← Back to Kairo Vault

Privacy Policy

プライバシーポリシー / Privacy Policy

1. Who We Are

Kairo Vault ("we", "us", "our") is an XRPL portfolio dashboard operated by Dane Brown. Our website is kairovault.com. We are not a financial institution, broker, custodian, or exchange.

2. What Data We Collect

We collect minimal data to operate the service:

• Wallet addresses — Your XRPL public address (r-address) is used to fetch on-chain data. We do not store wallet addresses on our servers except when you subscribe to push notifications or Pro via XRP payment.
• Email addresses — Only if you join our waitlist or submit feedback. Stored in Firebase Firestore.
• Push notification subscriptions — Browser push endpoint stored in Firestore, associated with your wallet address.
• Payment data — XRP payment transaction hashes and wallet addresses for Pro subscription verification. Stripe handles card payments — we never see your card number.
• Local storage — Settings, preferences, portfolio snapshots, and encrypted wallet data are stored in your browser's localStorage. This data never leaves your device.

3. What We Do NOT Collect

• Private keys or seed phrases — we never have access to your funds
• Transaction signing data — all signing is done in your wallet app
• Browsing history or tracking cookies
• IP addresses (we do not log IPs)
• Personal identification documents

4. How We Use Your Data

• Wallet addresses — to fetch your on-chain portfolio data from XRPL public nodes
• Email addresses — to send waitlist updates and product announcements (you can unsubscribe anytime)
• Push subscriptions — to deliver price alerts and copy trade notifications
• Payment data — to verify Pro subscription payments and prevent duplicate transactions

5. Third-Party Services

We use the following third-party services:

• XRPL Public Nodes (xrplcluster.com, s1.ripple.com) — blockchain data
• Firebase / Firestore (Google) — database for waitlist, push subscriptions, feedback
• Stripe — payment processing (card payments only)
• CoinGecko, Flare FTSO, DIA Oracle — price data
• XRPLmeta — token metadata and icons
• Resend — email delivery (waitlist notifications)
• Railway — hosting infrastructure
• PostHog (PostHog Inc., US) — privacy-first product analytics (anonymized usage events, no PII)
• Sentry (Functional Software Inc., US) — error tracking and performance monitoring (crash reports, no PII)

Each service has its own privacy policy. We do not sell or share your data with any third party for advertising purposes.

5a. Cross-Border Data Transfers (越境データ移転)

Some of the third-party services listed above process data outside of Japan. In compliance with Japan's Act on the Protection of Personal Information (個人情報保護法/APPI), we disclose:

• Firebase/Firestore — data processed in the United States by Google LLC, which maintains APEC CBPR certification and implements appropriate safeguards.
• Stripe — payment data processed in the United States by Stripe Inc., which complies with PCI-DSS and applicable data protection regulations.
• PostHog — anonymized analytics data processed in the United States by PostHog Inc. No personally identifiable information is transmitted.
• Sentry — error telemetry processed in the United States by Functional Software Inc. No personally identifiable information is transmitted.
• Railway — hosting infrastructure in the United States. Server-side data (wallet addresses for push notifications, subscription records) is stored here.

The United States does not have a data protection framework recognized as equivalent to Japan's APPI. We rely on contractual safeguards and the privacy commitments of each service provider. By using Kairo Vault, you consent to these cross-border transfers as described above.

5b. Cookies and Tracking (Cookie・トラッキング)

Kairo Vault uses the following tracking technologies:

• localStorage — stores your settings, preferences, and encrypted wallet data locally in your browser. This data never leaves your device.
• PostHog analytics — collects anonymized usage events (page views, feature usage) to improve the product. No cookies are set. No personally identifiable information is collected. You can opt out by enabling "Do Not Track" in your browser.
• Sentry error tracking — captures error reports when something goes wrong, to help us fix bugs. No cookies are set. No personally identifiable information is collected.

We do not use advertising cookies, retargeting pixels, or cross-site tracking. We do not share tracking data with advertisers.

6. Data Retention

• Waitlist emails — retained until you request removal
• Push subscriptions — automatically removed when expired (HTTP 410)
• XRP subscription records — retained for payment verification
• Feedback submissions — retained indefinitely for product improvement
• Local storage data — controlled entirely by you (clear anytime via browser settings)

7. Your Rights

You can:

• Request deletion of your email from our waitlist
• Unsubscribe from push notifications at any time
• Clear all local data by clearing your browser's localStorage
• Disconnect your wallet — no residual data remains on our servers

To request data deletion, email dane@kairovault.com.

8. Security

We protect your data with:

• AES-256 encryption for locally stored wallet data
• HTTPS/TLS encryption for all server communication
• Content Security Policy (CSP) headers
• Rate limiting on all API endpoints
• CSRF origin validation on all POST requests
• No storage of private keys or signing credentials

9. Children

Kairo Vault is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.

10. Changes

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of Kairo Vault after changes constitutes acceptance.

11. Contact

For privacy questions or data deletion requests:
Email: dane@kairovault.com
X: @KairoVault