DataVault — Cookie Policy
Draft — pending lawyer review. This document is a working draft. The final version should be reviewed alongside the Privacy Policy and Terms of Service. The current scope is intentionally minimal because DataVault uses no third-party tracking cookies and the marketing site uses cookieless analytics.
| Document version | Status | Last updated |
|---|---|---|
| 0.1 (draft) | Pre-launch | 2026-05-02 |
1. What this policy covers
This policy describes how DataVault (and the marketing site at
datavaultapp.com) uses cookies and similar storage technologies. It
complements the Privacy Policy and the
Terms of Service.
2. Summary
- The DataVault application uses no third-party tracking cookies.
- The DataVault application uses no advertising cookies.
- The marketing site uses no cookies for tracking. It optionally uses Cloudflare Web Analytics or Plausible — both are cookie-less by design.
- The application does use browser local storage technologies (specifically IndexedDB, and SQLite on desktop) to cache your vault for offline access and to remember your sign-in across page reloads. These are not cookies in the traditional sense, but EU law often treats them the same way for consent purposes — see §4.
3. Cookies we use, by category
3.1 Strictly necessary
The application sets a small number of strictly-necessary, first-party
cookies on its own domain (app.datavaultapp.com) for the following
purposes:
| Name | Purpose | Lifetime | First/Third party |
|---|---|---|---|
__dv_session (placeholder name) | Carry the session identifier between page loads if local storage is unavailable. In normal operation we use IndexedDB instead and this cookie is not set. | Session | First |
These cookies are exempt from consent under the EU ePrivacy Directive (Article 5(3)) because they are strictly necessary to provide the service you asked for. They cannot be disabled without breaking sign-in.
3.2 Functional / preference
The application stores user preferences (theme: light/dark, language, sidebar collapsed state, etc.) in IndexedDB on your device. None of these are sent to our servers. They persist until you sign out or clear your browser’s site data.
3.3 Analytics
The marketing site at datavaultapp.com uses Cloudflare Web
Analytics (or, if we switch, Plausible) — both of which are
cookieless and don’t fingerprint visitors. They report aggregate
traffic numbers (page views, referrers, country) to us without
identifying individual users.
The DataVault application itself ships with no analytics SDK at launch. (If we ever add product analytics, we will update this document and provide an opt-in toggle.)
3.4 Advertising
We do not use advertising cookies. We do not allow third-party advertisers to set cookies on our domains. We don’t sell visitor or user data to anyone.
4. Local storage technologies (treated like cookies under EU law)
The application uses IndexedDB (in browsers and PWA) or SQLite (in the desktop app) to:
- Cache your vault content for offline access.
- Cache your encryption key (encrypted by a key derived from your device session) so you don’t have to re-enter it.
- Remember session metadata (session ID, profile data) between page reloads.
These are first-party, strictly necessary to provide the offline- capable Service. They are exempt from consent under ePrivacy Article 5(3) for the same reasons as the strictly-necessary cookies above. You can clear them at any time by:
- Clearing site data for
app.datavaultapp.comin your browser. - Using Account → Reset Account in the app.
- Uninstalling the desktop or mobile app (which clears the local database).
5. How to manage cookies
- In your browser: every modern browser lets you view and clear cookies and local storage per site. Steps vary by browser; search for “manage cookies in [your browser]” for instructions.
- In the application: Account → Reset Account clears all locally stored data and signs you out.
- At the OS level: uninstalling the desktop or mobile app removes its local database.
If you block strictly-necessary cookies and local storage, the application will not work — sign-in, offline mode, and encryption all depend on them.
6. “Do Not Track” signals
We honor the spirit of “Do Not Track” by not implementing tracking in the first place. There is nothing to opt out of in the application itself.
7. Changes to this policy
If we ever introduce new cookies or analytics features, we will:
- Update this Cookie Policy and bump the version in the table at the top.
- For any non-strictly-necessary cookies, request your explicit consent through an in-app banner before setting them, in line with EU ePrivacy and GDPR requirements.
8. Contact
For questions about cookies or local storage usage:
support@datavaultapp.com (or constantin.permiakov@gmail.com in the
interim).