Security that
fits in your
pocket.

Last updated: 1 June 2025

1. Introduction and Scope

VaultKey GmbH ("VaultKey", "we", "us", or "our") is committed to protecting the privacy of every individual who interacts with our website, products, and services. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and what rights you have under the General Data Protection Regulation (GDPR), the German Bundesdatenschutzgesetz (BDSG), and other applicable privacy laws.

This Policy applies to all users of vaultkey.pro, purchasers of VaultKey hardware products, and anyone who contacts us. It does not apply to third-party services that may be linked from our site.

2. Data Controller

The data controller responsible for processing your personal data is VaultKey GmbH, registered in Berlin, Germany (HRB XXXXXX, Amtsgericht Berlin-Charlottenburg). Our Data Protection Officer can be reached at privacy@vaultkey.pro.

3. Personal Data We Collect

We collect personal data in the following categories:

• Identity data: first name, last name, username or similar identifier.
• Contact data: billing and delivery address, email address, telephone number.
• Transaction data: details about purchases, payments, and order history.
• Technical data: IP address, browser type and version, operating system, referring URLs, time zone, browser plug-in types, and access logs. We do not use long-term behavioral tracking.
• Marketing and communications data: preferences for receiving marketing communications from us and your communication preferences.
• Support data: information provided when you report an issue or contact us for assistance.

We do not collect any special categories of personal data (e.g., data relating to health, race, religion, or biometrics). We do not knowingly collect data from individuals under 16 years of age.

4. Legal Basis for Processing

We process your personal data on the following legal bases under Art. 6 GDPR:

• Performance of a contract (Art. 6(1)(b) GDPR): processing necessary to fulfil your order, manage your account, and provide customer support.
• Legal obligation (Art. 6(1)(c) GDPR): processing required to comply with tax, accounting, and consumer-protection laws.
• Legitimate interests (Art. 6(1)(f) GDPR): processing necessary for our legitimate interests in fraud prevention, network and information security, and improving our products—provided these interests are not overridden by your rights.
• Consent (Art. 6(1)(a) GDPR): where you have given clear consent (e.g., newsletter subscription). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. How We Use Your Data

We use your personal data to: process and fulfil orders; manage payments and prevent fraud; provide technical support; send transactional emails (order confirmations, shipping notifications); send marketing communications where you have opted in; improve and personalise our website and products; comply with legal obligations; and enforce our Terms of Service.

6. Cookies and Tracking Technologies

We use strictly necessary cookies to operate our website (session management, shopping cart). We use performance cookies only with your consent to analyse aggregate traffic via privacy-preserving analytics (no fingerprinting, no cross-site tracking). We do not use advertising or social media tracking cookies. You can manage your preferences via the Cookie Settings link in the footer.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only with:

• Payment processors (e.g., Stripe, PayPal) acting as independent data controllers under their own privacy policies.
• Logistics providers for order fulfilment and delivery, who process data as our data processors under a Data Processing Agreement (DPA).
• Cloud infrastructure providers hosting our systems within the EU/EEA, bound by DPAs and standard contractual clauses.
• Public authorities where required by law or to protect the rights and safety of persons.

We do not transfer personal data to countries outside the EU/EEA unless appropriate safeguards exist (e.g., Standard Contractual Clauses, adequacy decisions).

8. Data Retention

We retain personal data only as long as necessary for the purposes collected or as required by law. Order data is retained for 10 years under German commercial and tax law (§§ 238, 257 HGB; § 147 AO). Account data is deleted within 30 days of account closure unless retention is legally required. Log files are retained for a maximum of 30 days for security purposes.

9. Your Rights

Under GDPR, you have the right to: access your data (Art. 15); rectify inaccurate data (Art. 16); erasure ("right to be forgotten") where conditions are met (Art. 17); restrict processing (Art. 18); data portability (Art. 20); object to processing based on legitimate interests (Art. 21); and withdraw consent at any time. To exercise these rights, email privacy@vaultkey.pro. We will respond within 30 days. You also have the right to lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

10. Security

We implement appropriate technical and organisational measures including TLS encryption in transit, encryption at rest, role-based access control, regular penetration testing, and staff security training. No internet transmission is 100% secure; please use secure networks when transacting.

11. Changes to This Policy

We may update this Policy periodically. We will notify you of material changes by posting a prominent notice on our website and, where required, by email. The date at the top of this Policy indicates the most recent revision.

12. Contact

For privacy-related questions, contact us at privacy@vaultkey.pro or by post: VaultKey GmbH, Data Protection Officer, Friedrichstraße 100, 10117 Berlin, Germany.

Last updated: 1 June 2025

1. Parties and Scope

These Terms of Service ("Terms") govern the relationship between VaultKey GmbH, a limited liability company registered in Berlin, Germany ("VaultKey", "we", "us"), and you ("Customer", "you") regarding the purchase of VaultKey hardware security keys and related services through our website vaultkey.pro. By placing an order or using our services, you confirm that you have read, understood, and agree to be bound by these Terms.

