1. Introduction
Vettra ("we," "our," or "us") operates a secure document sharing platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.
By using Vettra, you agree to the collection and use of information as described in this policy. If you do not agree with this policy, please do not use our services.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Your name
- Email address
- Password (stored as a secure hash, not in plain text)
- Account type (personal or business)
2.2 Documents and Files
When you upload documents to your vault, we store:
- The document file itself (encrypted at rest)
- Document metadata (file name, type, size, upload date)
- Extracted field data for supported document types (e.g., expiration dates from driver's licenses)
2.3 Sharing Activity
When you share documents with businesses, we record:
- Which documents were shared
- Who they were shared with
- Share settings (expiration dates, access restrictions)
- Share status (pending, active, revoked, expired)
2.4 Audit and Activity Logs
We maintain audit logs of activity on your account for security and compliance purposes. These logs record what happened, not the contents of your documents. Examples include:
- Login and logout events
- Document uploads, downloads, and deletions
- Share creation, approval, rejection, and revocation
- Account setting changes
2.5 Technical Information
We automatically collect certain technical information when you use our services:
- IP address
- Browser type and version
- Device information
- Session identifiers
3. How We Use Your Information
We use the information we collect to:
- Provide our services: Process document uploads, manage sharing, and maintain your account
- Security and fraud prevention: Detect unauthorized access, protect against abuse, and maintain the integrity of our platform
- Communications: Send transactional emails (share notifications, password resets, security alerts)
- Legal compliance: Comply with applicable laws, regulations, and legal processes
- Service improvement: Understand how our services are used and make improvements
4. How We Store and Protect Your Information
4.1 Encryption
We use industry-standard encryption to protect your data:
- Documents at rest: Encrypted using AES-256-GCM with unique encryption keys per document
- Encryption keys: Protected using RSA-2048 key management
- Data in transit: Protected using TLS encryption
4.2 Access Controls
Access to your data is restricted through:
- Authentication requirements for all account access
- Role-based access controls within the platform
- Audit logging of all data access
4.3 Key Management
Encryption keys are managed using AWS Key Management Service (KMS) with hardware security modules (HSMs). While your documents are encrypted at rest, Vettra personnel with appropriate authorization may access your data for purposes such as providing customer support or investigating security incidents.
5. Information Sharing
We do not sell your personal information. We share your information only in the following circumstances:
5.1 With Businesses You Choose
When you share a document with a business through our platform, that business receives access to the shared document or data according to the sharing settings you select.
5.2 Service Providers
We use third-party service providers to help operate our platform:
- Email delivery: To send transactional emails and notifications
- Cloud infrastructure: To host our application and store data
These providers are contractually obligated to protect your information and use it only for the services they provide to us.
6. Cookies and Tracking
We use cookies and similar technologies for:
- Session management: To keep you logged in and maintain your session
- Security: To protect against cross-site request forgery (CSRF) and other attacks
We do not use third-party advertising or analytics cookies. We do not track you across other websites.
7. Data Retention
- Documents: Stored until you delete them or close your account
- Audit logs: Retained for compliance and security purposes, typically for the duration of your account plus a reasonable period thereafter
- Account information: Retained until you request account deletion
When you delete a document or close your account, we will remove your data from our active systems. Some information may be retained in backups for a limited period.
8. Your Rights and Choices
You have the following rights regarding your data:
- Access: View and download your documents and account information through your dashboard
- Deletion: Delete individual documents or request deletion of your entire account
- Revocation: Revoke access to shared documents at any time
- Correction: Update your account information through your settings
To exercise these rights, you can use the controls in your account dashboard or contact us at support@vettra.ca.
9. International Data
Vettra is based in Canada. If you access our services from outside Canada, your information may be transferred to, stored, and processed in Canada or other countries where our service providers operate.
By using our services, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.
10. Children's Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@vettra.ca.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting a notice on our website
- Sending an email to your registered email address
- Updating the "Last updated" date at the top of this policy
Your continued use of our services after any changes indicates your acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
Email: support@vettra.ca