Privacy policy
Last updated: 2026-06-14. Draft pending legal review. This document describes how Stillvault intends to handle personal data during the pre-general-availability period and is provided for transparency. The executed policy will be published before general availability. Nothing here is legal advice.
Who we are
Stillvault is a trading name of Wolstapp Ltd, a company registered in England and Wales (company number 14963179) (“we”, “us”), which provides human-in-the-loop secret management. For personal data about your own end users that you process through the service, you are the data controller and we act as your processor — see the data processing agreement. For personal data about your account and the people who use Stillvault directly, we are the controller, and this policy applies.
What the control plane sees vs. what it cannot see
Stillvault is designed so we observe the minimum needed to route requests and coordinate approvals. The table below is a structural property of the system, not only a policy promise.
| The control plane sees | The control plane cannot see |
|---|---|
| Secret labels — the names you give secrets | Secret plaintext |
Access metadata — when each stillvault get was requested | Any key that can decrypt your stored secrets |
| Approver identities — which member approved each release | The Org Identity private key (held in your custody) |
| Requesting-process identity — which program, run by which OS user, asked for a secret | Your approvers’ device-held credential secrets |
| Tenant memberships and device enrolments | Recovery / break-glass key material |
| Billing and subscription state |
Secrets are decrypted only on an authorised approver’s device and delivered sealed to the requesting consumer. The plaintext does not transit or rest on the control plane.
Personal data we collect
- Account data — email address, name, org name, and member roles.
- Audit log — request timestamps, approver decisions, and the identity of the requesting process. Retained per your plan and exportable.
- Encrypted stores — your secret ciphertext. Not decryptable by us.
- Device enrolment records — public credential identifiers for enrolled approver devices. No device-held credential secrets.
- Usage and diagnostic data — logs and metrics needed to operate and secure the service.
- Marketing-site data — the marketing site (stillvault.ai) runs no analytics, no third-party trackers, and no advertising cookies.
We do not collect biometric data. Where approval uses a fingerprint or face, that processing happens entirely on the approver’s device; we receive only the cryptographic result.
How we use personal data
We use personal data to provide and secure the service, authenticate users, route and record approvals, bill paid plans, respond to support requests, comply with law, and — where you have not opted out — send service and product updates.
Legal bases (UK/EU GDPR)
We rely on: performance of our contract with you; our legitimate interests in operating and securing the service and communicating with customers; your consent where required (e.g. optional marketing); and compliance with legal obligations.
Sharing and sub-processors
We do not sell personal data. We share it only with sub-processors that help us run the service (for example cloud hosting, push-notification delivery, and transactional email), each under contract and only as needed. The current list and the terms governing them are in the data processing agreement. We may disclose data where required by law.
Retention
We keep account data for as long as your account is active and audit data per your plan. On account closure we delete tenant data — including ciphertext stores, audit logs, and enrolment records — within 30 days, subject to legal retention obligations.
Your rights
Subject to applicable law you may request access to, correction of, deletion of, or a copy of your personal data, and may object to or restrict certain processing. To exercise these rights, contact us below. You may also complain to your data protection authority (in the UK, the ICO).
International transfers
Where personal data is transferred outside the UK or EEA, we put appropriate safeguards in place, such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses.
Security
We protect personal data with encryption in transit and at rest, tenant isolation, access controls, and audit logging — and, for your secrets, with an architecture in which we hold no key that can decrypt them.
Changes
We may update this policy. Material changes will be notified by email or in-product. The “last updated” date above reflects the current version.
Contact
Privacy enquiries and rights requests: hello@stillvault.ai.
Draft — pending legal review before general availability.