VaultEdger

Privacy Policy

Effective Date: January 1, 2025 · Last Updated: July 17, 2026

Prepared in alignment with the Data Protection Act, 2012 (Act 843) of the Republic of Ghana.

VaultEdger ("VaultEdger," "we," "us," or "our") provides cloud-based administrative, inventory, and accounting management software to pharmacies, diagnostic laboratories, private clinics, and similar businesses (each, a "Subscriber") operating in the Republic of Ghana. This Privacy Policy describes how VaultEdger collects, processes, secures, and discloses information when a Subscriber and its authorised personnel ("Users") access and use the VaultEdger platform, websites, and associated services (collectively, the "Service").

This Policy is intended to operate in alignment with the Data Protection Act, 2012 (Act 843) of the Republic of Ghana and the principles administered by the Ghana Data Protection Commission ("DPC"). For the personal data and operational records that a Subscriber uploads into its dashboard, VaultEdger acts as a Data Processor, processing such data strictly on the documented instructions of the Subscriber, who remains the Data Controller of that data. For limited account and billing information that VaultEdger collects to operate the business relationship, VaultEdger may act as a Data Controller in its own right.

By creating an account, accessing, or using the Service, the Subscriber and its Users acknowledge that they have read and understood this Policy.

1. Data Collection Scope

VaultEdger collects only the categories of information that are necessary to deliver and maintain the Service. Specifically, we collect and process the following:

  • User Account Details. Names, usernames, business email addresses, telephone numbers, hashed passwords, assigned roles (for example, business administrator, cashier, or clinician), company name, company address, and other registration information supplied by the Subscriber when creating and managing accounts.
  • Stock and Inventory Metrics. Product names, stock keeping units (SKUs), category labels, supplier names, unit measures, cost prices, selling prices, stock quantities, low-stock thresholds, drug or product batch reference numbers, and similar operational inventory data entered by the Subscriber.
  • Transaction Receipts and Financial Records. Sales records, receipt numbers, customer names entered for invoicing, payment methods, transaction amounts, profit and cost figures, and clinician commission entries generated through ordinary use of the dashboard.
  • Log Files and Technical Data. Internet Protocol (IP) addresses, browser and device user-agent strings, login timestamps, session activity, audit-trail entries, and similar diagnostic information automatically recorded to operate, secure, and troubleshoot the Service.
  • Billing Information. Subscription tier, billing status, and transaction references relating to payments processed through our payment partner. As described in Section 3, VaultEdger does not collect or store the Subscriber's full card numbers, bank account numbers, or banking PINs.

Express exclusion of patient health data. VaultEdger is an administrative and accounting utility. We do not directly collect, request, require, or store patient medical histories, clinical diagnoses, treatment records, laboratory test results, prescriptions tied to identifiable patients, or any other category of personal health record. The Service is not designed for, and must not be used as, a repository of patient health information. Where a Subscriber chooses to enter a customer name onto a receipt for invoicing purposes, that limited identifier is processed only as part of the Subscriber's own transaction record and is the responsibility of the Subscriber as Data Controller.

2. Purpose of Processing

VaultEdger processes the information described above for specific, explicit, and legitimate purposes, and not in any manner incompatible with those purposes. The metrics and records held in a Subscriber's dashboard are processed solely to:

  • Calculate automated ledger commissions. Compute clinician and staff commission amounts from the rates and transaction data entered by the Subscriber, and maintain an immutable commission ledger and payout history.
  • Track stock depletion and inventory levels. Monitor stock quantities, generate low-stock alerts, and provide reporting on inventory movement so the Subscriber can manage replenishment.
  • Prevent and detect internal staff fraud. Maintain audit logs, login-activity records, and role-segregated access so that the Subscriber can attribute actions to specific Users and identify irregularities in stock handling or financial entries.
  • Operate, secure, and support the Service. Authenticate Users, enforce two-factor verification where enabled, deliver service notifications, administer subscriptions, and provide technical support.

VaultEdger does not sell personal data, and does not process Subscriber data for advertising profiling or any purpose unrelated to delivering the Service.

