How SubVault stores and protects your data. The short version, then the details.
What SubVault stores
SubVault stores extracted knowledge, not raw conversations. When you vault a chat, the AI tool extracts structured items and sends those:
Facts — "Auth uses JWT with 15-minute access tokens."
Decisions — "Chose Postgres over MongoDB for relational integrity."
People — "Sarah owns frontend; reports to Lisa."
Action items — "Update billing webhook before Friday."
What we do not store:
Raw conversation transcripts
Full email threads or document text
Passwords, API keys, or credentials
Credit-card numbers or financial-account data
The extraction step is itself a form of structural anonymization. Even with database access, what's there are distilled statements — not reconstructable conversations.
Data flow
You ↔ Claude / Cursor / Copilot (your AI tool)↓
You say "vault this"↓
AI extracts facts, decisions, entities
↓
Items sent to SubVault over HTTPS↓
Stored in your personal vault database↓
You say "remember" in a new session
↓
SubVault returns relevant context over HTTPS
SubVault never sees the full conversation. The AI tool performs the extraction and sends only the structured output.
Encryption
In transit
TLS 1.2+ for all traffic. HSTS enforced. HTTP redirects to HTTPS.
At rest
Database files protected by filesystem permissions on encrypted storage.
Secrets
All application secrets are injected at runtime. No plaintext secrets on disk.
API keys
Hashed before storage. Plaintext keys are never retained.
Data isolation
Each customer's vault is a separate database file. There are no shared tables and no row-level multi-tenancy. Deleting a customer's data is a single file operation, not a DELETE against a shared table.
Logical isolation
No shared database. No risk of cross-tenant leakage through a query.
Clean deletion
Delete a customer = delete one file. Backup copies are purged within the retention cycle.
Authentication & access
API key (bearer token) generated with cryptographically secure randomness
Keys can be regenerated; old key invalidated immediately
Per-IP rate limiting on auth endpoints
Production access via private network only, key-based authentication, no root login, no shared accounts
Prompt-injection protection
Every item leaving the vault is sanitized before it can enter an AI context window. Known prompt-injection patterns — instructions to override prior context, attempts to redefine system behavior, hidden code blocks, context-boundary manipulation — are detected and stripped.
Data retention
Your vault persists for the life of your account.
Backups are retained for 30 days, then purged automatically.
Server logs are retained up to 90 days for security monitoring. They do not contain vault content.
Compliance
SubVault is built around data minimization, customer-controlled deletion, and EU residency.
GDPR — data minimization by design; rights to access, export, and deletion honored
CCPA / CPRA — no sale of personal information; deletion rights honored
EU residency — customer vault data is stored on EU-based infrastructure and is not transferred outside the EU
SubVault is not designed for protected health information (HIPAA). Independent certifications are not in place at this time.
Reporting a vulnerability
Email info@subvault.ai with a description, reproduction steps, and any proof-of-concept. We'll acknowledge within two business days.
Questions
For any security, privacy, or compliance question, email info@subvault.ai.