Skip to content
Museum Vault
Legal

Privacy Policy

How Museum Vault handles account information, museum collection data, public exhibition content, support requests, billing records, and security.

Effective date: May 18, 2026

Information we collect

Museum Vault collects account information, museum profile details, artifact catalog records, media files, import files, audit activity, billing status, and support messages when you use the service.

Artifact metadata can include object titles, accession numbers, collection names, descriptions, locations, condition notes, donor or acquisition notes, and custom fields entered by your museum team.

How we use information

We use information to provide museum collection management software, authenticate users, process imports, generate thumbnails, run inventory audits, publish public exhibitions, support billing, improve reliability, and respond to support requests.

We do not sell museum catalog records or visitor information. We use service providers only to operate the product, such as hosting, authentication, email, storage, analytics, and payment processing.

Public exhibition content

When a museum publishes an exhibition, selected exhibition text, artifact titles, images, descriptions, and approved guestbook entries may become public on that museum's exhibition pages.

Draft artifacts, private dashboard records, unpublished exhibitions, staff-only audit logs, and billing settings are not intended for public display.

Data retention and export

Museums can export catalog data from the product. Account and billing records are retained as needed to provide the service, comply with legal obligations, resolve disputes, and maintain security.

If your museum needs account deletion or a data export, contact support with the museum name and administrator email so we can verify the request.

Security

Museum Vault uses passwordless sign-in, tenant isolation, role-based access, HTTPS, managed database security controls, and server-side authorization checks to protect museum records.

No online service can guarantee absolute security. Museum administrators should remove former staff, review invitations, and use current email accounts for sign-in.

Contact

Questions about this Privacy Policy or museum data handling can be sent to team@museumvault.app.