Privacy Policy
Last updated: December 22, 2025
VaultCore is a product of Alisya Ai, a trading name of Fagundes de Jesus Pty Ltd ("we," "us"). We value your privacy. This Privacy Policy explains how we handle your information when you use the VaultCore mobile application.
🔒 Core Promise
We operate on a "Zero-Trust Client" architecture. We minimize data collection and prioritize on-device security. Your Tesla tokens never leave our servers, and biometric data never leaves your device.
1. Information We Collect
1.1 Tesla Account Data (OAuth)
When you sign in with Tesla, we receive an authentication token.
- What we see: We receive a "Session Token" and basic profile information (Name, Email, Energy Site IDs) to identify your account.
- What we DO NOT see: We never access, view, or store your Tesla Account password.
1.2 Energy Usage Data
To provide the dashboard features, we process data retrieved from your Tesla Powerwall, including:
- Solar generation, home consumption, and battery levels
- Grid export/import status
- Powerwall operation mode and backup reserve settings
- Schedule configurations and execution history
1.3 Biometric Data
If you enable Face ID or Touch ID, the biometric validation occurs entirely on your device's Secure Enclave. We never receive or store your biometric data on our servers.
1.4 Device Information
We may collect basic device information including device type, operating system version, and app version for troubleshooting and compatibility purposes.
2. How We Use Your Information
We use the collected data solely for:
- Service Delivery: Displaying your energy status and executing your requested schedules.
- Authentication: Verifying your identity and maintaining your secure session.
- Improvements: Monitoring aggregate API performance (e.g., error rates) to improve app stability.
- Communications: Sending you important service updates. We will not send marketing emails without your explicit consent.
3. Data Storage & Security
3.1 Token Security
- Tesla Tokens: Short-lived Tesla Access Tokens are managed by our secure backend and are never stored in plain text on your mobile device.
- VaultCore Session: Your long-lived app session token is stored in your device's hardware-backed secure storage (iOS Keychain / Android Keystore).
- Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
3.2 Infrastructure Security
Our backend infrastructure is hosted on Amazon Web Services (AWS) with industry-standard security controls, including encryption, access logging, and regular security audits.
4. Data Retention
- Active Accounts: We retain your energy history for up to 90 days to power dashboard features and historical analytics.
- Account Deletion: Upon account deletion, all personal data is removed from our databases within 30 days, except where retention is required by law.
- Inactive Accounts: Accounts inactive for 12 months may be automatically deleted after email notification.
- Anonymized Data: Aggregated, anonymized usage statistics may be retained indefinitely to improve our services.
5. Third-Party Sharing
We do not sell, trade, or rent your personal identification information to others.
- Tesla: By nature of the App, data is exchanged with Tesla, Inc. to control your hardware. This exchange is subject to Tesla's Privacy Policy.
- Service Providers: We use AWS (Amazon Web Services) for API hosting (Lambda, API Gateway) and data storage (DynamoDB). All data stored there is encrypted at rest and in transit.
- Legal Requirements: We may disclose information if required by law, court order, or government request.
6. International Data Transfers
Your information may be transferred to and processed on servers located outside your country of residence, including in the United States (AWS infrastructure) and Australia (our business location). We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.
7. Your Rights
You have the right to:
- Access: View the data we hold about you (visible within the App).
- Correction: Request correction of inaccurate personal information.
- Deletion: Request complete deletion of your VaultCore account and associated data via the "Settings" menu or by contacting support.
- Portability: Request a copy of your data in a machine-readable format.
- Revocation: You may revoke VaultCore's access to your Tesla account at any time via your Tesla Account security settings.
- Opt-Out: You can disable analytics collection in the App Settings.
8. Analytics & Diagnostics
To improve app stability and performance, we may collect:
- Anonymized crash reports
- App performance metrics (response times, error rates)
- Feature usage statistics (aggregated, not personally identifiable)
This data does not identify you personally. You can opt out of analytics collection in the App Settings.
9. Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
10. Australian Privacy Principles
If you are located in Australia, we handle your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You have the right to access and correct your personal information, and to make a complaint if you believe we have breached the APPs.
11. California Privacy Rights (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request information about the personal data we collect, use, and disclose.
- Right to Delete: You can request deletion of your personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- No Sale of Data: We do not sell personal information.
12. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your data based on:
- Contract: To provide the VaultCore service you subscribed to.
- Legitimate Interest: To improve our services, ensure security, and prevent fraud.
- Consent: For optional features like analytics and marketing communications (where applicable).
- Legal Obligation: To comply with applicable laws and regulations.
13. Security Incidents
In the event of a data breach that affects your personal information, we will notify you via email and/or in-app notification within 72 hours of becoming aware of the breach, as required by applicable law. We will also notify relevant regulatory authorities as required.
14. Changes to This Policy
We may update our Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy in the App
- Sending an email to your registered address
- Displaying a prominent notice when you next open the App
- Updating the "Last Updated" date at the top of this page
Your continued use of the App after such changes constitutes your acceptance of the updated Privacy Policy.
Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
Privacy: [email protected]
Support: [email protected]
For Australian privacy complaints, you may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au
Effective Date: December 22, 2025
Download PDF Version