×
Privacy Policy

About us

VESvault Corp. is a US based corporation that provides encryption based privacy and security services and products to end users either directly or through third parties. Under the VESvault company umbrella there are currently two related but independent products/services: VES and VESmail.

VES, an acronym for Viral Encrypted Security, is a patented encryption key management and recovery service. VES is not a proprietary type of encryption. Rather, it is a proprietary key management system. VES uses current, open source encryption technologies and algorithms. Through the VES APIs, any third party service provider can integrate VES into their products to provide their end users with encryption of data-at-rest that has a level of safety from key loss without diluting the privacy and security of end-to-end encryption. VESvault Corp has zero access to any VES encrypted information.

VESmail is an end user directed product/service that enables email users to integrate end-to-end encryption of their existing email accounts through VES. As such, VESmail provides the safety of VES recovery to these users in a universal utility that works behind the scenes. VESmail is applicable to all IMAP email providers and all email clients (except browsers). VESmail works for both personal and enterprise email accounts and has additional features for enterprise clients. The integration between VES and VESmail is achieved entirely through the same VES APIs that are available to any third party, and hence constitutes the separate and distinct nature between VES and VESmail as products/services.

While an end user can create a VES account directly, it offers nothing of use in this capacity except the capability to assist other VES users in recovery. To be of direct benefit to the VES account holder, VES must be integrated with a third party app that itself provides a benefit to the end user. Similarly, VESmail is of no use to a user unless it is integrated into an existing email account provided to the user by a third party. Neither VES, nor VESmail provide email accounts to any end users.

Our privacy pledge

The mission of VESvault Corp. is to improve the privacy and security of user data-at-rest by enabling the safe use of full end-to-end encryption by mitigating the risk of key loss. With privacy being a core tenet of our mission, we take a minimalist approach to collecting, using, storing and sharing user private data. It would be damaging to our business to do anything otherwise.

Additionally, to ensure the VES encryption is fully end-to-end, VESvault Corp. has no access to any encryption keys and hence cannot decrypt any user data protected with VES encryption.

Personal Data to which we and others have access and may collect

Information you provide us through the use of our products

  • It is necessary for you to have a fully functioning email account to setup a VES account and VESmail account. Although these accounts are technically different, for practical purposes they are one and the same and they are created simultaneously when you set up your VESmail account. An email account is all you need to setup your VES and VESmail accounts.
  • When you set up VES recovery for your VES account, you provide us with the email address of those individuals you select as friends who can assist you in VES recovery.
  • When you contact us for customer support, we may obtain and store any information you choose to provide such as your name, phone number and information about your device.
  • When you set up an Enterprise instance in VESmail, you provide us with your first and last name as well as the first and last names of all individuals you add as administrators for the Enterprise instance, the name of your Enterprise, the Enterprise website url, a list of the email addresses of all authorized users of your Enterprise instance and of special assignees such as Auditors and suggested Recovery Friends.

Browser and device information we collect

Internet protocol (IP) address, browser type and version, time zone setting and location, operating system and other technology on the devices you use to access our websites.

Information to which you may enable access to third parties through product use

A necessary feature of the Enterprise instance service to allow administrators to have oversight compliance on employee/user email correspondence. Administrators to an Enterprise instance have the ability to assign audit email accounts which are copied on all outgoing emails. The auditor accounts are given a copy of the item encryption key for the email enabling the auditors to read the full contents of the email. This feature is in compliance with corporate rights in regards to monitoring employee email correspondence and the Enterprise Administrator has sole discretion on choosing to use it.

The audit feature has no ability to read incoming VES encrypted messages from VESmail accounts that are not part of the Enterprise instance. Currently, the audit feature only applies to outgoing messages.

VESvault has no role in deciding if this feature is enabled for any Enterprise instance. VESvault has no ability to use this feature to access any VES encrypted emails nor does VESvault have access to any VES encrypted messages sent by either Personal or Enterprise accounts. Additionally, the audit feature only applies to Enterprise email accounts. The audit feature is not available in any form for any Personal VESmail accounts.

Cookie information

We use cookies and similar technologies in our Website that help us collect information. The Website may also include cookies and similar tracking technologies of third parties such as Google Analytics which may collect information about you via the Website. For more details, please see our Cookie Policy.

