VESvault Corp. is a US based corporation that provides encryption based privacy and security services and products to end users either directly or through third parties. Under the VESvault company umbrella there are currently two related but independent products/services: VES and VESmail.
VES, an acronym for Viral Encrypted Security, is a patented encryption key management and recovery service. VES is not a proprietary type of encryption. Rather, it is a proprietary key management system. VES uses current, open source encryption technologies and algorithms. Through the VES APIs, any third party service provider can integrate VES into their products to provide their end users with encryption of data-at-rest that can have an unmatched level of safety from key loss without diluting the privacy and security of end-to-end encryption. VESvault Corp has zero access to any VES encrypted information.
VESmail is an end user product/service that enables email users to integrate end-to-end encryption into their existing email accounts through VES. As such, VESmail provides the safety of VES recovery to these users in a universal utility that works behind the scenes. VESmail also has additional unique user benefits and features. VESmail is applicable to all IMAP email providers and all email clients (except browsers). VESmail works for both personal and enterprise email accounts and has additional features for enterprise clients. The integration between VES and VESmail is achieved entirely through the same VES APIs that are available to any third party, and hence constitutes the separate and distinct nature between VES and VESmail as products/services.
While an end user can create a VES account directly, it offers nothing of use in this capacity except the capability to assist other VES users in recovery. To be of direct benefit to the VES account holder, VES must be integrated with a third party app that itself provides a product or service directly to the end user. Similarly, VESmail is of no use to a user unless it is integrated into an existing email account provided to the user by a third party. Neither VES, nor VESmail provide email accounts to any end users.
Our privacy pledge
The mission of VESvault Corp. is to improve the privacy and security of user data-at-rest by enabling the safe use of full end-to-end encryption by mitigating the risk of key loss. With privacy being a core tenet of our mission, we take a minimalist approach to collecting, using, storing and sharing user private data. It would be damaging to our business to do anything otherwise.
Additionally, to ensure the VES encryption is fully end-to-end, VESvault Corp. has no access to any encryption keys and hence cannot decrypt any user data protected with VES encryption.
Personal Data to which we and others have access and may collect
Information you provide us through the use of our products
Browser and device information we collect
We may collect your Internet Protocol (IP) address, browser type and version, time zone setting and location, operating system and other technology on the devices you use to access our websites.
Information to which you may enable access to third parties through product use
A necessary feature of the Enterprise instance service to allow administrators to have oversight compliance on employee/user email correspondence. Administrators to an Enterprise instance have the ability to assign audit email accounts which are copied on all outgoing emails. The auditor accounts are given a copy of the item encryption key for the email enabling the auditors to read the full contents of the email. This feature is in compliance with corporate rights in regards to monitoring employee email correspondence and the Enterprise Administrator has sole discretion on choosing to use it without user knowledge.
The audit feature has no ability to read incoming VES encrypted messages from VESmail accounts that are not part of the Enterprise instance. Currently, the audit feature only applies to outgoing messages.
VESvault has no role in deciding if this feature is enabled for any Enterprise instance. VESvault has no ability to use this feature to access any VES encrypted emails nor does VESvault have access to any VES encrypted messages sent by either Personal or Enterprise accounts. Additionally, the audit feature only applies to Enterprise email accounts. The audit feature is not available in any form for any Personal VESmail accounts.
How we collect Personal Data
We primarily collect Personal Data when you voluntarily provide it to us: (i) in the process of setting up your VES and VESmail account; (ii) when you set up VES recovery; (iii) when you create and manage and Enterprise instance with a user base; and (iv) when you provide payment information for setting up an Enterprise instance.
Secondarily, we may collect personal information when communicating with you through chat, email, text, telephone, video call or other such means for user support or other similar direct communication scenarios.
We may also collect Personal Data from you offline, such as through business development efforts, networking, marketing or sales initiatives or industry events.
The Personal Data we collect may include contact information such as your name, address, telephone number, email address and social media. It may also include professional information such as employer name, address and job title.
How we use Personal Data
We use the information we collect to provide the highest level of service and product benefit to you.
We also use the information to improve our products and services and to provide additional features, products or services to you. In particular, we use the information to provide you with better safety from key loss, better security in terms of encryption key protection, and to monitor potential attacks on your Personal Data.
We may also use the data to better operate our business, which includes analyzing performance, meeting legal obligations, developing our workforce and doing research.
How we share Personal Data
VESvault does not sell, rent or give Personal Data to marketers or unaffiliated third parties. In general, we refrain from sharing Personal Data unless necessary in pursuit of our mission and business objectives, some examples of which are listed below.
We may share Personal Data on a limited basis to service providers such as identity verification services, website hosting, data analysis, information technology and infrastructure, email provider services and auditing services. These third parties may need to access Personal Data to perform their services. We authorize such services to use or disclose Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such services providers to protect the security and confidentiality of Personal Data they process on our behalf.
We only engage with well-known industry service providers who also have well established and proper Privacy Policies. The below list of service providers are third parties with whom we currently engage. As our business needs evolve, we may use new and different third-party providers and will periodically update this page to reflect this.
Change of corporate control
We may share Personal Data: (i) to comply with applicable law; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of VESvault, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities, which may include authorities outside your country of residence.
Personal Data table pertaining to the use of our products through our apps and browser
Note, this table does not include Personal Data obtained through means outside of your normal use of our products.
Your rights and controls
Through our service and products, you can directly access, edit and export Personal Data processed by VESvault in your use of our products and services.
You can delete your Personal Data by contacting our support services at info@VESvault.com with the subject
If an Enterprise email address is owned by the entity to which it is attached, then it is the responsibility of that legal entity and not VESvault to delete any associated Personal Data. Through your contractual relationship to such an entity, you are responsible for contacting them directly to discuss your rights to Personal Data they collect.
Information security and retention
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. Your Personal Data is only available to a limited number of personnel on a need-to-know basis.
We retain Personal Data while we are providing services to you. We retain Personal Data after we cease providing services to you, even if you close your account, to the extent necessary to comply with the proper operation of our products, legal obligations, regulatory obligations or for the purposes of fraud monitoring and protection.
We also retain Personal Data to comply with our tax, accounting and financial reporting obligations, where we are required to retain the data by our contractual commitments to our partners and where data retention in mandated.
Protecting children’s privacy
Our services are not directed to persons under the age of 13 unless that personal has an existing personal email account setup with the consent and supervision of a parent or guardian. We do not knowingly collect Personal Data from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to remove such information and terminate the child’s account. If you learn that your child has provided us with personal information without consent, please contact us at info@VESvault.com and the