hello.iohello.iovault

Privacy Policy

Effective June 9, 2026

Last updated: June 9, 2026.

Hello.Vault is operated by Deep Creator Inc. (DBA Hello.io), a United States company (“Hello.Vault,” “we,” “us,” or “our”). This Privacy Policy explains what personal information we collect from creators who sell files through Hello.Vault and from buyers who purchase them, how we use it, who we share it with, and the choices you have. By using Hello.Vault you agree to the practices described here.

1. Who this policy covers

This policy applies to anyone who interacts with Hello.Vault: creators who register an account, upload files, set prices, and receive payouts; buyers who purchase files or subscribe to a creator; and visitors who browse our marketing pages. Where a creator collects information from their own audience outside of Hello.Vault, the creator is responsible for that data — this policy covers only what we collect through the service.

2. Information we collect

  • Account data: email address, name, password (stored only as a salted hash), optional handle, profile details, and brand settings.
  • Content and file data: the files you upload, plus metadata such as filename, file size, MIME type, thumbnails, titles, descriptions, tags, and prices you set.
  • Transaction data: what was purchased, the amount, currency, timestamp, the buyer's email address for receipts and delivery, and Stripe payment intent identifiers. We never store card numbers, CVVs, or full payment credentials — those go directly to Stripe and never touch our servers.
  • Payout and identity data: creators onboard to Stripe Connect, which collects identity and banking details (KYC) directly. We receive only Stripe account identifiers and verification status, not the underlying documents.
  • Subscription data: active subscriptions, billing periods, renewal and cancellation status.
  • Usage and audit data: hashed IP address, user agent, timestamps, and download events. We use this to enforce download limits and expirations, detect fraud, and secure accounts.
  • Communications: messages you send to support, abuse reports, and legal notices.

3. How we use your information

  • To operate the service: deliver files, process payments, send payouts, and manage subscriptions.
  • To send transactional email — receipts, download links, payout notices, and account alerts — via Resend.
  • To enforce the limits creators set on each item (expiration, download caps, passwords).
  • To detect and prevent fraud, chargebacks, abuse, and violations of our Terms and content rules.
  • To comply with legal obligations, including tax reporting, sanctions screening, and responding to lawful requests.
  • To improve the service through aggregated, de-identified analytics.

4. AI and automated processing

Hello.Vault uses automated systems, including AI models, to process uploaded content for three purposes: tagging and categorization (so files are easier to organize and find), pricing suggestions (so creators can see what similar items sell for), and safety scanning (to detect prohibited material such as CSAM, which we are legally required to report). This processing happens as part of operating the service. We do not use your uploaded content to train general-purpose AI models, and we do not sell your content to AI companies.

5. Cookies and sessions

We use a small number of first-party cookies: a session cookie to keep you signed in, a CSRF token to protect forms, and preference cookies (such as theme). We do not use third-party advertising cookies or cross-site trackers. Stripe sets its own cookies during checkout for fraud prevention; see Stripe's privacy policy for details. You can clear cookies in your browser at any time, though the service requires the session cookie to function while you are signed in.

6. How we share information

We share personal information only with the service providers needed to run Hello.Vault:

  • Stripe — payment processing, fraud prevention, and creator payouts via Stripe Connect.
  • Vercel — application hosting and file storage infrastructure.
  • Neon — managed database hosting for account and transaction records.
  • Resend — transactional email delivery.

We may also disclose information when required by law (for example, a subpoena, court order, or a mandatory CSAM report to NCMEC), to protect the rights and safety of users and the public, or in connection with a merger, acquisition, or sale of assets — in which case this policy continues to apply until you are notified otherwise. We do not sell or rent personal information, and we do not share it with advertisers.

7. Buyers and creators sharing with each other

When a buyer purchases from a creator, the creator can see the buyer's email address and purchase history with that creator — this is necessary to deliver files and handle support. Creators must handle buyer information lawfully and may not use it for unrelated marketing without consent.

8. Data retention

We keep account data while your account is active. Transaction records are retained for seven years to satisfy tax, accounting, and anti-fraud obligations. Audit logs are kept for up to 24 months. Uploaded files are deleted when you delete them or close your account, except where we must preserve content for an active legal matter, a pending dispute or chargeback, or a law-enforcement preservation request.

9. Deletion and your rights

You can access, export, correct, or delete your account data at any time from your account settings or by emailing privacy@itshello.io. Depending on where you live (including under state privacy laws such as the Texas Data Privacy and Security Act and the California Consumer Privacy Act), you may have rights to access, correct, delete, and obtain a copy of your personal information, and to appeal a decision we make about a request. We respond to verified requests within the time required by applicable law, and we do not discriminate against you for exercising your rights. Buyers may also contact us directly to request deletion of their purchase email records, subject to the retention requirements above.

10. Security

Files are encrypted at rest and all traffic is encrypted in transit with TLS. Passwords are stored only as salted hashes, and API keys are stored hashed. Access to production systems is restricted and logged. No system is perfectly secure — if we learn of a breach affecting your personal information, we will notify you as required by law.

11. Age requirements

Hello.Vault is not for children. All creators must be at least 18 years old. Buyers must be at least 18 to purchase or view adult content, and at least the age of majority in their jurisdiction to use the service at all. We do not knowingly collect personal information from anyone under 18; if we learn we have, we delete it and close the account.

12. Sensitive information and adult content

Because some creators sell adult content, a purchase record can reveal information about your interests. We treat purchase histories as confidential, share them only as described in this policy, and use neutral descriptors on email receipts and payment statements where the payment network permits.

13. International users

Hello.Vault is operated from the United States and your information is processed and stored in the United States. If you use the service from outside the US, you understand your information will be transferred to and processed in the US, where data protection laws may differ from those in your jurisdiction.

14. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or an in-product notice before the changes take effect. The “Last updated” date at the top reflects the latest revision. Continued use of the service after changes take effect means you accept the updated policy.

15. Contact

Deep Creator Inc. (DBA Hello.io), Texas, USA. Privacy requests: privacy@itshello.io. Legal: legal@itshello.io.