Legal

Privacy Policy

Last updated: February 6, 2025

1. Introduction

H1 Vault ("we," "our," or "us") operates the virtual data room platform at vdr.h1.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information: When you create an account, we collect your name and email address.

Documents: Files you upload to data rooms are stored encrypted on our servers. We do not access, read, or analyze the contents of your documents.

Usage Data: We collect information about how you interact with the platform, including page views, feature usage, and access timestamps. This data is used to provide analytics features and improve the service.

Device & Connection Data: We collect IP addresses, browser type, and device information for security purposes (e.g., access logs, rate limiting).

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the service
  • Authenticate your identity and manage your account
  • Provide document analytics and engagement tracking to data room owners
  • Send transactional emails (magic links, invitations, notifications)
  • Monitor and prevent unauthorized access or abuse
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Data room owners: When you access a data room as a buyer, the owner can see your access activity (pages viewed, time spent, downloads).
  • Service providers: We use third-party services for email delivery, payment processing, and hosting. These providers only receive the minimum data needed to perform their function.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. Data Security

Documents are encrypted at rest using AES-256 encryption. All data in transit is protected with TLS. We implement access controls, audit logging, and rate limiting to protect against unauthorized access. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. Documents in data rooms are retained until deleted by the data room owner. When you delete your account, we remove your personal information within 30 days. Some data may be retained longer if required by law or for legitimate business purposes (e.g., audit logs).

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your data in a portable format

To exercise these rights, contact us.

8. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, contact us.

H1 Vault
36, Triq Il-Wied, Marsalforn
Zebbug, Gozo MFN 1220
Malta