short version: we don't sell it, and we never read your capsules.

Last updated: May 28, 2026

Introduction

180Vault LLC (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you access or use any 180Vault product or service, including the TimeLock mobile application and associated websites (collectively, the “Service”). By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

This Privacy Policy should be read in conjunction with our Terms & Conditions.

1. Information We Collect

We collect information in the following categories:

a. Information You Provide Directly

  • Account information: email address (used to authenticate via Google sign-in or one-time email link), and any optional profile details (such as a display name) you choose to provide. We do not use or store passwords.
  • User Content: photos, videos, audio, notes, text, or other materials you upload and store (“User Content”).
  • Delivery instructions: recipient contact information (email addresses) and timing preferences for content delivery.
  • Payment-related communications: subscription confirmations processed through third-party app stores. We do not collect or store payment card details.
  • Communications: messages or support requests you send to us.

b. Information Collected Automatically

  • Device and usage data: device type, operating system, IP address, app version, unique device identifiers, crash logs, and performance metrics.
  • In-app analytics and crash reporting: app-state events (such as screen views, sign-up completion, paywall views, and paid conversions) collected via Firebase Analytics (Google LLC) and crash and performance data collected via Firebase Crashlytics (Google LLC). These SDKs collect app-state signals only. Capsule content — message text, recipient names, delivery dates, photos, and attachment metadata — is never included in any analytics event or crash report.
  • Advertising measurement (in-app): install and paid-conversion events sent to Meta Platforms Inc. via the Meta SDK for App Events, used solely to measure the effectiveness of our advertising. Capsule content is never included in these signals.
  • Marketing website analytics (180vault.com only): the public marketing website uses Meta Pixel, Google Analytics (Google LLC), and server-side Conversion APIs to measure site visits, ad attribution, and funnel performance. This tracking applies only to the public website and does not interact with the TimeLock app or your account data.

You can disable in-app analytics and crash reporting at any time in the app's Privacy & Security settings. When disabled, no analytics events or crash logs are sent from the app.

We do not collect precise geolocation data.

c. Information from Third Parties

  • App store platforms (Apple App Store, Google Play Store) may provide limited data such as subscription status or transaction identifiers.
  • We use Google's Firebase Authentication to support Google sign-in and one-time email-link sign-in. When you sign in with Google, your basic profile information (name, email) is shared with us through Firebase. We do not import data from social media.
  • We do not collect sensitive personal information (e.g., health data, biometric data, financial details beyond subscription metadata) unless voluntarily included by you in User Content.

2. How We Use Your Information

We use collected information solely for the following purposes:

  • To provide, maintain, and improve the Service, including storing and delivering User Content as per your instructions.
  • To authenticate accounts and send notifications (e.g., reminders to extend delivery periods).
  • To process subscriptions via third-party app stores.
  • To respond to support inquiries and communicate with you.
  • To detect, prevent, and address technical issues, fraud, or misuse.
  • To comply with legal obligations, respond to lawful requests, or protect our rights.

We do not use your User Content (capsule messages, photos, recipient data) for advertising, profiling, or any purpose beyond delivering the Service. App-state analytics (screens, taps, conversions) inform service improvement and ad measurement as described in Section 1.

3. Data Sharing and Disclosure

We do not sell your personal information or User Content. We share information only in limited circumstances:

  • With third-party service providers who process data on our behalf strictly to support Service operations: Google Firebase (authentication, push notifications, app-state analytics via Firebase Analytics, crash and performance monitoring via Firebase Crashlytics); Meta Platforms Inc. (advertising measurement via Meta SDK for App Events — install and paid-conversion signals only); Google LLC (marketing website analytics via Google Analytics and Conversion APIs); iDrive Inc. via iDrive e2 S3-compatible object storage (encrypted storage of your User Content); Contabo GmbH (virtual private server hosting for our backend services); Plus Five Five, Inc. (dba Resend) — delivery of the letters and emails you schedule; Google Play Billing (subscription transaction validation).
  • To app store providers for subscription management.
  • When required by law, court order, or governmental request.
  • To protect the safety, rights, or property of 180Vault LLC, users, or the public (e.g., in response to credible threats of harm).
  • In connection with a merger, acquisition, or sale of assets, with notice where required.

