Privacy Policy

1. Data Controller

TierVault is the data controller for personal information collected through our platform. We are responsible for determining how your personal data is processed and for what purposes.

2. Information We Collect

2.1 Information You Provide

When you use TierVault, you may provide us with:

• Account Information: Discord user ID, username, avatar, and email address (if provided through Discord OAuth)
• Content: Files, folders, and associated metadata you upload to our platform
• Configuration Data: Server settings, role configurations, and access permissions
• Payment Information: Billing details processed through our payment provider (Stripe)
• Communications: Support requests, feedback, and other correspondence

2.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Device Information: Browser type, operating system, and device identifiers
• Network Information: IP address (hashed for privacy) and approximate geographic location
• Usage Data: Pages visited, features used, download activity, and timestamps
• Performance Data: Error logs and diagnostic information

2.3 Information from Third Parties

We receive information from third-party services:

• Discord: Server membership, role assignments, and profile information necessary for access control
• Payment Processors: Transaction status and billing information (we do not store full payment card numbers)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under applicable data protection laws:

4. How We Use Your Information

We use your information to:

4.1 Provide and Operate the Services

• Authenticate your identity through Discord OAuth
• Store and deliver your content to authorized recipients
• Manage role-based access permissions
• Process payments and manage subscriptions
• Send service-related notifications and updates

4.2 Improve and Protect the Services

• Analyze usage patterns to improve functionality
• Detect, prevent, and address fraud and security issues
• Monitor for unauthorized content sharing (leak detection)
• Debug and fix technical issues
• Develop new features and services

4.3 Communicate with You

• Respond to support requests and inquiries
• Send important service announcements
• Provide information about features and updates

5. Information Sharing and Disclosure

5.1 Service Providers

We share information with trusted third-party service providers who assist in operating our platform:

• Cloud Infrastructure: Enterprise-grade hosting and storage providers
• Payment Processing: PCI-compliant payment processors for subscription billing
• Analytics: Privacy-focused analytics for service improvement

5.2 Creators and Subscribers

Creators can view download analytics for their content, including Discord usernames, role assignments, and download timestamps. This information is necessary for Creators to manage their content distribution.

5.3 Legal Requirements

We may disclose information if required by law, legal process, or government request, or when necessary to protect our rights, privacy, safety, or property.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is subject to a different privacy policy.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@tiervault.app. We will respond within 30 days (or as required by applicable law).

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with service providers
• Encryption of data in transit and at rest

9. Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: TLS 1.3 for data in transit; AES-256 for data at rest
• Authentication: OAuth 2.0 through Discord; secure session management
• Access Controls: Role-based access; principle of least privilege
• Monitoring: Real-time threat detection and security logging
• Infrastructure: Enterprise-grade cloud providers with SOC 2 compliance

While we strive to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

10.1 Essential Cookies

Required for the platform to function. These include session cookies for authentication and security tokens.

10.2 Functional Cookies

Remember your preferences and settings to enhance your experience.

10.3 Analytics Cookies

Help us understand how users interact with our platform. We use privacy-focused analytics that do not track individuals across sites.

You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

11. Children's Privacy

Our Services are not intended for children under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us at privacy@tiervault.app. We will promptly delete such information.

12. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights
• Right to correct inaccurate personal information
• Right to limit the use of sensitive personal information

To exercise these rights, contact us at privacy@tiervault.app or call our privacy line.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Effective date" at the top of this page
• Sending an email notification for significant changes (where required)

Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

You also have the right to lodge a complaint with your local data protection authority if you are unsatisfied with our handling of your personal data.