Vestal ← Back to home

§Legal

Privacy Policy

Vestal exists because your work with Claude disappears. Being careless with the backups would defeat the point. This page is the short, plain-English version of exactly what we collect, what we don't, and how we handle what we do.

Effective · April 20, 2026 v1.0 · Pre-launch Jurisdiction · Washington, USA

01 / Who we are

Who we are.

Vestal is a product of Tumble Road LLC, a Washington limited-liability company. When this policy says we, us, or Vestal, that's who we mean. We are not affiliated with, endorsed by, or a business partner of Anthropic PBC.

For the purposes of the GDPR, Tumble Road LLC is the data controller for information collected through getvestal.com and the Vestal applications. For California residents under the CCPA/CPRA, we are a business that does not sell or share personal information.

02 / What we collect

What we collect, and why.

We collect as little as we can get away with. Here's the complete list of what we hold. Notice one item that isn't on it: your actual backups. Those live in whatever location you designate — a local folder, or a cloud drive like OneDrive, Google Drive, or Box. We never receive them and never touch them.

What
Why
Retention
Email addressProvided by you at waitlist signup or account creation.
Send you one launch email, and operational notices if you're a customer.
Until you unsubscribe or delete your account.
Device identifierA random UUID generated locally per install.
Rate-limiting and per-device sync reconciliation.
Rotated when you reinstall or clear local data.
Payment informationHandled end-to-end by Stripe. We see last-4 and country; never full PAN.
Billing, refunds, tax compliance.
Per Stripe's retention policy; we keep only billing records required by tax law.
Operational logsIP address, user-agent, request timestamps on API calls.
Abuse prevention, debugging, security investigation.
30 days, then deleted automatically.
Crash reportsAnonymized stack traces, OS version. Opt-in; off by default.
Fix bugs that would otherwise go unreported.
90 days.

What we explicitly do not collect

  • The content of your Claude conversations, sessions, or Cowork projects — not in plaintext, not by our servers, not at any point in transit after encryption.
  • Your Vestal passphrase, or any key derived from it.
  • Advertising identifiers, fingerprinting data, or cross-site tracking signals.
  • Your location, beyond the country inferred from your IP for tax purposes.

03 / Encryption

How encryption actually works.

Marketing copy throws around "end-to-end encrypted" loosely. Here's the specific claim you are paying for:

  • Client-side encryption. Every snapshot is encrypted on your device with AES-256-GCM before any network request is made.
  • Argon2id key derivation. Your passphrase is stretched into a master key using Argon2id with parameters tuned to modern hardware. We never see the passphrase or the master key.
  • Envelope-encrypted per-snapshot keys. Each snapshot has a random data-encryption key that is wrapped by your master key. Compromising one snapshot does not compromise the others.
  • Zero-knowledge sync. When you enable sync, encrypted snapshots are written to the location you designate — a local folder, or a cloud drive like OneDrive, Google Drive, or Box — using your own credentials for that destination. Vestal is not in the network path. We never see the ciphertext, the metadata, or anything else.
  • Local-only mode. You can run Vestal entirely offline by pointing it at a local folder. Nothing ever leaves your machine.

Consequence: if you lose your passphrase, we cannot recover your backups. This is not a support-tier problem; it is a mathematical one. Write it down somewhere you will still have access to in ten years.

04 / Sub-processors

Who else touches your data.

A short, deliberate list. We add to it only when we have to, and we'll update this page when we do.

  • Formspree — processes the waitlist and contact form submissions on this site. They receive your email and the form fields you fill in.
  • HubSpot — holds email records for the waitlist, sends the one launch email, and handles transactional email (receipts, account notices).
  • Stripe — payments. Handles card data directly; we never see it.
  • GitHub (GitHub Pages) — hosts this marketing site. Sees IP addresses as part of normal request routing.

Where your backups actually live

Vestal does not operate a cloud storage service. You choose where your encrypted backups go — a local folder, or a cloud drive like OneDrive, Google Drive, or Box, using your own credentials for that destination. If you pick a cloud provider, that provider is your data processor under their own terms, not ours — Vestal is never in the network path. You can revoke Vestal's access from that provider's settings at any time, or simply move the folder somewhere else.

05 / Retention & deletion

How long we keep things.

Per-item retention is in the table above. The short version:

  • You can delete any backup at any time from inside the app, or directly from the folder you pointed Vestal at — a local directory, OneDrive, Google Drive, Box, whatever you chose. Vestal only reads and writes that folder.
  • You can delete your Vestal account from the settings screen. Because your backups live in the location you designated, deleting your account does not touch them — it only removes the minimal records we hold (email, device UUID, billing records beyond what tax law requires).
  • If you only signed up for the waitlist and never made an account, you can unsubscribe with the footer link in our one launch email and your record is purged within 30 days.

What happens if you stop paying

We don't delete your backups when a subscription lapses, because we never had them — they're in whatever location you designated. What stops is the Vestal app's ability to decrypt and restore them without an active license. The ciphertext stays exactly where it is, under your control. If you resubscribe later, everything lights back up; if you leave for good, you can either delete the files yourself or keep them as an encrypted archive that no one, including us, can read.

06 / Your rights

Your rights.

Regardless of where you live, you have the right to:

  • Know what personal data we hold about you.
  • Access it — we'll export it on request, and we'll build a one-click export in the app.
  • Correct it.
  • Delete it.
  • Object to processing, or withdraw consent where we rely on it.
  • Port your data to another service.

If you're in the EU/UK, these rights come from the GDPR/UK GDPR. If you're in California, they come from the CCPA/CPRA, and we confirm explicitly: we do not sell or share your personal information, and we do not use it to train any AI model.

To exercise any of these rights, email [email protected]. We'll respond within 30 days.

07 / Cookies & tracking

Cookies and tracking.

The marketing site at getvestal.com uses no third-party analytics, no advertising pixels, and no cross-site trackers. The only cookies set are strictly necessary ones used by the app for session management when you're logged in. There's nothing to opt out of because there's nothing tracking you.

08 / Children

Children.

Vestal is not designed for or directed at children under 16, and we don't knowingly collect personal information from them. If you believe a child has signed up, email us and we'll remove the record.

09 / Changes

Changes to this policy.

If we change this policy in a way that meaningfully affects what we collect or how we handle it, we'll email everyone with an account at least 30 days before the change takes effect. A dated version history lives at /privacy/changelog. Minor copy edits (typos, clarifications that don't change meaning) happen without notice, but the effective date at the top of this page moves every time.

10 / Contact

Get in touch.

For anything privacy-related — exercising a right, asking a question, reporting something that doesn't look right — write to us:

Privacy contact

[email protected] — reaches a human, not a queue.

Tumble Road LLC
Attn: Privacy
7829 Center Blvd SE, Suite 277
Snoqualmie, WA 98065
United States
A note on this draft. Vestal is pre-launch. This page reflects the privacy posture we have committed to in product design — client-side encryption, zero-knowledge sync, no data sales, no AI training — and it will be reviewed by counsel before the product ships. If you notice anything that reads as unclear or sketchy, tell us and we'll fix it. That's a standing offer.