How we collect Personal Data

We primarily collect Personal Data when you voluntarily provide it to us: (i) in the process of setting up your VES and VESmail account; (ii) when you set up VES recovery; (iii) when you create and manage and Enterprise instance with a user base; and (iv) when you provide payment information for setting up an Enterprise instance.

Secondarily, we may collect personal information when communicating with you through chat, email, text, telephone, video call or other such means for user support or other similar direct communication scenarios.

We may also collect Personal Data from you offline, such as through business development efforts, networking, marketing or sales initiatives or industry events.

The Personal Data we collect may include contact information such as your name, address, telephone number, email address and social media. It may also include professional information such as employer name, address and job title.

We also collect information from the use of cookies. The technologies used to collect this type of information may evolve over time.

How we use Personal Data

We use the information we collect to provide the highest level of service and product benefit to you.

We also use the information to improve our products and services and to provide additional features, products or services to you. In particular, we use the information to provide you with better safety from key loss, better security in terms of encryption key protection, and to monitor potential attacks on your Personal Data.

We may also use the data to better operate our business, which includes analyzing performance, meeting legal obligations, developing our workforce and doing research.

How we share Personal Data

VESvault does not sell, rent or give Personal Data to marketers or unaffiliated third parties. In general, we refrain from sharing Personal Data unless necessary in pursuit of our mission and business objectives, some examples of which are listed below.

Service Providers

We may share Personal Data on a limited basis to service providers such as identity verification services, website hosting, data analysis, information technology and infrastructure, email provider services and auditing services. These third parties may need to access Personal Data to perform their services. We authorize such services to use or disclose Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such services providers to protect the security and confidentiality of Personal Data they process on our behalf.

We only engage with well-known industry service providers. The below list of service providers are third parties with whom we currently engage. As our business needs evolve, we may use new and different third-party providers and will periodically update this page to reflect this.

  • Google
  • Digital Ocean
  • Stipe
  • PayPal
  • Slack
  • Microsoft
  • Apple

Change of corporate control

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business or changes ownership or control of any part of our products and services, we may share Personal Data with third parties in connection with such transaction. Any party which gains control or all or part of our operations will have the right to continue to use your Personal Data, but only in the manner set out in the Privacy Policy.

Legal compliance

We may share Personal Data: (i) to comply with applicable law; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of VESvault, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities, which may include authorities outside your country of residence.

Personal Data table pertaining to the use of our products through our apps and browser

View the table (PDF)

Note, this table does not include Personal Data obtained through means outside of the use of our products.

Your rights and controls

Through our service and products, you can directly access, edit and export Personal Data processed by VESvault in your use of our products and services.

You can delete your Personal Data by contacting our support services at info@VESvault.com with the subject DELETE MY ACCOUNT and we will generally respond in 30 days with email notification to you that your Personal Data has been deleted.

If an Enterprise email address is owned by the entity to which it is attached, then it is the responsibility of that legal entity and not VESvault to delete any associated Personal Data. Through your contractual relationship to such an entity, you are responsible for contacting them directly to discuss your rights to Personal Data they collect.

Information security and retention

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. Your Personal Data is only available to a limited number of personnel on a need-to-know basis.

We retain Personal Data while we are providing services to you. We retain Personal Data after we cease providing services to you, even if you close your account, to the extent necessary to comply with the proper operation of our products, legal obligations, regulatory obligations or for the purposes of fraud monitoring and protection.

We also retain Personal Data to comply with our tax, accounting and financial reporting obligations, where we are required to retain the data by our contractual commitments to our partners and where data retention in mandated.

Protecting children’s privacy

Our services are not directed to persons under the age of 13. We do not knowingly collect Personal Data from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to remove such information and terminate the child’s account. If you learn that your child has provided us with personal information without consent, please contact us at info@VESvault.com and the UNDERAGE USER in the subject line.

Recent versions

We may modify or update this Privacy Policy periodically to reflect changes in our business and practices, and to keep up with any new compliance requirements. When this occurs, we will update the ‘last modified’ date at the bottom of this page, post a notice to our website, and possibly provide a notification to you either through email or through our website. The most up to date version can always be found at https://vesmail.email/privacy.

Revision Date: 11/29/2021