Privacy Policy

1.Introduction

Rivault, Inc. (“Rivault,” “we,” “us,” or “our”) operates a zero-knowledge encrypted secrets management platform that enables individual users and AI agents to store, retrieve, and authorize access to credentials, API keys, payment information, personal addresses, and other sensitive data (collectively, the “Service”). The Service includes, without limitation, our web application, API, browser extensions, mobile applications, OpenClaw skills, Model Context Protocol (MCP) servers, ChatGPT plugins, Claude integrations, Telegram bots, OAuth flows, WebAuthn/passkey authentication, and any successor, related, or future products (collectively, the “Products”).

This Privacy Policy describes the limited categories of information we may process, the legal bases on which we rely, and your acknowledgment that you assume all risk associated with using the Service.

2.Information We Collect

We collect only the information necessary to operate the Service. Categories include:

• Account Data: email address, display name, WebAuthn public keys, authenticator metadata, device fingerprints, IP address, user-agent strings, and session tokens.
• Vault Data: encrypted ciphertext, item labels, categories, sensitivity levels (L1/L2), creation and modification timestamps, and item access logs. Plaintext values for L2 (client-encrypted) items are never observable by Rivault.
• Agent Data: API key hashes (argon2), agent identifiers, request metadata, rate-limit counters, OAuth tokens, and authorization request tokens.
• Telemetry & Logs: request paths, status codes, latency, error traces, browser console events, and crash reports.
• Billing Data: processed exclusively through third-party payment processors; we store only a customer identifier and subscription status.
• Communications: support requests, feedback, and any correspondence you transmit to us.

3.Zero-Knowledge Architecture and User Responsibility

The Service implements an envelope-encryption model whereby Level 2 (“L2”) data is encrypted client-side using your device’s Web Crypto API and a User Master Key derived from your passkey. Rivault does not possess, cannot derive, and cannot recover your decryption keys. When an agent retrieves an L2 item, the ephemeral keypair used to decrypt the response is generated and held on your device — either by the Rivault desktop application, which manages it transparently, or by your agent runtime when you supply a public key directly. Rivault’s servers never possess this key, never observe the decrypted plaintext, and never participate in the decryption. You are solely responsible for the security of your authenticator devices, recovery phrases, biometric credentials, and any backups thereof. If you lose access to your authenticator, your data will be permanently and irrevocably unrecoverable, and Rivault shall bear no responsibility, obligation, or liability whatsoever for such loss.

Local encrypted-at-rest cache. Solely to enable deterministic redaction of released vault values from agent transcripts across daemon restarts, the Rivault desktop application maintains a short-lived (one hour) SQLite cache of recently retrieved plaintext values, encrypted under a per-installation key held by macOS Keychain. This cache resides exclusively on your device, is never transmitted to Rivault, is automatically purged when the time-to-live elapses, and is inaccessible to any process running as a different operating-system user. You may disable the desktop application at any time; doing so eliminates this cache at the cost of disabling local transcript redaction.

Level 1 (“L1”) data is encrypted server-side under our custodial key. By electing to store data at L1, you expressly acknowledge and consent to the risk that, in the event of unauthorized access to our servers, such data may be exposed, and you waive any claim against Rivault arising therefrom to the maximum extent permitted by law.

4.AI Agent Access and Autonomous Action

The Service is designed to be invoked by autonomous and semi-autonomous artificial intelligence agents, including but not limited to large language models, retrieval-augmented systems, and third-party agentic frameworks. You acknowledge that:

• AI agents may behave unpredictably, hallucinate, leak secrets into logs or memory, retain plaintext beyond intended scope, transmit data to third-party model providers, or otherwise act contrary to instructions;
• You are solely responsible for vetting any agent or platform you authorize to access your vault and for the consequences of authorizations granted via Face ID, passkey, or any other authentication factor;
• Rivault makes no representation regarding the security, reliability, accuracy, confidentiality practices, or data handling of any third-party AI platform (including OpenAI, Anthropic, Telegram, or others) and disclaims all liability for their acts or omissions;
• Any data redaction, memory wiping, or post-task scrubbing performed by an agent platform is outside Rivault’s control and is not warranted by us.

