Privacy Policy

Vulta (“we”, “us”, “our”) operates the website at vulta.one and the associated API and dashboard services. We provide non-custodial checkout software that routes crypto payments to wallet addresses you control.

Account data. When you register, we store your email address, a bcrypt-hashed password (or a Google OAuth token if you use Google sign-in), and the timestamps of your account activity.

Wallet addresses. You may add payout destination addresses. We store these as plain text — they are public blockchain addresses and carry no financial risk when known to us.

Payment request metadata. We store reference IDs, amounts, currencies, status, and creation timestamps for payment requests you create.

Usage data. We log HTTP requests (IP address, user agent, route, status code, and latency) for security and debugging. Logs are retained for 30 days and then deleted.

Cookies. We use a single functional cookie to maintain your session. No tracking or advertising cookies are set. If you decline our cookie banner, no cookies are stored.

We do not collect government-issued identification, banking details, social security numbers, seed phrases, private keys, or any information that would classify us as a money-service business under any jurisdiction.

Fiat-to-crypto conversions for your customers are handled by regulated third-party payment providers. These providers perform any required KYC on the payer — we receive only the resulting transaction hash and destination wallet address.

We use your data exclusively to:

• Authenticate you and maintain your session.
• Route on-chain payments to your configured addresses.
• Send transactional emails (payment confirmations, password reset links, subscription receipts).
• Enforce subscription plan limits and expiry.
• Debug errors and prevent abuse of our infrastructure.

We do not sell, rent, or share your data with third parties for marketing purposes.

We use the following sub-processors:

• Resend — transactional email delivery. Receives your email address only when we need to send you a message.
• Licensed payment providers — fiat on-ramp for your customers. Operate under their own privacy policies and handle all payer KYC.
• Infura / public blockchain RPC nodes — used to query on-chain transaction status. No personal data is transmitted.

We retain your account data for as long as your account is active. If you delete your account, we delete all associated personal data within 30 days, except where retention is required by law or needed to resolve an open dispute.

Server logs are purged automatically after 30 days.

Your password is stored as a bcrypt hash and is never stored in plain text. Your encrypted wallet vault (if applicable) is encrypted client-side before transmission. All API traffic is served over HTTPS/TLS. We do not store payment card data at any time.

Depending on your jurisdiction, you may have rights including:

• Access. Request a copy of the personal data we hold about you.
• Correction. Ask us to fix inaccurate or incomplete data.
• Deletion. Ask us to delete your account and associated data.
• Portability. Receive your data in a machine-readable format.
• Objection. Object to specific uses of your data.

To exercise any of these rights, email us at privacy@vulta.one. We will respond within 30 days.

We use one session cookie necessary to keep you logged in. No third-party tracking, analytics, or advertising cookies are placed without your consent. You may decline non-essential cookies via the consent banner without losing access to core functionality.

Our service is not directed to anyone under the age of 18. We do not knowingly collect data from minors. If you believe we have collected data from a minor, contact us immediately at privacy@vulta.one.

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top. Material changes will be communicated by email if you have an active account.

Questions or concerns? Email privacy@vulta.one.