Data Protection Policy

1. Local-First Storage Architecture

Vault Track utilizes an offline-first data model. Any budget category, cost line, dealer mapping, or inventory stock transaction is immediately committed to the local device storage system. This ensures that even in remote job sites without internet connectivity, the application remains fully responsive and data is safely recorded locally first.

2. JWT Authentication & Sync Protocol

When internet connection is active, Vault Track synchronizes your local database state with our remote servers. This sync is governed by a secure RESTful API layer:

• Token Protection: All requests to synchronize data are guarded by JSON Web Tokens (JWT) stored in your device's secure keychain.
• Payload Validation: Changes are verified and validated on the backend to avoid conflicts and maintain a pristine financial ledger.
• Infrastructure: Synchronization coordinates with a secure Node.js backend linked to a hardened MongoDB database.

3. The Cascading Hard-Delete Purge

Unlike traditional platforms that retain user data for behavioral profiling or analytics:

• If you choose to delete your Vault Track profile through the Account dashboard, it triggers a cascading purge.
• All linked collections, including active workspaces, budgets, expense logs, notes, dealer histories, and stock items are permanently scrubbed from our cloud databases.
• This action is immediate, permanent, and cannot be undone. We do not keep cold-storage backups of purged accounts.

4. Password Hashing

Account passwords are encrypted before storage. Vault Track uses bcrypt (a salted, cryptographic password-hashing function) to protect credentials on the database layer. We never store raw passwords.