PRIVACY POLICY

Last Updated: November 4, 2025

TemplateVault.io

1. INTRODUCTION

TemplateVault.io ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services (collectively, the "Service").

BY USING THE SERVICE, YOU CONSENT TO THE DATA PRACTICES DESCRIBED IN THIS POLICY. IF YOU DO NOT AGREE WITH THIS POLICY, PLEASE DO NOT USE THE SERVICE.

2. SCOPE AND APPLICATION

2.1 Covered Entities.

This Privacy Policy applies to TemplateVault.io and covers all users of the Service, including customers and integration partners.

2.2 Geographic Scope.

This Policy applies globally and includes specific provisions for users in the European Economic Area (EEA), United Kingdom (UK), Switzerland, California, and other jurisdictions with specific privacy requirements.

2.3 Children's Privacy.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Account Information:

• Name, email address, username, and password
• Company name and business information
• Billing address and payment information (processed by third-party payment processors)
• Profile information and preferences
• Communication preferences and notification settings

User Content:

• Templates, files, and content you upload or create
• Comments, feedback, and support requests
• Communications with us or other users
• Survey responses and testimonials

Integration Data:

• Third-party account credentials and authorization tokens
• Integration preferences and configurations
• Data imported from connected third-party services

3.2 Information Collected Automatically

Usage Information:

• Pages viewed, features used, and actions taken
• Time, frequency, and duration of activities
• Search queries and download history
• Template usage and modification data

Device and Technical Information:

• IP address and approximate geographic location
• Browser type, version, and language settings
• Operating system and device identifiers
• Screen resolution and device capabilities
• Referring URLs and exit pages

Cookies and Similar Technologies:

• Session cookies for authentication
• Persistent cookies for preferences and analytics
• Local storage for caching and performance
• Analytics and tracking pixels

3.3 Information from Third Parties

Integration Partners:

• Profile information from connected services
• Usage data from integrated platforms
• Authentication and authorization data
• Shared content and collaboration data

Business Partners:

• Referral information
• Marketing and analytics data
• Fraud prevention data
• Business verification information

Publicly Available Sources:

• Social media profiles
• Professional networking platforms
• Company databases and registries

4. HOW WE USE YOUR INFORMATION

4.1 Service Provision and Management

• Create and manage your account
• Process transactions and billing
• Provide customer support and respond to inquiries
• Enable core Service functionality
• Store and deliver your content
• Facilitate integrations with third-party services
• Authenticate users and prevent unauthorized access

4.2 Service Improvement and Development

• Analyze usage patterns and trends
• Develop new features and functionality
• Conduct research and analytics
• Test and optimize performance
• Debug and fix technical issues
• Personalize user experience

4.3 Communication

• Send transactional emails (receipts, notifications, updates)
• Provide technical and customer support
• Send marketing communications (with consent where required)
• Conduct surveys and request feedback
• Announce new features and service updates
• Send administrative information and legal notices

4.4 Security and Fraud Prevention

• Detect and prevent fraud, abuse, and illegal activity
• Monitor and protect against security threats
• Verify identity and authenticate users
• Enforce our Terms of Service and policies
• Comply with legal obligations
• Protect our rights and property

4.5 Legal Compliance and Protection

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Establish, exercise, or defend legal claims
• Protect the safety and rights of users and third parties
• Enforce our agreements and policies

5. LEGAL BASIS FOR PROCESSING (GDPR/UK GDPR)

For users in the EEA, UK, and Switzerland, we process personal data based on:

5.1 Contract Performance:

Processing necessary to provide the Service and fulfill our contractual obligations to you.

5.2 Legitimate Interests:

Processing necessary for our legitimate business interests, including:

• Service improvement and optimization
• Fraud prevention and security
• Marketing and business development
• Network and information security

5.3 Consent:

Processing based on your explicit consent, which you may withdraw at any time.

5.4 Legal Obligations:

Processing necessary to comply with legal requirements.

5.5 Vital Interests:

Processing necessary to protect life or physical safety.

6. HOW WE SHARE YOUR INFORMATION

6.1 Service Providers and Processors

We share information with trusted third-party service providers who perform services on our behalf:

• Cloud hosting and infrastructure providers (AWS, Google Cloud, Microsoft Azure)
• Payment processors (Stripe, PayPal)
• Analytics services (Google Analytics, Mixpanel, Amplitude)
• Customer support platforms (Zendesk, Intercom)
• Email service providers (SendGrid, Mailchimp)
• Authentication services (Auth0, OAuth providers)
• Security and fraud prevention services
• Content delivery networks (CDNs)

All service providers are contractually bound to protect your information and use it only for specified purposes.

6.2 Integration Partners

When you connect third-party integrations, we share necessary data with those platforms as configured by you. This may include:

• Authentication tokens and credentials
• User profile information
• Content and files
• Usage data and activity logs
• Metadata and configuration settings

You control which integrations to connect and what data to share through integration settings.

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6.4 Legal Requirements and Protection

We may disclose information when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of TemplateVault.io, our users, or the public

6.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with:

• Business partners for analytics and insights
• Researchers for studies and reports
• The public through reports and publications
• Marketing and advertising partners

6.6 With Your Consent

We may share information with third parties when you explicitly consent or direct us to do so.

