Privacy Policy

Last Updated: January 10, 2026

1. MISSION & COMMITMENT TO PRIVACY

MeVault (the "App") is developed and maintained by an individual developer ("the Developer"). Our App is built on a Zero-Knowledge Architecture. This means that by design, the Developer does not have the technical ability to access, view, share, or monetize your documents or the encryption keys that protect them.

This Privacy Policy is designed to comply with the Digital Personal Data Protection Act (DPDPA), 2023 of India and other applicable data protection regulations.

2. INFORMATION COLLECTION AND USAGE

Under the DPDPA, we collect and process only the minimum information necessary to provide our services.

A. DATA THAT NEVER LEAVES YOUR DEVICE

The following information is processed locally on your device only and is never transmitted to MeVault's developers:

• Your Documents: Aadhaar cards, PAN cards, Passports, Insurance documents, etc.
• Biometric Data: We use system-level APIs for authentication. We never receive or store your biometric templates.
• Encryption Keys: Your private keys are generated and stored locally on your device's secure enclave.
• ML Metadata: AI classification results identify documents locally using on-device machine learning.

B. DATA STORED IN YOUR PERSONAL CLOUD

The App uploads your locally-encrypted files to a private, App-specific folder within your personal Google Drive. MeVault as a company does not have access to this folder or your wider Google Drive.

C. MINIMAL TECHNICAL DATA

For the purpose of App stability and performance, we may collect:

• Crash Reports: Anonymous stacks and logs to identify software bugs.
• Anonymized Analytics: Non-identifiable usage statistics to help us refine the user experience.
• Consent Records: A cryptographically signed record of your acceptance of these terms.

3. PURPOSE OF PROCESSING

The primary purpose of data processing is to facilitate local document organization, enable secure cloud synchronization, and provide proactive notifications for document expiries.

4. SECURITY SAFEGUARDS

We implement robust technical and organizational measures as required by Indian law:

• End-to-End Encryption: Files are sealed with AES-256 GCM before leaving the device.
• Secure Communication: Data transfer happens exclusively over HTTPS.
• No Server-Side Processing: We do not maintain servers that process your personal documents.

5. RIGHTS OF THE DATA PRINCIPAL

Under the DPDPA 2023, you have rights to access, correction, and erasure. You can modify or delete your documents at any time. Deleting a document removes it permanently from both the App and your Google Drive.

6. CONTACT & GRIEVANCE

As a solo developer project, all privacy concerns are handled directly. If you have any questions or concerns regarding your data privacy, please contact:

Email: support@mevault.me