Capsule content is never shared with advertising platforms. Message text, photos, recipient names, delivery dates, and attachment metadata are never logged to analytics services, never transmitted to Meta Platforms or Google for advertising purposes, never used to train machine-learning models, and never accessed for personalization or targeting. We do not routinely access your capsule content. We may access it only when necessary to investigate abuse reports, respond to lawful legal requests, or resolve a technical issue you have reported to us.

4. Data Security

We implement commercially reasonable technical, administrative, and organizational measures to protect your information, including:

  • Data is encrypted in transit using HTTPS/TLS for all communication with our backend and third-party services. Vault file content stored via iDrive e2 (an S3-compatible object storage service provided by iDrive Inc.) is encrypted at rest with AES-256 (server-side encryption). Other data at rest is protected by access controls and provider-level disk encryption.
  • Access controls limiting employee access to a need-to-know basis.
  • Regular security assessments and monitoring.

Despite these safeguards, no system is completely secure. You use the Service at your own risk, and we cannot guarantee absolute security.

5. Data Retention

We retain your account information and User Content for as long as your account remains active or as necessary to provide the Service (including any pending deliveries). Upon account deletion or termination:

  • Scheduled letters that have not yet been delivered are cancelled when you delete your account. We may briefly retain backups or processing logs for legal compliance, but these are not used to deliver content after account deletion.
  • We delete or anonymize other personal information in accordance with our retention schedule, subject to legal requirements.

You may request deletion of your account and associated data through the Service settings.

If you downgrade to a lower-tier plan, your existing letters are preserved. You will not be able to create new capsules beyond the limit of your new plan until you are within that limit, but no existing letters are deleted.

6. Children's Privacy

The Service is not directed to children under 13 years of age, and we do not knowingly collect personal information from them. If we become aware of such collection, we will delete the information promptly. Users under 18 require parental or guardian permission as outlined in our Terms & Conditions.

We comply with applicable laws regarding minors, including relevant Utah statutes.

When you enter a recipient's first name during the optional pre-sign-in personalization step, that name is used solely to pre-fill the opening of your letter and is never stored as a separate field — it becomes part of your User Content (the letter body) and is handled accordingly.

7. International Data Transfers

The Service is operated by 180Vault LLC, a United States company. Your information is stored and processed in the United States, in a data center operated by Contabo GmbH (a German company) through its US subsidiary, Contabo Inc. (St. Louis, Missouri). Data transfers from Contabo GmbH to its US data center operations are governed by Standard Contractual Clauses (SCCs) adopted under GDPR Article 46.

If you are located outside the United States, your personal data will be transferred to and processed in the United States. The United States may not offer the same level of data protection as the country in which you reside. We rely on your consent (provided when you use the Service) and, for processing by our EU-established processors, on Standard Contractual Clauses and other transfer mechanisms recognized under applicable law.

We do not transfer your personal data to countries other than the United States in connection with the provision of the Service.

8. Your Privacy Rights

Depending on applicable law (including the Utah Consumer Privacy Act), you may have rights to:

  • Access, correct, or delete your personal information.
  • Opt out of certain processing (though limited given our minimal use).
  • Request portability of data.

To exercise these rights, contact us at support@180vault.com. We will respond in accordance with legal requirements.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via in-app notification or email. Continued use of the Service after such changes constitutes acceptance.

10. Contact Information

180Vault LLC

support@180vault.com

This Privacy Policy is governed by the laws of the State of Utah.

Effective Date: March 22, 2026  ·  Last Updated: May 28, 2026

Company: 180Vault LLC

Jurisdiction: State of Utah, United States

Privacy Policy — 180Vault