3. Data Security Architecture

VaultEdger applies appropriate technical and organisational measures designed to protect data against accidental or unlawful loss, destruction, alteration, unauthorised disclosure, or access, consistent with the security-safeguards principle under Act 843. Our security architecture includes:

  • Encrypted database hosting. Subscriber databases are hosted on managed, encrypted PostgreSQL cloud instances provided through our infrastructure partner, Render. Data at rest within these managed instances is protected by the encryption controls of the hosting environment.
  • Encryption in transit. All communication between Users' devices and the Service is protected by industry-standard SSL/TLS encryption, so that data exchanged over the network is encrypted while in transit.
  • Credential protection. User passwords are never stored in plain text; they are stored only as salted, one-way cryptographic hashes. Access to the dashboard is governed by role-based permissions, configurable session-inactivity timeouts, and optional two-factor authentication via secure code delivery.
  • Secure payment tokenization. All subscription payments are processed by our payment partner, Paystack. Card data, bank account details, and authentication credentials are captured and tokenized directly by Paystack within its own PCI-DSS-compliant environment. VaultEdger never captures, processes, or stores a Subscriber's full credit or debit card numbers, bank account numbers, card verification values (CVV), or banking PINs. VaultEdger receives only non-sensitive transaction references and status information necessary to activate or deactivate a subscription.

No method of electronic transmission or storage is absolutely secure. While VaultEdger implements the safeguards described above, the Subscriber acknowledges that it is responsible for maintaining the confidentiality of its own login credentials and for promptly notifying VaultEdger of any suspected unauthorised access.

4. Platform Operator Access to Your Data

The platform is maintained by a central operator (the "Platform Operator"). We have designed the Service so that a Subscriber's day-to-day business data is private to that Subscriber by default.

What the Operator can access by default. To run and support the platform, the Operator can see account-level and administrative information: the list of registered businesses, the account holder's name, business name, email and phone supplied at registration, subscription and billing status, and technical logs needed for security and troubleshooting. This is the information required to create accounts, provide support, keep the Service secure, and manage subscriptions.

What the Operator cannot see unless you allow it. A Subscriber's operational business data — sales transactions, revenue and profit figures, customer registries, inventory records, and clinician commission details — is hidden from the Platform Operator by default. The Operator can only view this data inside a specific Subscriber's dashboard if that Subscriber's administrator explicitly turns on maintenance access in their own settings. This permission can be granted for support and withdrawn again at any time by the Subscriber.

This means you remain in control: routine business performance and customer data stays private to your pharmacy unless you choose to share it for support purposes.

5. Data Subject Rights & DPC Compliance

VaultEdger respects the rights afforded to data subjects under the Data Protection Act, 2012 (Act 843). Subscribers, acting as Data Controllers, and the individuals whose data they control, may exercise the following rights in respect of personal data processed through the Service:

  • Right of Access. To request confirmation of whether personal data relating to them is being processed, and to obtain a copy of that data held within the Subscriber's dashboard.
  • Right to Rectification. To request that inaccurate or incomplete personal data be corrected or updated. Subscribers may directly edit most records within their dashboard at any time.
  • Right to Erasure. To request the deletion of personal data where there is no continuing lawful basis for its retention, subject to any record-keeping obligations imposed on the Subscriber by Ghanaian law.
  • Right to Object and Restrict. To object to or request restriction of certain processing activities, in the manner permitted by Act 843.
  • Right to Data Portability. To obtain an export of the Subscriber's data in a commonly used, machine-readable format, where the Service makes such export functionality available.

Because VaultEdger acts as a Data Processor for data within a Subscriber's dashboard, requests from an individual data subject should ordinarily be directed to the relevant Subscriber (the Data Controller). VaultEdger will assist Subscribers, by appropriate technical and organisational measures and insofar as possible, in responding to verified requests to exercise these rights.

To exercise any of these rights, or to raise a question or complaint regarding this Policy or our data practices, please contact our compliance team:

  • Compliance Contact (Email): nutrilifeandwellnesscompany@gmail.com
  • Subject Line: "Data Protection Request — Act 843"

VaultEdger will acknowledge and respond to verified requests within the timeframes contemplated by Act 843. Data subjects also retain the right to lodge a complaint with the Data Protection Commission of Ghana if they believe their rights under Act 843 have been infringed.

5. Data Retention

VaultEdger retains Subscriber data for as long as the Subscriber maintains an active account and for such additional period as is reasonably necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Upon termination of a Subscriber's account and following any applicable retention period, VaultEdger will delete or anonymise the Subscriber's data in accordance with its internal data retention practices, except where retention is required by law.

6. Changes to This Policy

VaultEdger may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. The "Last Updated" date at the top of this page indicates when the Policy was last revised. Material changes will be communicated through the Service or by email. Continued use of the Service after such changes take effect constitutes acceptance of the revised Policy.

7. Contact Us

If you have any questions about this Privacy Policy or VaultEdger's handling of data, please contact us at nutrilifeandwellnesscompany@gmail.com.

© 2026 VaultEdger. All rights reserved.  ·  Terms of Service