5.How We Use Information

We process the categories of information described above solely to: (a) operate, maintain, and improve the Service; (b) authenticate users and authorize agent requests; (c) detect, investigate, and prevent fraud, abuse, and security incidents; (d) comply with legal obligations and lawful requests from governmental authorities; (e) enforce our Terms of Service; and (f) communicate with you regarding the Service.

6.Sharing and Disclosure

We may disclose information to: (a) service providers (hosting, payment processing, error monitoring, analytics) bound by contractual confidentiality obligations; (b) governmental, law enforcement, or regulatory authorities pursuant to subpoena, court order, or other legal process, without notice to you where prohibited by law; (c) any successor entity in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or substantially all of our assets; and (d) third parties with your consent.

7.Data Security: No Warranty

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect information processed by the Service. However, no method of transmission over the internet, method of electronic storage, or cryptographic system is one-hundred-percent secure. Rivault expressly disclaims any and all warranties, express or implied, regarding the security, integrity, or confidentiality of any data processed by the Service.

7.1 No Liability for Data Breaches, Leaks, or Hacking

To the maximum extent permitted by applicable law, you expressly acknowledge, agree, and covenant that Rivault, its affiliates, officers, directors, employees, contractors, agents, investors, licensors, and successors (collectively, the “Rivault Parties”) shall not be liable for, and you hereby irrevocably waive and release any and all claims arising out of or relating to:

1. any unauthorized access, intrusion, exfiltration, decryption, ransomware event, supply-chain compromise, or other security breach affecting Rivault systems or any third-party system used in connection with the Service;
2. any leak, disclosure, publication, or sale of your data, whether on the open internet, dark web, paste sites, or otherwise;
3. any zero-day vulnerability, cryptographic weakness, side-channel attack, quantum-computing attack, or future cryptanalytic advance that compromises the Service;
4. any phishing, social engineering, SIM swap, account takeover, or credential stuffing affecting you or your authenticators;
5. any malicious, negligent, or erroneous action by an AI agent, third-party platform, browser extension, operating system, or device you authorize to access the Service;
6. any loss, deletion, corruption, or unavailability of your data, including loss arising from your own loss of authentication credentials.

8.Disclaimer of Warranties

The Service is provided on an “AS IS,” “AS AVAILABLE,” and “WITH ALL FAULTS” basis. The Rivault Parties disclaim all warranties, express, implied, statutory, or otherwise, including without limitation all warranties of merchantability, fitness for a particular purpose, non-infringement, title, accuracy, reliability, availability, or any warranty arising from course of dealing or usage of trade. No advice or information obtained from Rivault, whether oral or written, shall create any warranty not expressly stated herein.

9.Limitation of Liability

To the maximum extent permitted by applicable law, in no event shall the aggregate liability of the Rivault Parties arising out of or relating to this Privacy Policy, the Service, or your use thereof exceed the greater of (i) the amounts you paid to Rivault in the three (3) months preceding the event giving rise to the claim, or (ii) one hundred U.S. dollars (US$100.00).

In no event shall the Rivault Parties be liable for any indirect, incidental, special, consequential, exemplary, punitive, or enhanced damages, including without limitation damages for loss of profits, revenue, goodwill, use, data, or other intangible losses, even if advised of the possibility of such damages and regardless of the theory of liability (contract, tort, strict liability, statute, or otherwise).

These limitations apply even if any limited remedy fails of its essential purpose. The parties acknowledge that the pricing and provision of the Service reflect this allocation of risk.

