Privacy Policy

This Privacy Policy describes how the Boulder Metalsmithing Association ("BOMA," "we," or "us") handles information when you use The Vault—our web application for jewelry pricing, inventory, and related tools (the Service). By using the Service, you agree to this policy. If you do not agree, please do not use the Service.

The Service is made available in connection with BOMA. This policy applies only to The Vault; BOMA’s main website or other services may have separate terms or policies.

1. What we collect

Depending on how you use The Vault, we may process the following types of information:

• Account and authentication. If you create an account or sign in, we process identifiers such as your email address, authentication tokens, and (if you use it) Google sign-in data. Our authentication and database infrastructure is provided by Supabase.
• Business and “Vault” data you provide. This may include item names, metal weights and types, labor and overhead inputs, cost and pricing data, photos or image links, tags, time entries, saved formulas, comparison settings, notes, and similar content you choose to store.
• Subscriptions (Vault+). If you purchase a paid plan, Stripe processes payment information. We typically do not receive your full card number; we may receive Stripe customer and subscription identifiers and billing status to provide access.
• Security and abuse prevention. We may use Cloudflare Turnstile or similar services to help protect sign-in and forms from automated abuse. Those services may process technical signals (such as device or browser data) as described in their documentation.
• Technical data. Like most websites, we and our service providers may process IP addresses, browser type, device type, general location derived from IP, timestamps, and similar logs for security, reliability, and debugging. We may use cookies, local storage, or similar technologies needed for sessions and preferences.

2. How we use information

We use the information above to:

• Provide, operate, and improve The Vault (including calculator, inventory, and related features)
• Authenticate you and keep your account secure
• Process subscriptions and show whether features are available to you
• Respond to support requests and communicate about the Service when appropriate
• Detect, prevent, and address fraud, abuse, or technical issues
• Comply with law and protect our users and the organization

3. Legal bases (EEA/UK users)

If applicable privacy laws require a “legal basis,” we rely on: (a) performance of a contract (providing the Service you request); (b) legitimate interests (e.g. securing the Service, improving features, and measuring reliability), balanced against your rights; and (c) where required, your consent (for example, where consent is the appropriate basis for a specific marketing or non-essential cookie use).

4. Sharing and service providers

We do not sell your personal information. We may share data with:

• Supabase (hosted database, authentication, and related APIs) under our configuration and their terms
• Stripe (payments and subscription status)
• Google (if you use Google sign-in), subject to Google’s terms and your Google account settings
• Hosting, CDN, and security vendors (e.g. the platform that runs the app and Cloudflare), as needed to deliver the site
• Law enforcement or others when required by law or to protect rights, safety, and integrity

When we use subprocessors, we choose vendors appropriate for a small association-run app, but you should also review their privacy documentation for how they process data on our behalf.

5. Data retention and deletion

We keep information only as long as needed for the purposes above. Account-related data generally lasts for the life of your account. If you delete your account (where the Service provides that) or we terminate access, we will delete or anonymize personal information when practicable, subject to legal or security retention needs.

6. Security

We use reasonable technical and organizational measures appropriate to the Service (such as encryption in transit and access controls). No method of storage or transmission is 100% secure; you use The Vault at your own risk to that extent.

7. Your choices and rights

Depending on where you live, you may have the right to:

• Access or receive a copy of your personal information
• Correct inaccurate information
• Request deletion of your information
• Object to or restrict certain processing
• Withdraw consent where processing is consent-based
• Lodge a complaint with a data protection authority

To exercise these rights, contact us through the Boulder Metalsmithing Association’s contact options on our website (see link above). We may need to verify your request.

8. United States; international users

The Service is operated from the United States. If you access it from other countries, you consent to the transfer and processing of your information in the U.S. and other locations where our providers operate, which may have different data protection rules than your country.

9. Children’s privacy

The Service is not directed to children under 13 (or the age required by your jurisdiction), and we do not knowingly collect their personal information. If you believe we have, contact us and we will take appropriate steps to delete it.

10. California residents (summary)

If the California Consumer Privacy Act (CCPA/CPRA) applies, you may have additional rights (e.g. to know, delete, and correct, and to opt out of “sale” or “sharing” of personal information as defined in those laws). We do not sell personal information in the traditional sense. For rights requests, use the contact path described in Section 7.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change, and for material changes we will provide additional notice as appropriate (for example, a notice in the app or by email if we have your address). Continued use after changes constitutes acceptance of the updated policy.

12. How to contact us

For privacy questions about The Vault, contact the Boulder Metalsmithing Association through the contact information on our website: https://www.bouldermetalsmiths.com/