AI VISIBILITY SCANNER·check the leading AI models·1 free scan·track visibility over time·leaderboard rankings·LIVEscanning·
AI VISIBILITY SCANNER·check the leading AI models·1 free scan·track visibility over time·leaderboard rankings·LIVEscanning·
last updated: june 2026

Privacy Policy

1. Data controller

Vaulto Oy, a company incorporated in Finland, is the data controller for personal data processed through vaulto.sh and related services.

Contact: privacy@vaulto.sh

2. What data we collect

Account data

  • -Email address (required for authentication)
  • -Name (optional, for display purposes)
  • -Company name and website (for scan context)
  • -Billing information (processed by Stripe)

Scan data

  • -URLs you submit for visibility analysis
  • -Scan results and visibility scores
  • -AI-generated responses from third-party platforms
  • -Competitor mentions and source citations

Usage data

  • -Pages viewed and features used
  • -Device type, browser, and operating system
  • -IP address (for rate limiting and fraud prevention)

3. How we use your data

  • -To provide visibility scans and analysis
  • -To cache scan results for faster response times
  • -To track your scan history (for logged-in users)
  • -To send transactional emails (scan results, account updates)
  • -To prevent abuse and enforce rate limits
  • -To improve the Service through aggregated analytics
  • -To comply with legal obligations

4. Legal basis for processing (GDPR)

  • -Contract: Processing necessary to provide scan services
  • -Legitimate interest: Analytics, security, fraud prevention, service improvement
  • -Legal obligation: Tax reporting, compliance requirements
  • -Consent: Marketing communications (opt-in only)

5. Data sharing and transfers

Service providers

  • -Supabase (database hosting) - EU region, GDPR compliant
  • -Stripe (payments) - US-based, EU-US Data Privacy Framework certified
  • -Vercel (hosting) - US-based, Standard Contractual Clauses in place
  • -OpenAI (AI scanning) - US-based, Data Processing Agreement in place
  • -Anthropic (AI scanning) - US-based, Data Processing Agreement in place

International transfers

Where data is transferred outside the EEA, we rely on EU-US Data Privacy Framework adequacy decisions and Standard Contractual Clauses (SCCs) as approved by the European Commission.

AI platform data sharing

When performing scans, we send URLs to leading third-party AI platforms to generate visibility analysis. These queries contain only the URL being scanned and related keywords, no personal data is shared with AI platforms.

6. Data retention

  • -Active accounts: Scan history retained while account is active
  • -Deleted accounts: Personal data deleted within 90 days of account closure
  • -Cached scans: Cached results retained for 7 days for performance
  • -Access logs: Retained for 13 months (security purposes)
  • -Billing records: Retained for 7 years (tax compliance)

7. Your rights

Under GDPR, you have the right to:

  • -Access - Request a copy of your personal data
  • -Rectification - Correct inaccurate data
  • -Erasure - Request deletion (subject to legal retention)
  • -Portability - Export your data in machine-readable format
  • -Object - Object to processing based on legitimate interests
  • -Withdraw consent - Where processing is based on consent

To exercise these rights, email privacy@vaulto.sh. We will respond within 30 days.

8. Cookies and analytics

Vaulto uses cookieless analytics (Plausible) that do not track individual users or require cookie consent. We do not use advertising cookies or third-party trackers.

Essential cookies are used for authentication and session management only.

For detailed information about our cookie practices, see our Cookie Policy.

9. Security

We implement appropriate technical and organizational measures including:

  • -Encryption in transit (TLS 1.3) and at rest
  • -Row-level security in our database
  • -Regular security reviews
  • -Access logging and monitoring

10. Automated decision-making

Vaulto does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Visibility scores are generated by AI platforms and displayed for informational purposes only. They do not affect your access to the Service or legal rights.

11. Children

Vaulto is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

12. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email or in-app notification at least 30 days before taking effect.

13. Contact and complaints

Data Protection Contact: privacy@vaulto.sh

If you are not satisfied with our response, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) or your local supervisory authority.