CoraleVault CoraleVault - Free Open Source Password Manager v2025.11.6

Privacy Policy

Privacy Policy for CoraleVault - How we handle your data

Privacy Policy

Last Updated: November 4, 2025

Overview

CoraleVault is designed with privacy as a core principle. This Privacy Policy explains what data is collected, how it’s used, and your rights regarding your information.

The short version: CoraleVault stores all your passwords locally on your device. We don’t have access to your passwords, we don’t sync them to the cloud, and we can’t recover them if you forget your master password.

1. Information Collection and Use

1.1 The CoraleVault Application

What the application collects: NOTHING.

  • Your passwords are stored encrypted on your local device only
  • Your master password is never transmitted, stored, or recoverable by us
  • No telemetry, analytics, or usage tracking
  • No accounts, registration, or authentication with our servers
  • No network connections are made by the application
  • Your data never leaves your computer

The application is completely offline and local-only.

1.2 The CoraleVault Website (coralevault.com)

What the website collects:

Automatically Collected Information

When you visit coralevault.com, our hosting provider (Cloudflare Pages) may automatically collect:

  • IP address - For security and analytics
  • Browser type and version - For compatibility
  • Operating system - For download recommendations
  • Pages visited - To understand which pages are most useful
  • Referral source - How you found our website
  • Date and time of visit - For traffic analysis

This information is collected by Cloudflare and is subject to Cloudflare’s Privacy Policy.

Information You Provide

  • Email address - Only if you contact us for support (at dev@coralesoft.nz)
  • Bug reports - If you submit issues on GitHub
  • Feedback - If you participate in discussions on GitHub

We do not:

  • Require account creation to download or use CoraleVault
  • Collect payment information (the software is free)
  • Track you across other websites
  • Sell or rent your personal information
  • Use your information for advertising

2. Cookies and Tracking Technologies

2.1 Cookies We Use

The coralevault.com website uses minimal cookies:

  • Essential cookies - Required for website functionality (e.g., remembering your preferred language)
  • Analytics cookies - To understand how visitors use our website (via Cloudflare Analytics)

We do not use:

  • Advertising cookies
  • Social media tracking cookies
  • Third-party tracking pixels

You can disable cookies in your browser settings. This may affect website functionality but will not affect the CoraleVault application itself.

3. How We Use Your Information

3.1 Website Analytics

We use Cloudflare Analytics to understand:

  • How many people visit our website
  • Which pages are most popular
  • Which download links are used most
  • Where visitors come from

This helps us improve the website and focus development on features users want.

3.2 Support and Communication

If you contact us via email (dev@coralesoft.nz), we use your email address to:

  • Respond to your inquiries
  • Provide technical support
  • Notify you about security issues (if you opt-in)

We will never:

  • Send marketing emails without your explicit consent
  • Share your email with third parties
  • Add you to mailing lists without permission

3.3 GitHub

If you interact with us on GitHub (issues, discussions, pull requests), your information is governed by GitHub’s Privacy Statement.

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties. Period.

4.2 Service Providers

We use the following third-party services:

ServicePurposeData SharedPrivacy Policy
Cloudflare PagesWebsite hostingIP address, browser info, pages visitedCloudflare Privacy
GitHubCode hosting, issues, discussionsUsername, contributionsGitHub Privacy

We may disclose information if required by law, such as:

  • To comply with a subpoena or court order
  • To protect our rights or property
  • To prevent fraud or illegal activity
  • To protect the safety of users or the public

We will notify you if legally permitted to do so.

5. Data Security

5.1 Application Data Security

Your passwords in CoraleVault are protected by:

  • AES-256 encryption - Military-grade encryption
  • PBKDF2 key derivation - 600,000+ iterations
  • HMAC-SHA256 authentication - Prevents tampering
  • Local storage only - No cloud, no servers

The security of your passwords depends on:

  • The strength of your master password
  • The security of your device
  • Your backup practices

We cannot access, recover, or reset your passwords. If you forget your master password, your data is permanently unrecoverable.

5.2 Website Security

The coralevault.com website uses:

  • HTTPS encryption - For all connections
  • Cloudflare DDoS protection - Against attacks
  • Security headers - To prevent common web vulnerabilities

6. Data Retention

6.1 Application Data

Your encrypted passwords are stored only on your device. We have no copies and no backups. You control retention by:

  • Keeping or deleting your vault file
  • Creating your own backups
  • Uninstalling the application

6.2 Website Logs

Cloudflare retains website logs for up to 30 days for security and analytics purposes.

6.3 Support Emails

If you email us, we retain your messages for up to 2 years to provide support and improve our product. You can request deletion at any time.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 European Union (GDPR)

If you’re in the EU, you have the right to:

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate personal data
  • Erasure - Request deletion of your personal data (“right to be forgotten”)
  • Restriction - Limit how we use your personal data
  • Portability - Receive your data in a machine-readable format
  • Objection - Object to processing of your personal data
  • Withdraw consent - At any time

7.2 California (CCPA)

If you’re in California, you have the right to:

  • Know what personal information is collected
  • Know if personal information is sold or disclosed
  • Opt-out of the sale of personal information (we don’t sell data)
  • Request deletion of personal information
  • Non-discrimination for exercising your rights

7.3 Other Jurisdictions

We respect privacy rights regardless of location. Contact us to exercise your rights.

7.4 How to Exercise Your Rights

To exercise any of these rights, email us at dev@coralesoft.nz with:

  • Your request
  • Your email address
  • Proof of identity (if necessary)

We will respond within 30 days.

8. Children’s Privacy

CoraleVault is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at dev@coralesoft.nz and we will delete it.

9. International Data Transfers

Our website is hosted by Cloudflare, which operates globally. Your data may be transferred to and stored in countries outside your own, including the United States.

For EU users, Cloudflare complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and uses Standard Contractual Clauses.

Remember: Your passwords never leave your device, so they are never subject to international transfer.

Our website may contain links to third-party websites (e.g., GitHub, Cloudflare). We are not responsible for the privacy practices of these websites. Please review their privacy policies.

11. Open Source and Transparency

CoraleVault is open source (GPL v3). You can:

  • Review the source code on GitHub
  • Verify that the application doesn’t collect or transmit data
  • Audit the security yourself or hire someone to audit it
  • Modify the code to suit your needs

Transparency is a core value. If you have questions about our privacy practices, please ask.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date.

Material changes will be prominently announced:

  • On the website homepage
  • Via email (if you’ve contacted us)
  • In the application release notes

Continued use of CoraleVault after changes indicates acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: dev@coralesoft.nz GitHub: https://github.com/Coralesoft/CoraleVault/issues Website: https://coralevault.com

Mailing Address: Coralesoft New Zealand

14. Summary

What we collect:

  • Website analytics (via Cloudflare)
  • Support emails (if you contact us)

What we DON’T collect:

  • Your passwords
  • Your master password
  • Application usage data
  • Personal information (unless you provide it)

Your rights:

  • Access your data
  • Delete your data
  • Opt-out of analytics
  • Contact us with concerns

Our commitment:

  • We don’t sell your data
  • We don’t share your data (except with service providers)
  • We’re transparent and open source
  • Your privacy is our priority

This privacy policy was written to be clear and understandable. If you have suggestions for improvement, please let us know.