Privacy Policy

VaultBridgeFO ("Company," "we," "us," or "our") operates the VaultBridgeFO secure document portal (the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and protect information about individuals who use the Service, including financial professionals ("Professionals") and their clients ("Clients," and together with Professionals, "Users" or "you").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, you must immediately discontinue use of the Service.

This Privacy Policy is incorporated by reference into our Terms of Service. In the event of any conflict between this Privacy Policy and the Terms of Service regarding privacy matters, this Privacy Policy controls.

We use information collected solely as necessary to:

• Create, maintain, and secure your account;
• Provide, operate, and improve the Service;
• Facilitate the assignment and permission-based sharing of documents between Clients and their authorized Professionals;
• Send transactional and administrative communications (e.g., account verification, security alerts, notifications);
• Detect, investigate, and prevent fraud, abuse, and security incidents;
• Comply with applicable legal obligations; and
• Enforce our Terms of Service and other agreements.

We do not use your information for marketing, profiling, sale to third parties, or any purpose not listed above without your explicit consent.

We implement industry-standard technical and organizational measures to protect your information, including:

• AES-256-GCM encryption of all sensitive profile fields, financial data, and questionnaire answers at rest;
• Encrypted transmission via TLS/HTTPS;
• Role-based access controls limiting data access to authorized personnel only;
• Session-based authentication with server-side validation on every request;
• Activity logging for all significant data access and modification events.

Disclaimer: No method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security and expressly disclaim liability for unauthorized access, disclosure, alteration, or destruction of your information that results from circumstances beyond our reasonable control, including but not limited to cyberattacks, zero-day exploits, insider threats, or force majeure events.

You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account.

We retain your personal information and account data for ten (10) years following the last active use of the Service, or longer if required by applicable law, regulation, or legitimate legal hold. This retention period reflects the standard recordkeeping requirements applicable to tax and financial documentation.

After the applicable retention period, data is deleted or anonymized in accordance with our internal data lifecycle procedures. Retained data remains subject to the security controls described in Section 5.

Uploaded documents and questionnaire responses are retained as long as the associated account remains active and for the retention period thereafter, subject to valid deletion requests as described in Section 7.

The Service may contain references or links to third-party websites, tools, or services. This Privacy Policy does not apply to those third parties. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party service. We strongly encourage you to review the privacy policies of any third-party services you interact with.

Professionals who access Client data through the Service are independently responsible for complying with all applicable laws and professional standards governing the handling of client information, including but not limited to IRS Circular 230, applicable state bar rules, SEC regulations, FINRA rules, and any other professional or regulatory obligations. VaultBridgeFO does not supervise Professionals and assumes no responsibility for their compliance or actions with respect to Client data.

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at admin@vaultbridgefo.com and we will take prompt steps to delete it.

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated by updating the Effective Date above and, where feasible, by providing notice through the Service or via the email address associated with your account at least thirty (30) days before the change takes effect (or as required by law). Your continued use of the Service after the effective date of any change constitutes acceptance of the updated Privacy Policy. If you do not agree to a material change, you must discontinue use of the Service and request account deletion.

This Privacy Policy is governed by and construed in accordance with the laws of the Commonwealth of Virginia, without regard to its conflict of law provisions, and subject to the dispute resolution provisions in our Terms of Service.

Questions, concerns, or requests regarding this Privacy Policy should be directed to:

This Privacy Policy was last updated on March 16, 2026. Prior versions are available upon request.