Skip to content
Legal

Privacy Policy

This document is a placeholder. The complete Privacy Policy is to be finalised by legal counsel prior to public launch. It will address all requirements under the Australian Privacy Act 1988 and applicable international privacy frameworks.

Overview

Stillstone Vault is committed to protecting the privacy of its clients. This Privacy Policy explains what personal data is collected, how it is used, and how it is protected.

What Personal Data Is Collected

Stillstone may collect the following categories of personal data:

  • Identity and contact information (email address, authentication credentials)
  • Payment information (processed by third-party payment providers; not stored by Stillstone)
  • Technical information (IP address, device identifiers, session metadata)
  • Vault data (asset records, documents, and insurance references supplied by the client)

How Data Is Used

Client data is used solely for the purposes of:

  • Authenticating vault access
  • Maintaining and backing up vault infrastructure
  • Providing secure record preservation
  • Security monitoring and breach detection

Stillstone does not use client data for profiling, advertising, or any secondary commercial purpose.

How Data Is Stored

All vault data is encrypted in transit (TLS 1.3) and at rest (AES-256 or equivalent). Client records are stored in isolated database environments, one per vault.

Data Retention

Vault records are retained for the duration of the client's vault. Technical and access logs are retained for a reasonable period consistent with security and legal obligations.

No Data Monetisation

Stillstone does not sell, rent, license, or otherwise monetise client data. There is no secondary use of vault contents.

Client Rights

Clients have the right to access, correct, and request deletion of their personal data. Requests may be submitted through authenticated vault support channels.

International Compliance

This policy is designed to comply with the Australian Privacy Principles (APPs), and is aligned with GDPR principles for clients in applicable jurisdictions.

Breach Notification

In the event of a data breach that is likely to result in serious harm, Stillstone will notify affected clients and relevant authorities in accordance with applicable law.

Contact

Privacy inquiries should be directed through authenticated vault support. There are no public contact forms.