Plain language. No legalese.

1. Acceptance

By installing the Content Vault Shopify app, you agree to these Terms of Service and our Privacy Policy. If you don't agree, don't install the app.

2. Account & installation

Content Vault is installed via the Shopify App Store. Your account is tied to your Shopify store. You're responsible for the content you upload and the access rules you configure.

• You must own or have the right to distribute the content you upload.
• You must comply with Shopify's Acceptable Use Policy.
• You must not use the app to distribute illegal, infringing, or harmful content.

3. Fees & billing

Paid plans bill monthly through Shopify. Transaction fees apply on successful subscription charges, at the rate listed on the pricing page. All fees are in USD.

Failed payments on your Content Vault subscription (to us) are retried for 14 days. Persistent non-payment may result in account suspension.

4. Your content

You retain all ownership of content you upload. We store it to deliver it to your subscribers on your behalf. We never sell, repurpose, train AI on, or otherwise exploit your content.

If you uninstall the app, we delete your content within 30 days unless you request earlier deletion or a data export.

5. Storage & bandwidth

Each plan includes a storage quota (1 / 10 / 150 / 500 GB). Bandwidth is unlimited on every plan for reasonable use — we reserve the right to investigate patterns consistent with abuse.

6. Limitations of liability

Content Vault is provided "as is." We target 99.9% uptime but don't guarantee uninterrupted service. Our total liability is capped at the fees you paid in the preceding 12 months.

7. Termination

You can uninstall Content Vault from your Shopify admin at any time. We may terminate accounts that violate these terms, usually with 30 days' notice (or immediately for severe violations).

8. Changes

We may update these terms. Material changes are announced by email at least 30 days before they take effect.

9. Governing law

These terms are governed by the laws of the State of Ohio, USA. Disputes are resolved in Cuyahoga County, Ohio state or federal courts.

Content Vault LLC · 675 Alpha Drive, Ste E, Highland Heights, OH 44143, USA · legal@contentvaultapp.com

1. Who we are

Content Vault is a Shopify application that lets merchants run subscription-based digital product offerings — ebooks, video, audio, software, and other files. Our website is https://contentvaultapp.com. Privacy is a core commitment, not an afterthought.

2. Data we collect

From merchants. When you install the app we collect your store URL, owner contact information, the digital files you upload along with their metadata, customer emails paired with subscription activity, usage metrics, billing information, and your application settings.

From website visitors. Comment submissions capture name, email, website, IP address, and browser user-agent. Image uploads can expose location metadata through EXIF GPS data embedded in files — strip it before uploading if that concerns you.

3. Cookies

Three cookie categories are used:

• Comment cookies — one-year retention for the comment form
• Login cookies — session maintenance while you're signed in
• Functional cookies — interface usage tracking

You can disable cookies in your browser, though some functionality may degrade.

4. Embedded content from other websites

External embedded materials behave as though you visited the source website directly. Third-party sites may conduct independent data collection and tracking. Review their respective privacy statements for details.

5. Purpose of data collection

We use the data we collect for:

• App access security
• Delivering customer content aligned with subscription permissions
• Download and interaction analytics
• Performance optimization
• Communication regarding subscriptions and product updates

6. Who we share your data with

We do not sell or trade your personal or customer data. Limited sharing happens with:

• Shopify — for platform compliance
• Service providers — email delivery, cloud storage
• Analytics tools — anonymized usage metrics
• Legal authorities — only when legally mandated

7. File confidentiality

Merchant-uploaded content remains your property. We do not share, replicate, distribute, or use your uploaded files for any commercial or non-commercial purpose. The sole exception is technical support access, when you've explicitly asked us to look at a file.

8. How long we retain your data

• Files — kept while the subscription is active or until you delete them
• Customer data — download logs and access records persist through the subscription lifecycle
• Website comments and form submissions — stored indefinitely unless you ask us to remove them

9. Your data rights

You can request data exports or deletion. Exceptions apply for legally-mandated, billing-related, or support-essential information. Reach us at legal@contentvaultapp.com to make a request.

10. Where your data is sent

Processing may happen across international jurisdictions. We use protective measures including encryption, secure data centers, and standard contractual clauses to ensure consistent protection wherever your data lives.

11. Data security

We use secure encryption, access restrictions, and continuous monitoring. Absolute security is impossible — we acknowledge that openly. If a breach occurs, we notify affected users within 72 hours per legal requirements.

12. Legal basis for data processing

Four foundations support how we handle your data:

• Consent — for communications and cookies
• Contractual obligations — for delivering the service you signed up for
• Legitimate interests — for functionality and product improvements
• Legal compliance — for billing, taxation, and regulatory requirements

13. Data breach response

If a breach happens we follow this protocol:

• Scope assessment and impact mitigation
• User notification within 72 hours when materially impacting users
• Disclosure of the breach nature alongside the corrective measures we've taken

14. Third-party analytics

We use Google Analytics and Microsoft Clarity to gather anonymized metrics: session length, device information, page interactions. Reference each provider's policy for the complete details:

• Google Analytics privacy policy
• Microsoft Clarity privacy policy

15. Contact

Questions about this policy go to legal@contentvaultapp.com.

What are cookies?

Cookies are small text files stored by your browser. They let websites remember things — like whether you're signed in.

What we use

Content Vault uses only strictly necessary cookies:

• Session cookies for the EmDash admin sign-in (expire when you close the browser)
• CSRF tokens to protect form submissions
• Theme preference (light/dark) — stored locally, never sent to us

That's it. No advertising, no analytics tracking, no third-party pixels.

What we don't use

• Google Analytics
• Facebook Pixel
• Advertising network cookies
• Cross-site tracking
• Browser fingerprinting

Your control

You can clear cookies anytime through your browser settings. Doing so will sign you out of the admin and reset your theme preference. The site will continue to work normally.

Updates

If we ever add a non-essential cookie (e.g., for opt-in product analytics), we'll show a clear consent prompt before setting it.

Content Vault LLC · 675 Alpha Drive, Ste E, Highland Heights, OH 44143, USA · privacy@contentvaultapp.com

1. Roles

When you (the merchant) use Content Vault to deliver content to your subscribers:

• You are the Data Controller — you decide what data is collected and why
• Content Vault is the Data Processor — we process data on your instructions

2. Scope

This DPA covers personal data we process on your behalf, including subscriber email addresses, Shopify customer IDs, and access logs.

3. Processing instructions

We process personal data only to:

• Deliver subscription content as configured by you
• Generate the access logs you can view in the admin
• Send transactional emails to subscribers when you enable them
• Comply with legal obligations

We will not process personal data for any other purpose without your written instruction.

4. Sub-processors

We use the following sub-processors. Each is bound by data-protection terms equivalent to or stricter than this DPA:

• AWS (us-east-1) — content storage, compute
• Cloudflare — CDN, DDoS protection
• Stripe — our SaaS billing (does not process subscriber data)
• Postmark — transactional email

We will give you 30 days' notice before adding a new sub-processor that processes subscriber data.

5. Security

We maintain technical and organizational measures appropriate to the risk:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Access controls, audit logging, and least-privilege internal permissions
• Regular vulnerability scans and a coordinated disclosure program

6. Subject rights

You can fulfill data subject requests (access, rectification, deletion, portability) using the EmDash admin. For requests requiring deeper system access, email dpo@contentvaultapp.com and we will assist within 30 days.

7. Data breaches

We will notify you within 72 hours of becoming aware of a personal data breach affecting your subscribers, with the information you need to meet your own GDPR Article 33 obligations.

8. Data location

Personal data is stored in AWS us-east-1 (Northern Virginia, USA). For EU customers, we offer Standard Contractual Clauses on request — contact dpo@contentvaultapp.com.

9. Termination

On termination of your subscription, we delete personal data processed on your behalf within 30 days. You can request earlier deletion or a full export at any time.

10. Audit

You may audit our compliance with this DPA once per calendar year, at your expense, with 30 days' notice and on terms protecting our other customers' confidentiality. We can also provide our SOC 2 report once available (Q3 2026).

Content Vault LLC · 675 Alpha Drive, Ste E, Highland Heights, OH 44143, USA · dpo@contentvaultapp.com