10.Indemnification

You agree to defend, indemnify, and hold harmless the Rivault Parties from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising from: (a) your use of and access to the Service; (b) your violation of any term of this Privacy Policy or our Terms of Service; (c) your violation of any third-party right, including any privacy, intellectual property, or contractual right; (d) any content or data you submit, store, or transmit via the Service; (e) any action taken by an AI agent or third-party application you authorize; and (f) any breach of your authentication credentials.

11.Assumption of Risk

You acknowledge that storing sensitive credentials in any electronic system carries inherent risk. By using the Service, you knowingly and voluntarily assume all such risk. You represent that you have evaluated the Service’s architecture and security model and have determined it suitable for your needs, and you agree not to assert any claim that the Service is unsuitable, defective, or unfit for purpose.

12.Force Majeure

The Rivault Parties shall not be liable for any failure or delay in performance arising from causes beyond their reasonable control, including but not limited to acts of God, war, terrorism, riot, embargoes, civil or military authority, fire, flood, earthquake, pandemic, epidemic, accident, strike, shortage of supply, internet or telecommunications failure, denial-of-service attacks, nation-state attacks, or governmental action.

13.Third-Party Services and Links

The Service may interoperate with or contain links to third-party websites, applications, or services not operated by Rivault, including but not limited to Anthropic, OpenAI, Telegram, GitHub, hosting providers, payment processors, and identity providers. Rivault has no control over and assumes no responsibility for the content, privacy practices, or data handling of any third party. Your use of any third-party service is at your sole risk.

14.Children’s Privacy

The Service is not directed to children under the age of 13 (or under 16 in the European Economic Area), and we do not knowingly collect personal information from such individuals. If we learn that we have collected information from a child without verifiable parental consent, we will delete it.

15.International Users and Cross-Border Transfers

The Service is operated from the United States. By using the Service, you consent to the transfer, processing, and storage of your information in the United States and any other jurisdiction in which Rivault or its service providers operate, which may have data-protection laws different from those of your country. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms to transfer personal data internationally.

16.Your Rights

Subject to applicable law, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to processing or withdraw consent. You may exercise these rights by contacting us at the address below. Note that requests requiring decryption of L2 data are technically impossible for Rivault to fulfill, as we do not hold the decryption keys. Where applicable, you also have the right to lodge a complaint with a supervisory authority.

17.Data Retention

We retain information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Encrypted vault data is retained until you delete it; deletion is irreversible. Logs and telemetry are retained for up to twenty-four (24) months. We may retain anonymized or aggregated information indefinitely.

18.Changes to This Policy

We may update this Privacy Policy at any time, in our sole discretion, by posting a revised version with a new “Last Updated” date. Your continued use of the Service after the effective date of any revision constitutes your binding acceptance of the revised Policy. We are under no obligation to provide individual notice of changes.

19.Governing Law; Venue

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, U.S.A., without regard to its conflict-of-laws principles. The exclusive venue for any judicial proceeding permitted under Section 20 shall be the state and federal courts located in Wilmington, Delaware, and you irrevocably consent to personal jurisdiction therein.

20.Binding Arbitration; Class Action Waiver

Any dispute, claim, or controversy arising out of or relating to this Privacy Policy or the Service shall be resolved exclusively through final and binding arbitration administered by JAMS pursuant to its Streamlined Arbitration Rules, conducted in Wilmington, Delaware, in the English language, by a single arbitrator. You and Rivault each waive any right to a jury trial and any right to participate in a class, collective, or representative action. This Section does not prevent either party from seeking injunctive relief in a court of competent jurisdiction to protect its intellectual property or confidential information.

21.Severability and Entire Agreement

If any provision of this Privacy Policy is held invalid or unenforceable, the remaining provisions shall remain in full force and effect, and the invalid provision shall be reformed to the minimum extent necessary to render it enforceable. This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and Rivault regarding the subject matter hereof and supersedes all prior agreements.

22.Contact

Questions regarding this Privacy Policy may be directed to: