Privacy Policy

1. Overview

A*Vault ("we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy applies to all information collected through our website, products, and services.

We are the data controller for the personal information we collect about you. This means we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with applicable data protection laws, including the UK GDPR and Data Protection Act 2018.

Key Points:

We only collect information necessary to provide our services
We never sell your personal information to third parties
You have control over your data and can request its deletion
We use industry-standard security measures to protect your information

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

Create an Account: Name, email address, password
Make a Purchase: Billing information, payment details (processed securely by our payment providers)
Contact Us: Name, email, subject area, message content, university/institution
Subscribe to Updates: Email address, communication preferences
Participate in Surveys: Feedback, academic information, study preferences

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

Technical Information: IP address, browser type, device information, operating system
Usage Data: Pages visited, time spent on site, click patterns, referral sources
Performance Data: Page load times, error reports, download success rates
Location Data: General geographic location based on IP address

2.3 Information from Third Parties

We may receive limited information from:

Payment Processors: Transaction confirmations, fraud prevention data
Analytics Services: Aggregated usage statistics and performance metrics
Social Media: If you interact with our social media content (public interactions only)

3. How We Use Your Information

3.1 Primary Purposes

We use your personal information to:

Process Orders: Complete purchases, deliver digital products, send confirmations
Provide Customer Support: Respond to inquiries, resolve technical issues, provide assistance
Account Management: Create and maintain your account, enable downloads, track purchase history
Product Improvement: Analyze usage patterns to enhance our flashcard content and user experience

3.2 Communication

With your consent, we may use your information to:

Send order confirmations and download instructions
Provide important service updates and security notices
Share educational content and study tips (optional newsletter)
Notify you about new products that match your interests

3.3 Legal Basis for Processing

We process your personal data based on:

Contract Performance: To fulfill our obligations when you purchase our products
Legitimate Interests: To improve our services, prevent fraud, and ensure security
Consent: For marketing communications and optional features
Legal Obligations: To comply with tax, accounting, and other legal requirements

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Your privacy is fundamental to our business model.

4.2 Limited Sharing

We may share your information only in these specific circumstances:

Service Providers: Trusted partners who help us operate our business (payment processing, email delivery, analytics)
Legal Requirements: When required by law, court order, or to protect our legal rights
Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to you)
Safety and Security: To protect against fraud, abuse, or threats to safety

4.3 Service Provider Safeguards

All service providers are contractually required to:

Use your data only for specified purposes
Implement appropriate security measures
Delete or return data when services end
Comply with applicable data protection laws

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your personal information:

Encryption: All data transmission uses SSL/TLS encryption
Secure Storage: Personal data is stored on secure, access-controlled servers
Access Controls: Strict employee access controls and regular security training
Regular Audits: Ongoing security assessments and vulnerability testing
Incident Response: Established procedures for detecting and responding to security incidents

5.2 Payment Security

We use PCI DSS compliant payment processors and do not store your complete payment card information on our servers. Payment data is tokenized and processed through secure, industry-standard systems.

5.3 Your Role in Security

You can help protect your account by:

Using a strong, unique password
Keeping your login credentials confidential
Logging out of shared devices
Reporting suspicious activity immediately

6. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Account Information: Until you delete your account or request deletion
Purchase Records: 7 years for tax and accounting purposes
Support Communications: 3 years to maintain service quality
Marketing Data: Until you unsubscribe or request deletion
Analytics Data: Aggregated data may be retained indefinitely (anonymized)

When data is no longer needed, we securely delete or anonymize it according to our data retention schedule.

7. Your Privacy Rights

7.1 UK GDPR Rights

Under UK data protection law, you have the following rights:

Access: Request a copy of the personal data we hold about you
Rectification: Correct inaccurate or incomplete personal data
Erasure: Request deletion of your personal data (subject to legal obligations)
Restriction: Limit how we process your personal data
Portability: Receive your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for processing where applicable

7.2 Exercising Your Rights

To exercise any of these rights:

Email us at privacy@avault.co.uk
Include your full name and email address
Specify which right you wish to exercise
Provide any additional details to help us locate your data

We will respond to your request within one month and may ask for additional information to verify your identity.

7.3 Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies and Tracking

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how our site is used.

8.2 Types of Cookies We Use

Essential Cookies: Required for basic site functionality (shopping cart, login)
Performance Cookies: Help us understand site usage and improve performance
Functional Cookies: Remember your preferences and settings
Marketing Cookies: Used to deliver relevant advertisements (with your consent)

8.3 Managing Cookies

You can control cookies through:

Our cookie consent banner when you first visit
Your browser settings (though this may affect site functionality)
Third-party opt-out tools for advertising cookies

9. Third-Party Services

9.1 Payment Processing

We use trusted payment processors (such as Stripe, PayPal) to handle transactions securely. These services have their own privacy policies and security measures.

9.2 Analytics

We use Google Analytics to understand website usage. This service collects anonymized data about your interactions with our site. You can opt out using Google's opt-out tools.

9.3 Email Services

We use email service providers to send order confirmations and newsletters. These providers are contractually bound to protect your data and use it only for specified purposes.

9.4 External Links

Our website may contain links to external sites. We are not responsible for the privacy practices of these sites and encourage you to read their privacy policies.

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK. When this occurs:

We ensure adequate protection through approved transfer mechanisms
We use Standard Contractual Clauses or adequacy decisions where applicable
We require all recipients to provide appropriate safeguards
We limit transfers to what is necessary for our services

The countries where your data may be processed include the United States (for cloud services) and other EU/EEA countries (for various service providers).

11. Children's Privacy

Our services are designed for students aged 16 and older. We do not knowingly collect personal information from children under 16 without parental consent.

If you are under 16, please ask a parent or guardian to review this Privacy Policy and our Terms of Service before using our services or making any purchases.

If we become aware that we have collected personal information from a child under 16 without proper consent, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes, we will:

Post the updated policy on our website
Update the "Last Updated" date
Notify you via email if you have an account with us
Provide prominent notice on our website for material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy Officer: privacy@avault.co.uk

General Inquiries: support@avault.co.uk

Data Protection Officer: dpo@avault.co.uk

Postal Address: A*Vault Ltd, Privacy Department, London, United Kingdom

We are committed to resolving any privacy concerns you may have and will respond to your inquiries within 48 hours during business days.