Privacy Policy

Author Vault (“we,” “us,” or “our”) operates author-vault.com and related services (the “Platform”). We are committed to protecting the privacy and security of our users — the writers, songwriters, and ministry leaders who trust us with their creative work.

This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the rights you have over it. By accessing or using Author Vault, you agree to this policy.

Questions? Contact us at privacy@author-vault.com at any time.

Information You Provide Directly

• Account registration: Full name, email address, password (stored as a secure hash), and chosen platform role (Wordsmith, Songsmith, or PulpitSmith).
• Profile information: Display name, profile photo, biography, location, website URL, and church or organisation affiliation where applicable.
• Creative content: Posts, writings, songs, lyrics, audio files, sermons, devotionals, prayers, cover images, and attached documents you upload and publish.
• Payment information: When upgrading to a paid plan, billing details are collected directly by Stripe and/or PayPal. We do not store full card numbers or PayPal credentials on our servers.
• Communications: Messages sent via our contact form, support requests, or email correspondence.

Information Collected Automatically

• Log data: IP address, browser type and version, operating system, referring URLs, pages visited, and time of access.
• Device information: Device type, unique device identifiers, and mobile network information.
• Usage data: Features used, content viewed, share actions taken, and interaction patterns within the Platform.
• Cookies: Session cookies, authentication tokens, and preference data. See Section 6 for full details.

Information from Third Parties

• Payment processors: Stripe and PayPal share transaction confirmation, subscription status, and billing cycle data to activate or manage your plan.
• Analytics providers: Aggregated, anonymised usage statistics from services such as Google Analytics.

• Providing the service: Creating and managing your account, hosting your published content, and making it accessible to you and your audience.
• Processing payments: Verifying subscriptions, activating paid plan features, managing renewals, and processing cancellations through Stripe and PayPal.
• Communicating with you: Sending transactional emails (account confirmation, password reset, payment receipts) and responding to support requests.
• Platform security: Detecting and preventing fraud, abuse, unauthorised access, and violations of our Terms of Service.
• Improving the Platform: Understanding how features are used to improve user experience, fix bugs, and develop new functionality.
• Legal compliance: Meeting obligations under applicable law, including tax reporting, fraud prevention, and responding to lawful authority requests.

Author Vault accepts subscription payments via Stripe and PayPal. Both are PCI-DSS compliant, industry-leading payment processors.

What We Store

• Your chosen plan level (Starter, Creator Pro, Advanced Pro+)
• Subscription status and expiry timestamp
• Stripe Customer ID and/or Stripe Subscription ID
• PayPal Subscription ID (where applicable)
• Payment method indicator (Stripe or PayPal — not card details)
• Date and status of last payment attempt

What We Do NOT Store

• Full credit or debit card numbers
• Card CVV / security codes
• PayPal login credentials or linked bank account details
• Billing addresses (held by Stripe/PayPal per their policies)

Stripe’s Data Practices

When paying via Stripe, your payment information is governed by Stripe’s Privacy Policy at stripe.com/privacy. Stripe is certified as a PCI Service Provider Level 1 — the highest level of certification in the payments industry.

PayPal’s Data Practices

When paying via PayPal, your payment information is governed by PayPal’s Privacy Statement at paypal.com/privacy.

Subscription Renewals & Webhooks

Stripe and PayPal notify us automatically via secure webhooks when subscriptions are renewed, cancelled, or payment fails. We use these notifications to update your plan status. No raw financial data is transmitted in these webhooks — only event types and identifiers.

We use a limited number of third-party services, each selected for their strong privacy and security practices.

We do not share your data with any advertising networks, data brokers, or marketing platforms.

Essential Cookies (Always Active)

• Session cookies: Authenticate your login and keep you signed in. Expire when you close your browser.
• Security tokens: Protect against CSRF attacks on form submissions.
• Preference cookies: Remember your dashboard settings and platform preferences.

Analytics Cookies (Optional)

• Google Analytics: Anonymised cookies that help us understand traffic patterns. No personally identifiable information is included. IP addresses are anonymised before storage.

Payment Cookies

• Stripe & PayPal: When you visit their hosted checkout pages, these processors may set their own cookies, governed by their respective privacy policies.

You can control cookies through your browser settings. Disabling essential cookies may prevent login or use of core Platform features.

Your data is stored on servers located in the United States. We implement industry-standard technical and organisational measures including:

• Encryption in transit: All data transmitted between your browser and our servers uses TLS (HTTPS) encryption.
• Password hashing: Passwords are never stored in plain text. We use WordPress’s salted hashing mechanism.
• Access controls: Only authorised personnel with a legitimate operational need can access user data.
• Regular backups: Your content and account data is backed up regularly to prevent accidental loss.
• Payment security: No raw payment credentials are transmitted to or stored on our servers. All payment handling is delegated to PCI-DSS certified processors.

You retain full ownership of all creative content you upload or publish on Author Vault — including writings, songs, lyrics, audio files, sermons, devotionals, prayers, and any other materials.

• We do not claim any intellectual property rights over your content.
• We do not use your content to train machine learning or AI models.
• We do not sell, license, or redistribute your content to third parties without your explicit consent.
• By publishing content, you grant us a limited, non-exclusive, royalty-free licence to display, host, and deliver that content to your intended audience as part of the Platform’s normal operation.
• You can delete your content at any time from your dashboard. Deleted content is removed from our servers within 30 days.

Depending on your location, you have the following rights over your personal data:

To exercise any of these rights, email privacy@author-vault.com. We respond within 30 days and may need to verify your identity.

GDPR (European Users)

If you are located in the EEA, UK, or Switzerland, your data is protected under the GDPR. Our legal bases for processing include:

• Contract performance: Processing necessary to provide the services you signed up for.
• Legitimate interests: Platform security, fraud prevention, and service improvement — balanced against your rights.
• Legal obligation: Compliance with applicable laws and regulations.
• Consent: Where we ask for consent (e.g., optional analytics), you may withdraw it at any time.

You have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe we have violated your rights.

CCPA (California Residents)

California residents have rights under the CCPA including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. To submit a CCPA request, email privacy@author-vault.com with “CCPA Request” in the subject line.

Author Vault is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe your child has provided us personal information, contact privacy@author-vault.com and we will delete it promptly.

• Account data: Retained for the duration of your account, plus 90 days after deletion for recovery and dispute resolution.
• Published content: Retained until you delete it, or until your account is deleted.
• Payment records: Retained for 7 years to comply with tax and financial reporting obligations.
• Server logs: Retained for 90 days for security purposes, then automatically deleted.
• Support communications: Retained for 2 years to resolve ongoing issues and improve our service.

We may update this policy from time to time. When we make material changes, we will notify you by posting a notice on the Platform, sending an email to your registered address, and updating the “Last Updated” date above. Continued use of Author Vault after changes constitutes acceptance of the updated policy.