Privacy Policy
Last updated: 1 June 2025 ยท Effective immediately
Plain English summary: We collect only what you give us. We never sell your data. We never share it with advertisers or financial institutions. Your financial summary is private and visible only to you and people you explicitly invite.
๐ We will NEVER:
- Ask for your bank account numbers, BSB codes, or passwords
- Sell your data to third parties
- Share your information with financial institutions or advertisers
- Use your financial information for marketing profiling
- Store sensitive credentials of any kind
1. Who We Are
FamilyVault is operated by Family Vault Australia (ABN 43 728 895 307), based in Australia. We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
For privacy enquiries, contact us at hello@familyvault.com.au.
2. What Information We Collect
Information you provide:
- Account details: Your name and email address when you register
- Financial entries: Institution names, approximate values, and notes you choose to enter
- Shared contact details: Names and emails of people you invite as partner or emergency contact
- Payment information: Processed by Stripe โ we never see or store your card details
Information collected automatically:
- Login timestamps and session data (via Firebase Authentication)
- Basic usage data to improve the service (page views, feature usage)
3. What We Do NOT Collect
FamilyVault is designed around minimal data collection. We do not collect and explicitly ask you not to enter:
- Bank account numbers or BSB codes
- Investment account numbers or reference numbers
- Passwords, PINs, or security credentials of any kind
- Tax file numbers
- Government identification numbers
4. How We Use Your Information
- To provide and maintain the FamilyVault service
- To send invitation emails to people you explicitly invite
- To send account-related emails (password reset, welcome, subscription receipts)
- To process subscription payments via Stripe
- To improve the service based on usage patterns
- To comply with legal obligations
We will never use your financial data for marketing, profiling, or any purpose beyond providing the FamilyVault service.
5. Where Your Data Is Stored
Your data is stored in Google Firebase's australia-southeast1 region (Sydney). It does not leave Australia. Firebase meets enterprise-grade security standards and is used by millions of applications worldwide.
Emails are sent via Resend, using Amazon SES infrastructure based in Tokyo. Email content is transient and not retained by Resend beyond delivery.
6. Who Can See Your Data
- You โ always, full access
- Your partner โ read-only, only if you explicitly invite them
- Your emergency contact โ read-only report access, only if you explicitly invite them
- FamilyVault staff โ only in exceptional circumstances for technical support, and only with your consent
- No one else
7. Data Security
We implement the following security measures:
- All data encrypted in transit using TLS (HTTPS)
- Passwords hashed by Firebase Authentication โ we never see them
- Database-level security rules ensuring users can only access their own data
- Automatic session expiry after inactivity
- Australian data residency (Google Sydney data centre)
8. Data Retention
Your data is retained for as long as your account is active. If you delete your account, all your data is permanently removed from our systems within 30 days. Backups may retain data for up to 90 days after deletion.
9. Your Rights
Under the Australian Privacy Act and Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate personal information
- Request deletion of your personal information
- Complain about a privacy breach
To exercise any of these rights, contact us at hello@familyvault.com.au. We will respond within 30 days.
10. Third Party Services
- Google Firebase โ authentication and database (Google Privacy Policy applies)
- Stripe โ payment processing (Stripe Privacy Policy applies)
- Resend / Amazon SES โ transactional email delivery
- Netlify โ website hosting
We do not use advertising networks, social media tracking pixels, or marketing analytics tools.
11. Cookies
FamilyVault uses only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.
12. Children's Privacy
FamilyVault is not intended for use by persons under 18 years of age. We do not knowingly collect personal information from minors.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email. The date at the top of this page indicates when the policy was last updated.
14. Complaints
If you believe we have breached your privacy, please contact us first at hello@familyvault.com.au. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.