7. INTERNATIONAL DATA TRANSFERS

7.1 Cross-Border Transfers.

We operate globally and may transfer your information to countries outside your residence, including the United States, which may have different data protection laws.

7.2 Transfer Mechanisms.

For transfers from the EEA, UK, or Switzerland, we use appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions
• Privacy Shield successor frameworks (when available)
• Binding Corporate Rules
• Your explicit consent

7.3 Data Localization.

Where required by law, we store data locally in specific jurisdictions.

8. DATA RETENTION

8.1 Retention Periods.

We retain your information for as long as necessary to:

• Provide the Service and fulfill transactions
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records

8.2 Specific Retention Periods:

• Account data: Duration of account plus 90 days after deletion
• User Content: Duration of account unless earlier deleted by you
• Transaction records: 7 years for tax and accounting purposes
• Support communications: 3 years
• Analytics data: 26 months
• Security logs: 2 years

8.3 Deletion Requests.

Upon account deletion or valid erasure request, we will delete or anonymize your personal information, except where retention is required by law.

8.4 Backup Systems.

Information may remain in backup systems for up to 90 days after deletion from production systems.

9. YOUR PRIVACY RIGHTS

9.1 General Rights (All Users)

Access and Portability: Request access to your personal information and receive a copy in a structured, commonly used format.

Correction: Request correction of inaccurate or incomplete information.

Deletion: Request deletion of your personal information, subject to legal retention requirements.

Opt-Out of Marketing: Unsubscribe from marketing emails via the link in each message or through account settings.

Account Closure: Close your account at any time through account settings or by contacting support.

9.2 Additional Rights (EEA, UK, Switzerland Users - GDPR/UK GDPR)

Right to Restrict Processing: Request limitation of processing in certain circumstances.

Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Right to Lodge a Complaint: File a complaint with your local data protection authority.

Automated Decision-Making: Right not to be subject to solely automated decision-making with legal effects (we do not engage in such processing).

9.3 California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom shared.

Right to Delete: Request deletion of personal information, subject to exceptions.

Right to Correct: Request correction of inaccurate personal information.

Right to Opt-Out: Opt-out of "sales" or "sharing" of personal information (we do not sell personal information).

Right to Limit Sensitive Personal Information: Limit use of sensitive personal information.

Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment.

Shine the Light: Request information about disclosure of personal information to third parties for direct marketing purposes.

9.4 Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to those described above.

9.5 How to Exercise Your Rights

To exercise your rights:

Email: hello@templatevault.io

Support Portal: www.templatevault.io/support

Mailing Address:

TemplateVault.io
Box 1079 Kevin
Akron, OH 44313

We will respond to verified requests within the timeframes required by applicable law (typically 30-45 days).

9.6 Verification Process

To protect your privacy, we verify your identity before processing requests. We may request:

• Matching information from your account
• Government-issued identification
• Confirmation via email or phone
• Additional information to verify your identity

9.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization and you may need to verify your identity directly with us.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies We Use

Essential Cookies: Required for Service functionality (authentication, security, load balancing).

Functional Cookies: Remember preferences and settings (language, interface customization).

Analytics Cookies: Understand how users interact with the Service (page views, session duration, feature usage).

Marketing Cookies: Track effectiveness of advertising campaigns and deliver relevant ads.

10.2 Third-Party Cookies

Third-party services integrated into our Service may set their own cookies:

• Google Analytics
• Advertising networks
• Social media platforms
• Integration partners

10.3 Cookie Management

Browser Settings: Configure your browser to refuse cookies or alert you when cookies are being sent.

Cookie Consent Tool: Manage cookie preferences through our consent banner (for applicable jurisdictions).

Opt-Out Tools: Use industry opt-out tools like Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA).

Do Not Track: Some browsers have "Do Not Track" features. We do not currently respond to Do Not Track signals.

10.4 Other Tracking Technologies

Pixels and Beacons: Small graphics used to track email opens and website visits.

Local Storage: Browser storage for caching and performance.

SDKs and APIs: Third-party code that may collect information.

11. DATA SECURITY

11.1 Security Measures

We implement industry-standard security measures:

Technical Safeguards:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Multi-factor authentication options
• Regular security assessments and penetration testing
• Intrusion detection and prevention systems
• Secure software development practices
• Regular security patches and updates

Organizational Safeguards:

• Access controls and least privilege principles
• Employee security training and background checks
• Confidentiality agreements with staff and contractors
• Incident response and breach notification procedures
• Regular security audits and compliance reviews

Physical Safeguards:

• Secure data center facilities
• Environmental controls and monitoring
• Physical access restrictions

11.2 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you without undue delay (within 72 hours where required by law)
• Inform relevant data protection authorities as required
• Provide information about the nature of the breach
• Describe steps we are taking to address the breach
• Recommend actions you can take to protect yourself

11.3 Your Security Responsibilities

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Enabling multi-factor authentication
• Keeping your contact information current
• Promptly reporting security concerns

11.4 Limitations

While we strive to protect your information, no security measures are 100% effective. We cannot guarantee absolute security and you use the Service at your own risk.

12. THIRD-PARTY LINKS AND SERVICES

The Service may contain links to third-party websites, applications, and services. This Privacy Policy does not apply to those third parties. We are not responsible for:

• Privacy practices of third-party services
• Content of third-party websites
• Security of third-party platforms
• Data practices of Integration Partners

We encourage you to review the privacy policies of any third-party services you access through our Service.

13. INTEGRATION PARTNERS

13.1 Data Sharing with Integrations

When you connect Integration Partners:

• You authorize specific data sharing as disclosed during connection
• Data sharing is governed by both our Privacy Policy and the partner's policy
• You can disconnect integrations at any time through account settings
• Disconnection may limit Service functionality

13.2 Integration Partner Responsibilities

Integration Partners are independent data controllers or processors responsible for:

• Their own privacy practices and policies
• Security of data within their systems
• Compliance with applicable privacy laws
• Handling of data access requests

13.3 Available Integrations

We maintain current information about available integrations and their data practices on our website. Integration Partners may include:

• Project management tools
• Design software platforms
• Cloud storage services
• Development environments
• Communication platforms
• CRM systems

14. MARKETING AND COMMUNICATIONS

14.1 Marketing Emails

We send marketing communications to users who have:

• Opted in to receive marketing (where required by law)
• Not opted out of marketing communications
• An existing customer relationship with us (where permitted by law)

14.2 Transactional Emails

We send transactional emails necessary for Service operation:

• Account creation and verification
• Password resets and security alerts
• Purchase confirmations and receipts
• Service updates and changes to terms
• Legal notices and important announcements

You cannot opt out of transactional emails.

14.3 How to Opt Out

Unsubscribe Links: Click "unsubscribe" in any marketing email.

Account Settings: Manage communication preferences in your account.

Email Request: Contact hello@templatevault.io.

We will process opt-out requests within 10 business days.

15. UPDATES TO THIS PRIVACY POLICY

15.1 Policy Changes.

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other operational reasons.

15.2 Notice of Changes.

We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending an email to your registered email address
• Displaying a prominent notice on the Service
• Requiring acceptance for significant changes

15.3 Review Requirement.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

15.4 Continued Use.

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

16. CONTACT INFORMATION

16.1 Privacy Questions and Requests

For privacy-related questions, requests, or concerns:

Email: hello@templatevault.io

Support Portal: www.templatevault.io/support

Mailing Address:

TemplateVault.io
Box 1079 Kevin
Akron, OH 44313

16.2 Data Protection Officer (DPO)

For users in the EEA, UK, or Switzerland, you can contact our Data Protection Officer:

Email: dpo@templatevault.io

16.3 Response Time

We respond to verified requests within:

• 30 days (general requests)
• 45 days (CCPA/CPRA requests, with possible 45-day extension)
• 30 days (GDPR/UK GDPR requests, with possible 60-day extension)

16.4 Supervisory Authorities

EEA, UK, and Swiss users have the right to lodge complaints with:

EEA: Your local Data Protection Authority

UK: Information Commissioner's Office (ICO) - ico.org.uk

Switzerland: Federal Data Protection and Information Commissioner (FDPIC)

17. SPECIFIC JURISDICTION PROVISIONS

17.1 California Residents

CCPA Disclosures:

Categories of Personal Information Collected (Last 12 Months):

• Identifiers (name, email, IP address)
• Commercial information (purchase history)
• Internet activity (browsing, usage data)
• Geolocation data (approximate location)
• Professional information (company, role)
• Inferences (preferences, interests)

Sources: Directly from you, automatically collected, from third parties.

Business Purposes: As described in Section 4.

Third Parties with Whom We Share: As described in Section 6.

No Sale of Personal Information: We do not sell personal information as defined by CCPA.

Shine the Light: Contact hello@templatevault.io for information about disclosures to third parties for direct marketing.

17.2 Nevada Residents

We do not sell personal information as defined by Nevada law. You may still submit opt-out requests to privacy@templatevault.io.

17.3 European Economic Area (EEA), UK, and Switzerland

GDPR/UK GDPR Compliance:

• Legal bases for processing: As described in Section 5
• Data subject rights: As described in Section 9.2
• International transfers: As described in Section 7
• DPO contact: dpo@templatevault.io

Representative in the EU: [If applicable, provide details]

17.4 Brazil

For users in Brazil, we comply with Lei Geral de Proteção de Dados (LGPD). You have rights similar to those described in Section 9.2.

17.5 Canada

For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).

18. DEFINITIONS

Personal Information: Information that identifies, relates to, or could reasonably be linked with a particular individual or household.

Processing: Any operation performed on personal information, including collection, storage, use, disclosure, and deletion.

Controller: The entity that determines the purposes and means of processing personal information (TemplateVault.io).

Processor: An entity that processes personal information on behalf of the controller.

Sensitive Personal Information: Information revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or other specially protected categories.

19. ACKNOWLEDGMENT

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.