Privacy Policy#

Last updated: 30 January 2026

1. Introduction#

0x6C Limited (“we”, “our”, “us”) operates the VAULT03 service. This Privacy Policy explains how we collect, use, and protect your personal data when you use our end-to-end encrypted file transfer service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller#

0x6C Limited is the data controller for personal data processed through the VAULT03 service.

Company Details:

  • 0x6C Limited
  • 1A Davyhulme Circle, Urmston, Manchester, United Kingdom, M41 0ST
  • Company registered in England and Wales
  • Company no: 14056537
  • VAT no: GB410454146
  • ICO registration: ZB327308

Contact: privacy@vault03.com

3. Data We Collect#

3.1 Account Information#

  • Email address (for account identification and communication)
  • Name (for display purposes)
  • Phone number (optional, for SMS two-factor authentication)
  • Organisation/company name (for multi-tenant identification)

3.2 Authentication Data#

  • Password hash (your password is never stored in plain text)
  • Two-factor authentication codes (encrypted, temporary)
  • Passkey/WebAuthn credentials (public keys only)
  • OAuth provider identifiers (if using single sign-on)

3.3 Usage Data#

  • IP addresses (for security and audit logging)
  • Session information
  • Audit logs of actions taken within the service

3.4 File Data#

**Important:** Files uploaded to VAULT03 are end-to-end encrypted on your device before transmission. We cannot access the contents of your files.

We store:

  • Encrypted file data (unreadable without your encryption keys)
  • File metadata such as size and upload timestamps
  • Cryptographic hashes for integrity verification

4. How We Use Your Data#

We process your personal data for the following purposes:

  • Service provision: To provide and maintain the VAULT03 service
  • Authentication: To verify your identity and secure your account
  • Communication: To send service-related notifications (password resets, 2FA codes, security alerts)
  • Security: To detect, prevent, and respond to security incidents
  • Compliance: To meet legal and regulatory obligations

We process your data under the following legal bases:

  • Contract: Processing necessary to perform our contract with you
  • Legitimate interests: For security, fraud prevention, and service improvement
  • Legal obligation: To comply with applicable laws
  • Consent: Where you have given explicit consent

6. Data Retention#

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Retained while your account is active, plus a reasonable period after deletion
  • Vault data: Retained according to your organisation’s configured expiration policy
  • Audit logs: Retained for compliance purposes as required by your organisation
  • Session data: Deleted upon logout or expiration

7. Data Security#

We implement robust security measures to protect your data:

  • End-to-end encryption using industry-standard algorithms (XChaCha20-Poly1305)
  • Encryption keys never leave your device
  • Secure password hashing (Argon2id)
  • TLS encryption for all data in transit
  • UK-based data centres
  • Regular security assessments

For more details, see our Security documentation.

8. Data Sharing#

We do not sell your personal data. We may share data with:

  • Service providers: Who assist in operating our service (e.g., email delivery, SMS providers)
  • Legal authorities: When required by law or to protect our rights
  • Your organisation: Administrators may access audit logs and user information within their tenant

9. Your Rights#

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a structured format
  • Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@vault03.com.

10. International Transfers#

Your data is stored in UK data centres. We do not transfer personal data outside the UK unless required for service operation (e.g., email delivery), in which case we ensure appropriate safeguards are in place.

11. Changes to This Policy#

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the service. The “Last updated” date at the top indicates when the policy was last revised.

12. Contact Us#

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk. Our ICO registration number is ZB327308.

Backward Legal Cookie Policy Forward