Privacy Policy

Last updated 2026-05-25 · Version 1.0

Citadel Vault is a self-custody device. By design, we never receive your Bitcoin passphrase, your seed phrases, your Vault Cards, or your Shamir shares. We cannot access your funds. This policy explains the narrow set of information we do collect when you buy from us and how we handle it.

1.Who we are (data controller)

The data controller for all personal data processed in connection with citadelvault.org is Ridgeline Compute LLC, a Wyoming limited liability company.

Address: 412 North Main St, Ste 100, Buffalo, WY 82834, USA
Phone: +1 307 200 2903
Privacy contact: privacy@citadelvault.org

If you have a question about how we handle your personal data, email us at the privacy address above. We respond within 5 business days and within 30 days for formal GDPR requests.

2.What we collect

We collect only what we need to fulfill your order and support you afterward.

Order information: your name, billing address, shipping address, email address, phone number (if you provide it), order line items, payment method type, and order amount.
Bitcoin and Lightning payments (BTCPay): payments are processed through BTCPay Server. We see only the on-chain transaction record: the amount received and the transaction ID. BTCPay does not give us your private keys, your wallet address book, or any wallet metadata beyond the single payment transaction.
Bank wire payments (Wise): Wise processes the wire and passes us a payment confirmation. We receive your name, the originating bank, and the amount. Wise's privacy policy governs how Wise handles your banking data.
Aqua wallet payments: Aqua payments settle on the Liquid network. We see the asset transfer record: the amount received. We do not receive your Liquid address book or wallet history.
Card payments: card payments are handled by our payment-processor partner. We receive only the last four digits of your card, the card network, and the authorization result. We never see, store, or log your full card number, CVV, or expiry date.
Support communications: emails, RMA tickets, and recovery-help logs when you contact our support team.

No analytics. No cookies. No tracking pixels. citadelvault.org does not use Google Analytics, Plausible, Fathom, Mixpanel, Hotjar, or any other analytics or behavioral-tracking service. We do not serve any third-party advertising pixel. This website does not set any cookies, not even a session cookie or a preferences cookie. There is no cookie banner because there is genuinely nothing to disclose. You browse citadelvault.org without being tracked.

3.What we do not collect

Because Citadel Vault is a self-custody, air-gapped device, we have no technical pathway to receive your cryptographic material. The following items are never collected, never transmitted to us, and never stored on our servers:

Your Bitcoin passphrase or master seed
Your Vault Card contents or Shamir shares
Your seed phrases or BIP39 word lists
Your wallet balances or transaction history (beyond the single payment transaction for your order)
Your device serial number after shipment (it is not phoned home)
Your IP address beyond what our payment infrastructure strictly requires to confirm a BTCPay payment (no server-side access logs are retained on citadelvault.org)
Your browser fingerprint
Any behavioral or clickstream data on this website

4.Why we collect what we collect (legal bases)

Under GDPR, each category of data we process must have a legal basis. Here is ours:

Data category	Legal basis	Why
Order information	Contract performance (Article 6(1)(b) GDPR)	We need your name, address, and payment info to fulfill your purchase and ship your device.
Support communications	Legitimate interest (Article 6(1)(f) GDPR)	Providing the support you request and maintaining a record of RMA or recovery-help interactions.
Tax records	Legal obligation (Article 6(1)(c) GDPR)	US federal and Wyoming state tax law requires us to retain financial records for 7 years.

We do not rely on consent as a legal basis for any processing because we do not send marketing emails, run remarketing campaigns, or operate an email newsletter. If that changes, we will update this policy and obtain your consent separately.

5.Who we share your data with

We share personal data only with the parties required to fulfill your order or comply with the law.

DHL Express and other carriers: your name and shipping address, to deliver your order. Nothing else.
Wise: your wire payment details, to receive your payment. Wise's privacy policy governs Wise's processing.
BTCPay (self-hosted or hosted infrastructure): transaction data to confirm Bitcoin and Lightning payments.
Our card payment-processor partner: order amount and card authorization, to process card transactions.
Wyoming Department of Revenue and the IRS: tax records as required by applicable US law.

We do not sell or rent your personal data. Ever. We do not share your data with advertisers, data brokers, social media platforms, lead-generation services, or analytics providers. There is no business model here that involves your data.

6.How long we keep your data

Data type	Retention period
Order records (name, address, payment method, amount)	7 years from the order date, as required by US tax law.
Support emails and RMA tickets	2 years from your last contact with our support team.
Recovery-help logs	90 days from the close of the support interaction, then permanently deleted.

You may request earlier deletion of your data by emailing privacy@citadelvault.org. We will honor deletion requests promptly, subject to one important limit: we cannot delete order records during the 7-year tax-record retention window because those records are legally required. After that window closes, we will delete them on request.

7.International data transfers

Ridgeline Compute LLC is a US company. If you are in the European Union, the United Kingdom, or another jurisdiction with data transfer restrictions, your personal data will be processed in the United States.

We rely on standard contractual clauses (SCCs) as the legal mechanism for transferring EU and UK personal data to the US and to our US-based sub-processors (Wise, BTCPay infrastructure, DHL). If you would like a copy of the SCC pack we use with our sub-processors, contact privacy@citadelvault.org and we will provide it.

8.Your rights

Depending on where you live, you have specific rights over your personal data. To exercise any of the rights below, email privacy@citadelvault.org with your name and order reference if applicable. We respond within 30 days.

GDPR rights (EU and UK residents): you have the right to access the personal data we hold about you; to correct inaccurate data; to request erasure (subject to legal-retention requirements); to restrict processing; to receive a machine-readable copy of your data (portability); to object to processing based on legitimate interests; and to withdraw consent where consent is the legal basis. You also have the right to lodge a complaint with your national data protection supervisory authority.
CCPA rights (California residents): you have the right to know what personal information we collect and why; the right to request deletion of your personal information; the right to opt out of the sale of your personal information (we do not sell it, so there is nothing to opt out of); and the right to non-discrimination for exercising these rights.
Everyone else: contact us at privacy@citadelvault.org and we will apply the most protective applicable law to your request.

9.Children

Citadel Vault is sold to adults only. You must be at least 18 years old to purchase. We do not knowingly collect personal data from anyone under the age of 18. If a parent or guardian believes we have inadvertently collected data from a minor, please contact privacy@citadelvault.org and we will delete it promptly.

10.Security of your data

citadelvault.org is served exclusively over HTTPS. Order data stored on our systems is encrypted at rest using industry-standard ciphers. Access to customer records inside Ridgeline Compute LLC is limited to staff with a clear need to know, and we use strong authentication on all internal systems.

Our internal systems do not store your Bitcoin passphrase, seed phrases, Vault Card contents, or Shamir shares because we never receive any of those items. The cryptographic security of your funds rests entirely in your possession, which is the core design guarantee of Citadel Vault.

11.Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of citadelvault.org after an update constitutes acceptance of the updated policy. If a change meaningfully reduces your privacy protections, we will notify you by email if we have your address on file.

12.Contact

Privacy questions and data-subject requests: privacy@citadelvault.org

Order and shipping questions: orders@citadelvault.org

Support and defects: support@citadelvault.org

We respond to all privacy inquiries within 5 business days and to formal GDPR data-subject requests within 30 calendar days.