Privacy Policy

Last Updated: February 20, 2026

This Privacy Policy explains how CITIZEN VAULT LTD ("we", "us", "our") collects, uses, and stores your personal information when you use our website, our browser extension ("CitizenGuard"), and our associated services.

1. Data Controller

The personal data collected is controlled by:

CITIZEN VAULT LTD
Company Number: 16392506
Registered Address:
115 Gazette Buildings
168 Corporation Street
Birmingham
B4 6TF
United Kingdom

2. Information We Collect

We collect information to provide our privacy protection services. This includes information you provide directly and data collected automatically via our Browser Extension.

  • Account Information: When you sign up via our authentication provider (Clerk), we collect your email address, authentication identifiers, and declared country of residence to manage your account and sync your preferences.
  • Extension Data (CitizenGuard): To fulfill its core purpose of protecting your privacy, the CitizenGuard extension processes the following data locally on your device:
    • Network Traffic: We analyze outgoing network requests to detect and log third-party tracking pixels, beacons, and data exfiltration attempts.
    • Cookies: We monitor the setting of third-party cookies to verify if websites are respecting your consent preferences.
    • Tracking Logs: Logs of detected trackers are buffered locally on your device. You may choose to sync these logs to our secure servers to view them in your dashboard.
  • Website Usage Data: When you visit our marketing website (citizenvault.co.uk), we may collect technical information (IP address, browser type) for security and operational purposes.
  • Connected Account Credentials: If you choose to connect your email provider (e.g., Gmail) to send authorization emails, we securely store encrypted access tokens (OAuth) to perform these actions on your behalf. We do not store your email password.

3. Browser Extension Permissions

The CitizenGuard extension requires specific permissions to function. We use these permissions strictly for the purpose of privacy protection:

  • webRequest & declarativeNetRequest: Used to analyze network traffic in real-time to block trackers and append Global Privacy Control (GPC) headers.
  • Cookies: Used to detect tracking cookies and manage GDPR consent.
  • Scripting: Used to inject our consent automation engine to automatically reject non-essential cookie banners on your behalf.
  • Storage: Used to securely store your preferences and tracking logs locally.
  • Identity: Used to securely authenticate you via Clerk so you can sync your data.
  • Host Permissions (All Hosts): Required because trackers can appear on any website you visit. Without this, we cannot protect you across the web.

4. Cookies and Tracking Technologies (Website)

Our website uses cookies and similar tracking technologies (like pixels or web beacons) to distinguish you from other users, provide essential functionality, and help us analyze and improve the Service. A cookie is a small file of letters and numbers stored on your browser or device.

We use the following types of cookies:

  • Strictly Necessary Cookies: Required for the operation of our website (e.g., session cookies). These do not require your consent.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you block all cookies (including essential cookies) you may not be able to access all or parts of our site.

For more general information about cookies, please visit aboutcookies.org.

5. How We Use Your Information

We use the information we collect for the following purposes:

  • Privacy Protection: To detect and block trackers, and to automate cookie consent rejection on websites you visit.
  • GDPR Automation: To generate and send data deletion or access requests to data brokers and companies on your behalf. If you connect your email account, we use this permission strictly to send the necessary authorization emails to data controllers. We do not read your emails.
  • Service Management: To manage your account, sync your settings, and provide customer support.
  • Communication: To send you important updates regarding your privacy reports or service changes.

6. Legal Basis for Processing

Our legal basis for collecting and processing your personal data depends on the specific context. Primarily, we rely on:

  • Performance of Contract: When you install our extension and create an account, processing your data (such as syncing tracking logs or sending GDPR requests) is necessary to provide the service you requested.
  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., signing up for marketing updates).
  • Legitimate Interests: Where processing is necessary for our legitimate interests (e.g., maintaining website security, responding to inquiries), provided your rights and interests do not override those interests. We do not rely on legitimate interests for non-essential tracking where consent is required.

7. Data Storage and Security

Your information is stored securely. We implement appropriate technical and organisational measures to protect your data against unauthorized access, loss, or misuse.

  • Encryption at Rest: All user data in our database is encrypted at rest.
  • Field-Level Encryption: Sensitive credentials (such as OAuth tokens for connected accounts) are encrypted using AES-256 GCM before storage.
  • Secure Transmission: All data transmitted between your device and our servers is encrypted using TLS 1.2+.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements, or until you request its deletion according to your rights.

9. Your Data Protection Rights (UK GDPR)

Under UK GDPR, you have certain rights regarding your personal data: Access, Rectification, Erasure, Restrict Processing, Object to Processing, Data Portability, Withdraw Consent.

  • Right to Representation: By using our automated GDPR request feature, you authorize Citizen Vault Ltd to act on your behalf to exercise your data rights with third-party data controllers.
  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate data.
  • Right to Erasure ('Right to be Forgotten'): You can request the deletion of your data.
  • Right to Restrict Processing: You can request that we temporarily stop processing your data.
  • Right to Object to Processing: You can object to processing based on legitimate interests or for direct marketing.
  • Right to Data Portability: You can request transfer of your data to another service.
  • Right to Withdraw Consent: You can withdraw your previously given consent at any time. For consent related to cookies, this can typically be done via our cookie consent banner/settings. For other consent (e.g., marketing emails), use the contact details below or the unsubscribe link provided.

To exercise any of these rights, please contact us at:[email protected].

We aim to respond within one month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

10. Third-Party Sharing

We do not sell or trade your personal data. We may share your information with trusted third-party service providers who assist us in operating our website and providing services (e.g., hosting providers, email delivery services), under strict data processing agreements. We will not share your data with third parties for marketing purposes ever.

We use the following third-party service providers:

  • Clerk: For secure user authentication and identity management.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes are effective immediately upon posting the revised policy here with an updated "Last Updated" date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:[email protected]