Effective date: May 18, 2026 · Last updated: May 18, 2026
GuitarVault ("we," "our," or "us") is operated by Vorisek Labs. This Privacy Policy explains what information we collect when you use the GuitarVault mobile application and website (collectively, the "Service"), how we use it, and what rights you have over it.
By using GuitarVault you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.
Account information. When you create an account we collect your email address and a hashed password. You may optionally provide a display name.
Gear collection data. All data you enter into your vault — guitar and gear details, purchase price, serial numbers, photos, maintenance logs, modifications, and notes — is stored on our servers to power the app.
Photos. Photos you attach to vault items are uploaded to Cloudflare R2 object storage and associated with your account. We do not share these photos with third parties except as described in this policy.
Gig and setlist data. Gig income, setlists, venues, and related notes you enter are stored with your account.
Device and usage data. We may collect anonymous crash reports, error logs, and aggregate usage statistics (e.g., which features are used most) to improve the app. This data is not linked to your identity.
Location data. The Venue Finder feature (Ultimate plan) requests approximate device location to find nearby venues. Location is used only in the moment of your search request and is not stored or logged by us.
We do not sell your personal data. We do not use your gear collection, photos, or financial data for advertising targeting.
When you use the AI Gear Scanner, the photo you submit and a text prompt are sent to Google's Gemini Vision API for identification. Google processes this data under their own privacy policy. We transmit images through our Cloudflare Worker proxy; we do not store submitted scanner images permanently — only the identified result that you choose to save to your vault.
Google's privacy policy is available at policies.google.com/privacy.
The Venue Finder (Ultimate plan) sends a search query — which may include your approximate GPS coordinates or a city/zip code you type — to the Google Places API. Google processes this request under their own privacy policy. We cache venue results in our database to reduce repeat API calls and improve speed; cached venue data contains only publicly available business information (name, address, phone, website, hours).
If you connect your Reverb account, we store an access token that allows us to fetch your listings, sync inventory to your vault, and deliver offer/sale notifications. You can revoke this connection at any time from Settings → Linked Accounts. We do not store your Reverb password.
Subscription purchases are processed by Google Play (Android) or the Apple App Store (iOS). We use RevenueCat to manage subscription status and entitlements. We receive confirmation of your subscription tier and its validity period; we do not receive or store payment card numbers or billing details. RevenueCat's privacy policy is available at revenuecat.com/privacy.
Free-tier users may see ads served by Google AdMob. AdMob may use your advertising ID and other signals to serve relevant ads. You can opt out of personalized ads in your device settings (Android: Settings → Google → Ads; iOS: Settings → Privacy → Tracking). AdMob's privacy practices are governed by Google's privacy policy.
Your account data and gear collection are stored in Supabase, a cloud database platform hosted on AWS infrastructure. Photos are stored in Cloudflare R2 object storage. All data is encrypted in transit (TLS) and at rest.
Access to your data is protected by row-level security rules — only your authenticated account can read or modify your gear, gigs, and setlists.
No security system is perfect. We encourage you to use a strong, unique password and to enable biometric lock within the app.
We retain your data for as long as your account is active. If you delete your account (Settings → Account → Delete Account), we permanently delete your gear items, photos, gigs, setlists, and account record. This action is irreversible. Backups may retain your data for up to 30 days after deletion before being purged.
GuitarVault is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it promptly.
Depending on your location, you may have the right to:
To exercise these rights, use the in-app export and account deletion features, or contact us at the address below.
California residents have the right to know what personal information we collect and whether we sell it. We do not sell personal information. To request a disclosure of information collected, contact us at the address below.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. If changes are material, we will notify you via email or an in-app notice. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
If you have questions or concerns about this Privacy Policy, contact us at:
Vorisek Labs
Email: [email protected]