Legal

Privacy Policy

Last Modified: February 2026

1. Introduction and Controller Information

This Privacy Policy explains how Starbox-Group GmbH ("Vaultbrix", "we", "us", or "our"), a Swiss company, collects, uses, and protects your personal data when you use our database-as-a-service platform.

Data Controller:
Starbox-Group GmbH
Geneva, Switzerland
Email: privacy@vaultbrix.com

2. Data Residency and Sovereignty

Swiss Data Sovereignty

All customer data is hosted exclusively in Switzerland (Geneva, Exoscale CH-GVA-2 data center). Your data never leaves Swiss jurisdiction - not for backups, not for disaster recovery, not for any reason.

As a Swiss company, Vaultbrix is subject to the Swiss Federal Act on Data Protection (FADP/LPD) and is not subject to the US CLOUD Act or similar foreign data access laws.

3. Information We Collect

3.1 Account Information

  • Email address
  • Name and organization details
  • Payment information (processed via Stripe)

3.2 Technical Information

  • IP addresses and access logs
  • Browser and device information
  • API usage logs

3.3 Customer Data (Databases)

Customer databases are fully owned by the customer. We process this data solely to provide the service. This includes:

  • Database contents stored in your schemas
  • Object storage files
  • Edge function code

3.4 AI Context Engine (Snipara) Data

Our AI Context Engine processes the following to enable AI-native features:

  • Schema metadata: Table names, column names, types, relationships, and indexes
  • Agent Memory: Persistent conventions and decisions stored by AI tools
  • Context queries: Requests from connected AI tools (Claude Code, Cursor, etc.)

Important: The AI Context Engine does NOT access or process the actual data content in your tables - only structural metadata.

4. How We Use Your Information

  • Providing and maintaining the Vaultbrix platform
  • Processing payments (via Stripe)
  • AI Context Engine schema introspection and optimization
  • Service improvements and analytics
  • Security monitoring and fraud prevention
  • Legal compliance

5. Legal Basis for Processing

Under Swiss LPD and EU GDPR, we process your data based on:

  • Contract performance: To provide the services you requested
  • Legitimate interests: For security, fraud prevention, and service improvement
  • Legal obligations: To comply with applicable laws
  • Consent: For optional features where applicable

6. Data Sharing

6.1 Service Providers

  • Stripe: Payment processing (PCI-DSS compliant)
  • Exoscale: Swiss cloud infrastructure provider

6.2 No Sale of Data

We do not sell, rent, or trade your personal data.

6.3 Legal Requirements

We may disclose data only in response to valid Swiss legal processes (Swiss court orders, regulatory requirements under Swiss law).

7. International Data Transfers

Customer database data is never transferred outside of Switzerland. Administrative data may be processed by service providers with appropriate safeguards (Standard Contractual Clauses where applicable).

8. Data Retention

  • Account data: Duration of account plus 5 years (legal requirements)
  • Access logs: 90 days
  • Customer databases: Until deleted by customer
  • Backups: According to your plan (7-30 days)

9. Security Measures

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Role-based access controls
  • Regular security audits
  • SOC 2 Type II certification (in progress)

10. Your Rights

Under Swiss LPD:

  • Right to information about data processing
  • Right to access your data
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to object to processing

Under EU GDPR (for EEA residents):

All rights above, plus the right to lodge a complaint with your national supervisory authority.

To exercise your rights, contact us at privacy@vaultbrix.com.

11. Cookies

We use essential cookies only for authentication and session management. We do not use advertising or tracking cookies.

12. Children's Privacy

Vaultbrix is not intended for users under 16 years of age. We do not knowingly collect data from children.

13. Changes to This Policy

We will notify you of material changes via email or through the Vaultbrix dashboard. Continued use after changes constitutes acceptance.

14. Supervisory Authority

Swiss: Federal Data Protection and Information Commissioner (FDPIC)
EU: Your relevant national data protection authority

15. Contact

For privacy inquiries:
Email: privacy@vaultbrix.com
Address: Starbox-Group GmbH, Geneva, Switzerland