ViralVault Privacy Policy
Effective date: June 15, 2026
This Privacy Policy explains how Mo Sharif ("ViralVault," "we," "us," or "our") handles personal information in connection with ViralVault.tech (the "Service") — a free daily AI and tech news briefing, published twice a day and also released as video.
We built ViralVault to be light on data. We collect the minimum needed to send you the briefing and, if you choose, to manage a PRO subscription. We do not sell your personal data, we do not run third-party ad networks, and we do not use third-party analytics or marketing/tracking cookies.
1. What we collect and how
We only collect what we need to run the briefing.
| Data | When / how it's collected | Why |
|---|---|---|
| Email address | When you enter it in our signup form | To send you the daily briefing newsletter |
| Subscription plan | When you start or change a plan (e.g., free vs. PRO) | To know which tier you're on |
| Edition count | Generated and incremented by us as we send you editions (this is something we track, not data we collect from you) | To apply the free-tier limit |
| Stripe customer ID (PRO only) | Created when you start a PRO subscription through Stripe checkout | To link your subscription to your account and manage billing |
We never see or store your card numbers. When you start PRO, your payment details are entered directly with Stripe, our payment processor. We do not transmit card or billing details to Stripe — Stripe collects those from you directly. The only information that passes between us and Stripe to set up your subscription is your email address and the Stripe customer ID that Stripe returns to us.
We do not collect names, phone numbers, addresses, or other profile information from free readers — just your email.
2. How we use your information
We use the information above to:
- Send the daily briefing to your email address (the morning and evening editions).
- Apply the free tier limit. The free tier includes 5 editions; after that, a PRO subscription is required to keep receiving the briefing. We use your edition count to apply this.
- Manage your PRO subscription — start and maintain your $5/month recurring subscription via Stripe, and, when you cancel, stop future billing.
- Respond to your requests, such as unsubscribe, data access, correction, or deletion requests.
We do not use your data for advertising, profiling for ads, or sale to third parties.
3. Legal bases for processing (GDPR)
If you are in the EU or UK, we rely on the following legal bases under the GDPR:
- Consent — for sending you the newsletter. You give consent by affirmatively opting in when you sign up (we do not use pre-checked boxes or assume consent), and you can withdraw it at any time using the one-click unsubscribe link in every email.
- Contract — for processing a PRO subscription. When you subscribe to PRO, we process your email and Stripe customer ID to provide the service you've paid for.
- Legal obligation — where we must retain certain records (for example, to comply with tax or accounting rules related to payments).
4. Who we share data with (subprocessors)
To operate the Service, we rely on a small set of trusted service providers. Each receives only the data necessary for its specific function. We do not sell your data to anyone. Our current subprocessors are:
- Resend — sends our emails and stores our contact list (your email address) for delivery.
- Supabase — our database; stores subscriber records (email, plan, edition count).
- Stripe — processes PRO payments. You enter your card details directly with Stripe; we only pass your email and receive a Stripe customer ID, and we never see or store card or billing details ourselves.
- Vercel — hosts the website and serves the Service.
- GitHub (GitHub Actions) — runs our build and publishing automation.
Each provider is bound by its own data-protection terms.
5. Data retention
- We keep your email address and subscriber record for as long as you are subscribed.
- If you unsubscribe or ask us to delete your data, we remove your record from our database (Supabase) and our contact list (Resend), except where we must keep limited information to comply with the law (for example, payment records required for tax purposes).
- Payment-related records held by Stripe are retained according to Stripe's policies and applicable financial-record laws.
6. Security
We take reasonable technical and organizational measures to protect your information, including using reputable infrastructure providers (Supabase, Stripe, Vercel, Resend, and GitHub) that maintain industry-standard security. Card payments are handled entirely by Stripe, a PCI-compliant processor — we never handle card data ourselves. No method of transmission or storage is 100% secure, but we work to protect your information and limit what we collect in the first place.
7. Cookies and tracking
We keep this simple: we use only essential/functional technology needed to run the Service.
- We do not use third-party analytics.
- We do not use advertising or marketing/tracking cookies.
- We do not run third-party ad networks or sell data to data brokers.
Any cookies or similar storage we use are strictly to make the website and your session work as intended.
8. Your rights
You have control over your information.
- Unsubscribe anytime — every email includes a one-click unsubscribe link. Unsubscribing stops the briefing emails.
- Access — you can ask us for a copy of the personal data we hold about you.
- Deletion — you can ask us to delete your data, subject to the legal-retention exceptions noted above.
- Correction — you can ask us to correct inaccurate information.
To exercise any of these rights, contact us at privacy@viralvault.tech.
EU / UK users (GDPR)
If you are in the EU or UK, you also have the rights to: access, rectification, erasure, restriction of processing, data portability, and objection to processing. You may withdraw consent at any time (e.g., by unsubscribing), and you have the right to lodge a complaint with your local data protection authority.
California users (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect.
- Delete the personal information we hold about you.
- Correct inaccurate personal information we hold about you.
- Non-discrimination for exercising your privacy rights.
We do not sell your personal data, and we do not share it for cross-context behavioral advertising. We do not collect sensitive personal information, so there is no use of sensitive personal information to limit.
Do Not Track / Global Privacy Control (GPC). Because we do not sell or share personal information (as those terms are defined under the CCPA/CPRA), we have nothing to opt you out of, and opt-out preference signals such as GPC or Do Not Track require no action on our part. We do not engage in selling or sharing regardless of any signal.
To make a request, contact us at privacy@viralvault.tech.
9. PRO subscriptions and billing
PRO is a $5/month recurring subscription billed by Stripe. You can cancel anytime — cancelling stops future billing. Subscriptions are managed through Stripe; we never see or store your card details, only your Stripe customer ID.
10. International data transfers
We operate from the United States (Colorado) (see also our address at 320 North Meade Avenue, Colorado Springs, CO 80909, USA), and our service providers may process data in countries other than your own (for example, in the United States). Where personal data is transferred internationally, we rely on our providers' appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) to protect your information consistent with applicable law.
11. Children
ViralVault is not directed to children. We do not knowingly collect personal information from anyone under 13 (or under 16 in the EU). If you believe a child has provided us with personal information, please contact us at privacy@viralvault.tech and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" above and, where appropriate, notify subscribers by email. Your continued use of the Service after an update means you accept the revised policy.
13. Contact us
If you have any questions or requests regarding this policy or your data, contact us at:
- Email: privacy@viralvault.tech
- Entity: Mo Sharif
- Address: 320 North Meade Avenue, Colorado Springs, CO 80909, USA