If you are entering into these Terms on behalf of a legal entity, you represent that you have the authority to bind that entity, and the terms "you" and "Customer" refer to that entity.

2. Products and Orders

All orders placed on vaultkey.pro are subject to acceptance by VaultKey. We reserve the right to refuse or cancel any order, including but not limited to cases of suspected fraud, pricing errors, or unavailability of stock. An order confirmation email constitutes acceptance of your order and formation of a binding contract. Prices are listed inclusive of German VAT (19%) where applicable; cross-border orders may be subject to different tax treatment.

3. Payment

Payment is due at the time of order. We accept major credit and debit cards and selected digital payment methods via our payment processor (Stripe). All payment transactions are processed with TLS encryption. VaultKey does not store full payment card details. In case of failed payment, your order will be cancelled automatically.

4. Shipping and Delivery

We ship from our Berlin warehouse within 1–2 business days of confirmed payment. Standard delivery within the EU takes 2–5 business days; international delivery times may vary. Risk of loss and title pass to you upon delivery to the carrier. We are not responsible for delays caused by customs, carrier disruptions, or force majeure events. Free shipping is offered on orders exceeding €99; otherwise a flat shipping fee applies as displayed at checkout.

5. Right of Withdrawal (Consumer Customers)

If you are a consumer (a natural person acting outside your trade, business, or profession) resident in the EU/EEA, you have the right to withdraw from the contract without giving any reason within 14 days of the day on which you or a third party (other than the carrier) takes physical possession of the goods. To exercise your right, you must inform us by an unambiguous statement (e.g., letter or email to hello@vaultkey.pro) before the withdrawal period expires. You must return the goods undamaged, in their original packaging, and at your own cost within 14 days. We will reimburse the purchase price using the same payment method, no later than 14 days after we receive the returned goods or proof of return shipment.

The right of withdrawal does not apply to business customers, customised products, or software for which the seal has been broken.

6. Warranty and Defects

VaultKey hardware products are covered by a 2-year statutory warranty under German law (§§ 434 et seq. BGB) for consumers. Commercial customers receive a 1-year limited warranty. The warranty covers manufacturing defects and material failures under normal use. It does not cover damage caused by misuse, physical damage, water ingress beyond rated specifications, or unauthorised modifications. To claim warranty service, contact support@vaultkey.pro with proof of purchase and a description of the defect. We will, at our discretion, repair, replace, or refund the defective product.

7. Intellectual Property

All intellectual property rights in the VaultKey firmware, software, website, trademarks, and documentation are owned by VaultKey GmbH or its licensors. Open-source components of VaultKey firmware are licensed under their respective licences (see our GitHub repository). You are granted a limited, non-exclusive, non-transferable licence to use the firmware embedded in your VaultKey device for its intended purpose. You may not reverse-engineer, decompile, modify, or distribute VaultKey proprietary software or materials.

8. Limitation of Liability

To the maximum extent permitted by applicable law, VaultKey shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or for loss of profit, revenue, data, or business opportunity, arising out of or in connection with the use of our products or services, even if VaultKey has been advised of the possibility of such damages. Our total aggregate liability for any claim arising from these Terms shall not exceed the amount paid by you for the product giving rise to the claim in the 12 months preceding the claim.

Nothing in these Terms limits VaultKey's liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded by law.

9. Prohibited Uses

You agree not to use VaultKey products or services to: violate any applicable law or regulation; gain unauthorised access to third-party systems; engage in any activity that harms minors; circumvent or test the security of systems without authorisation; or resell products obtained through volume discount programmes without our written consent.

10. Governing Law and Dispute Resolution

These Terms are governed by the laws of the Federal Republic of Germany, excluding its conflict-of-law provisions. For consumer customers in the EU, mandatory consumer protection laws of your country of residence also apply. Any disputes shall be subject to the exclusive jurisdiction of the courts of Berlin, Germany, except where mandatory consumer protection rules provide otherwise. The European Commission provides an Online Dispute Resolution (ODR) platform at https://ec.europa.eu/consumers/odr, which VaultKey is not currently obliged to participate in but will consider in good faith.

11. Changes to These Terms

We reserve the right to update these Terms at any time. Material changes will be communicated at least 30 days in advance via email or a prominent notice on our website. Your continued use of our services after the effective date constitutes acceptance of the revised Terms. If you do not agree, you may terminate your account before the changes take effect.

12. Miscellaneous

If any provision of these Terms is found unenforceable, it will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will remain in full force. Our failure to enforce any provision does not constitute a waiver. These Terms, together with our Privacy Policy and any applicable Order Confirmation, constitute the entire agreement between you and VaultKey regarding its subject matter.