Privacy Policy

Card Vault is a secure mobile application owned and operated by po8o labs (cardvault.po8olabs.com). The fundamental philosophy of this app is "Zero-Knowledge Privacy by Design."

We strictly ensure that no credit data, personal identification, or financial metrics are ever sent in a network request, analyzed, transmitted to any server, or stored externally by us. All data is exclusively kept on your device's local storage, with sensitive fields heavily encrypted at rest. We unequivocally do not sell, rent, or share your personal data.

To provide the core functionality, the App processes the following information entirely within the confines of your local device:

• Card details (e.g., card number, cardholder name, expiry, CVV, custom notes).

• Optional card images (front/back) captured via your camera or photos library.

• App operational preferences (e.g., auto-lock timers, clipboard auto-clear directives).

Because this processing happens locally and is protected by your master password, po8o labs never accesses or possesses this data.

For your convenience, a backup feature is provided which securely transmits your locally-encrypted database exclusively to an app-specific, secure folder within your personal Google Drive or Apple iCloud. You remain fully in control and can sever this connection at any time.

Because the file is encrypted before transit, neither po8o labs nor the cloud provider can decrypt or expose the contents. Authentication is handled directly via the provider's SDKs, adhering strictly to their respective Privacy Policies and Terms of Service.

The App requests specific device permissions exclusively to unlock features you initiate: Camera/Photos (for capturing/selecting card images), Biometrics (for unlocking the app), NFC (to scan contactless cards), and Internet Protocol (solely to interface with your chosen cloud backup provider).

If biometric unlock (e.g., Face ID, Touch ID) is enabled, the biometric signature mapping and execution are handled purely by your device’s operating system. The App merely receives an encrypted 'success' token and does not transmit, receive, or store raw biometric templates.

For residents of the European Economic Area (EEA) and the United Kingdom, we adhere strictly to the General Data Protection Regulation (GDPR). Because your financial and personal data never leaves your device unencrypted and never reaches our servers, po8o labs does not act as a "Data Controller" or "Data Processor" relating to the vault contents.

Any anonymized crash reporting or app usage diagnostics sent to us (if explicitly enabled by OS settings) are completely stripped of personally identifiable information. You maintain absolute control over your Right to Erasure, Right to Rectification, and Right to Data Portability by simply managing the data locally or deleting the App.

California Residents (CCPA/CPRA): Under the California Consumer Privacy Act, you have the right to know what personal data is collected and whether it is sold. We affirm that your private vault data is neither collected by us nor "sold" or "shared" to any third party.

Children’s Online Privacy Protection Act (COPPA): Our App is intended strictly for users legally permitted to possess financial cards. It is deliberately not directed at, nor do we knowingly collect any data from, children under the age of 13.

For users within the jurisdiction of India, we comply with the Information Technology Act, 2000, along with the corresponding SPDI Rules, 2011.

We acknowledge the highly critical nature of Sensitive Personal Data or Information (SPDI) such as financial records and passwords. Our architecture inherently isolates this SPDI to your device via AES-256 encryption. We strictly do not collect, intercept, or transmit SPDI to po8o labs servers.

Any questions or grievances concerning our privacy operations can be directed to our designated Grievance Officer through the contact methods provided on our website.

Data retention is entirely in your hands. Your data remains encrypted on your device indefinitely until you autonomously delete individual cards, uninstall the App, or invoke the “Reset App” feature in settings, which immediately wipes all local tables.

Backup archives deposited in your cloud provider remain at your discretion and persist until you manually delete them from your cloud account.

Po8o labs reserves the right to modify this Privacy Policy. Any substantial updates will be reflected by the “Effective Date” at the top of this document. We encourage routine review of this document.

For Data Subject Access Requests (DSAR), legal inquiries concerning your privacy rights, or to contact our Grievance Officer, please visit our official website at: https://cardvault.po8olabs.com.