Privacy Policy
Last updated: May 6, 2026
1. Introduction
VaultSign is a digital signature service operated by Rocket99 Ventures LLC, headquartered at 5728 Major Blvd, Suite 530, Orlando, FL 32819, USA. This policy describes how we collect, use, and protect personal data of users of the vaultsign.app website and the "VaultSign Signer" Google Chrome extension.
2. Data We Collect
a) Account: name and email at registration; password stored as a hash. b) Documents: PDFs uploaded for signing, encrypted at rest. c) Signature metadata: date/time, IP address at the moment of signing, device geolocation (optional, only with explicit user permission). d) Audit logs: event trail for compliance with Brazilian LGPD, MP 2.200-2/01, and Law 14.063/20. We DO NOT collect: ICP-Brasil private keys — they remain in the user's local Cert Store (operating system, smart card, or cryptographic token) and never leave the machine.
3. VaultSign Signer Extension (Google Chrome)
The "VaultSign Signer" Chrome extension communicates with a locally installed Native Host application to access the operating system's ICP-Brasil certificate store. The extension transmits to the VaultSign server ONLY: (i) the SHA-256 hash of the document (32 bytes) being signed, and (ii) the public leaf certificate in X.509 format. The private key is NEVER transmitted — the cryptographic operation happens locally, inside the Cert Store or hardware module (HSM/token). The extension does not store personal data, does not perform tracking, analytics, or telemetry. Source code is open and auditable at github.com/gbpassalacqua/vaultsign-signer.
4. How We Use Your Data
To deliver the digital signature service, generate audit trails with legal validity, communicate with co-signers of the same document, provide user support, and improve the product. No data is used for advertising profiling or sale to third parties.
5. Data Sharing
We DO NOT sell your data. We share data only: a) With co-signers of the same document (name and email), inherent to the service. b) With infrastructure providers under confidentiality agreements: Supabase (database, AWS US hosting), Vercel (application hosting), Brevo (transactional email delivery), DigiCert / Sectigo / FreeTSA (Time Stamp Authorities — receive only the SHA-256 hash, no personal data). c) With public authorities when legally required (court order or valid administrative request).
6. Data Retention
We will retain your data while your account is active. After account deletion, we will retain signed documents and audit logs for an additional 5 years (compliance with LGPD, Brazilian tax and civil law). You may request earlier deletion via giuliano@rocket99ventures.com, subject to mandatory legal retention obligations.
7. Your Rights (LGPD / GDPR)
You have the right to: (a) access your personal data, (b) correct inaccurate data, (c) request portability, (d) request deletion when applicable, (e) revoke previously granted consent. Exercise any of these rights via giuliano@rocket99ventures.com. Brazilian residents may also reach out to the National Data Protection Authority (ANPD) at www.gov.br/anpd.
8. Security
We apply the following measures: TLS 1.3 on all connections; encryption at rest for stored documents; Row Level Security (RLS) on the PostgreSQL database; SHA-256 hash for document integrity; immutable audit logs; rate limiting and anomalous access detection.
9. Cookies
We use only functional cookies necessary for session authentication and user preferences (such as language). We do not use tracking, marketing, or third-party cookies.
10. Children's Privacy
The VaultSign service is not directed to minors under 18 years of age. We do not knowingly collect personal data from minors. If we discover that we have collected data from a minor, we will delete it immediately.
11. Changes to This Policy
Material changes to this policy will be notified by email to active users at least 15 days in advance. Continued use of the service after notification implies acceptance of the changes. Previous versions remain available upon request.
12. Contact
For questions, rights requests, or privacy-related communications: giuliano@rocket99ventures.com. Address: Rocket99 Ventures LLC, 5728 Major Blvd, Suite 530, Orlando, FL 32819, USA.
VaultSign — Secure Electronic Signature