Privacy Policy
Last updated: June 8, 2026
This Privacy Policy describes how Asset Vault ("we," "us," "the app") handles personal information when you use our mobile application. We respect your privacy and intentionally collect as little data as we can while still providing the service.
Who we are
Asset Vault is built and operated by Stephen Manogue as an individual developer ("we"). You can reach us at assetvaultprivacy@gmail.com for any privacy questions, data requests, or concerns.
What information we collect
We collect only what is required to operate the app:
- Account information. When you sign up, we collect your email address and password. Passwords are never stored in plain text; they are hashed by our authentication provider (Supabase).
- Inventory content you create. Information you enter about your assets and properties — names, descriptions, values, serial numbers, model numbers, warranty dates, purchase dates, categories, photos, addresses, and any notes — is stored so it can be displayed back to you across your signed-in devices.
- Photos you upload. Photos you attach to assets are stored in our cloud storage. Each photo is accessible only to your authenticated account.
- Device identifiers for notifications. If you enable local notifications, your device's notification token may be used to schedule reminders. No remote push notification servers receive your data at this time.
What we do NOT collect
- We do not collect location data.
- We do not track your activity across other apps or websites.
- We do not use third-party advertising identifiers.
- We do not sell or rent your information to anyone.
- We do not share your inventory with insurance carriers.
- We do not profile you for advertising.
How we use your information
- To authenticate you and let you sign in across devices.
- To store and display your inventory contents back to you.
- To generate PDF reports at your explicit request.
- To send local notifications you've enabled (e.g., warranty expiration reminders) — these are scheduled on your device and do not require us to receive a remote signal about you.
- To contact you about service-related matters if necessary (e.g., notice of policy change).
Where your information is stored
- Cloud database (Supabase). Your account, inventory records, and uploaded photos are stored in a Supabase project we control. Row-level security ensures each user can only access their own data. Connections use HTTPS.
- On your device. A session token and a local cache of your inventory may be stored on your device so the app works while loading. You can clear this by signing out or uninstalling the app.
Third-party services we use
We use a small number of third-party services strictly to operate the app. They process limited information on our behalf under their own privacy policies:
- Supabase — database, authentication, and file storage. supabase.com/privacy
- Apple — App Store distribution and (if used) push notification infrastructure. apple.com/legal/privacy
- Expo — mobile-app build and over-the-air update infrastructure. Expo receives anonymous build/update metadata. expo.dev/privacy
- OpenAI — AI image processing. When you choose to scan a receipt or identify an item from a photo, that single image is sent to OpenAI to extract the line items or identify the object, then the result is returned to you. These features are optional and only run when you tap them. Images are not used to train models under OpenAI's API data-usage terms. openai.com/policies/privacy-policy
We do not use analytics services, advertising networks, or social-media SDKs.
Your rights
- View any data we hold about you (everything in the app is your data, viewable in-app).
- Edit or delete any inventory item or property directly in the app.
- Export your data as a PDF using the in-app "Export inventory PDF" feature.
- Delete your account entirely. Email us at assetvaultprivacy@gmail.com and we will remove your account and all associated data within 30 days.
- Opt out of notifications at any time via your device's Settings → Notifications → Asset Vault.
Residents of California (CCPA), the EU/UK (GDPR), and other jurisdictions with similar laws have the additional rights to request access, correction, deletion, and (where applicable) portability of their personal information. To exercise these rights, email us.
Data retention
We retain your account and inventory data for as long as your account is active. If you delete your account, we delete the associated data within 30 days. Backups containing your data may be retained for up to 90 days for disaster recovery, after which they are also deleted.
Children
Asset Vault is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact us and we will delete it.
Security
We protect your information using industry-standard practices including HTTPS for all network traffic, row-level security in the database, hashed passwords, and access controls on cloud storage. No system is perfectly secure, but we take reasonable steps to safeguard your data.
Changes to this policy
We may update this Privacy Policy. When we do, we will revise the "Last updated" date above. Substantive changes will be communicated through the app or via email.
Contact
For privacy questions, data requests, or concerns, email assetvaultprivacy@gmail.com.