No legalese gymnastics. Here's what we collect, why we collect it, and what we do with it — in plain language.
Last updated: February 12, 2026
We only collect what we need to run the service
We never sell your data to anyone
You can export or delete your data anytime
Your client files belong to you, not us
ClientVault is operated by Lasse Rafn ("we", "us", "our") — a bootstrapped, solo-founded company based in Denmark. We build white-label client portal software for freelancers and agencies.
If you have any questions about this policy, email us at [email protected]. You'll hear back from a real person.
When you sign up, we collect your name, email address, and password. If you subscribe to a paid plan, our payment processor (Stripe) handles your billing information — we never see or store your full card details.
Files, documents, tasks, comments, and any other content you add to your client portals. This content is stored securely and is only accessible to you and the clients you invite.
Basic analytics like page views, feature usage, and login times. This helps us understand which parts of the product need improvement. We don't track you across other websites.
When your clients access their portal, we collect their email address (for authentication via magic link) and basic access logs. We don't profile your clients or use their data for marketing.
We use your data to:
That's it. We don't run ads, we don't build marketing profiles, and we don't sell access to your data. Ever.
Your files are stored on Cloudflare R2, a globally distributed object storage service. Your account data is stored in a PostgreSQL database on infrastructure we manage.
Security measures we take:
We use a small number of third-party services to run ClientVault. Each one has access only to the data it needs:
Payment processing. Handles your billing info securely.
File storage (R2) and CDN. Hosts your uploaded files.
Transactional email delivery. Sends notifications and magic links.
Error tracking. Helps us catch and fix bugs quickly.
We do not share your data with advertisers, data brokers, or any other third parties not listed above.
We use cookies to keep you logged in and to remember your preferences. That's it. We don't use tracking cookies, retargeting pixels, or third-party analytics cookies.
The cookies we set are strictly functional — they're necessary for the application to work. You won't see an annoying cookie banner from us because we don't do anything that requires one.
You have full control over your data. Here's what you can do:
These rights apply regardless of where you're located — whether you're covered by GDPR, CCPA, or neither. We treat everyone the same.
We keep your data for as long as your account is active. If you cancel your subscription, your data remains accessible for 90 days so you have time to export everything. After that, it's permanently deleted.
If you request account deletion, we'll remove your data within 30 days. Some data may be retained in encrypted backups for up to 90 additional days before those backups are rotated out.
If we make meaningful changes to this privacy policy, we'll email you before they take effect. We won't bury updates in a changelog and hope you don't notice.
Minor wording tweaks (typos, formatting) may happen without notice, but the substance of the policy won't change silently.
If anything in this policy is unclear, just ask. We'd rather over-explain than leave you guessing.