Terms of Use – MVP (Minimum Viable Product)

Version (valuables limited company, July 25).

1. Purpose

These Terms of Use (the “Terms”) govern the use of our mobile application, which is currently in its testing phase (MVP). By accessing the app, you agree to these terms.

2. Testing Phase

The app is currently being tested by a limited group of users, upon invitation only, which requires the individual validation of each account. It is not yet commercially available. This testing phase is intended to improve the product before its official launch later this year. By participating, you agree to be part of this limited test group.

3. Data Protection and security

We take the protection of your data very seriously. Here is our commitment:

Data encryption: All information you enter into the app is encrypted. This means your data is protected and only you have access to it.

Confidentiality: We do not access the content of your personal data stored in the app.

Use of personal data: The only non-encrypted personal information we collect is your email address, first name, and last name. These are used exclusively to communicate with you (e.g., to share updates or collect feedback).

No sharing or selling: This information will never be shared or sold to third parties under any circumstances.

The data is stored in a European based data center.  

4. Security

This document outlines our data security and hosting practices.

Data Encryption

All data you input into the application is encrypted, and we do not have access to it.

The SSL encryption key for the back-end is stored in Google Cloud Platform (GCP), our cloud provider.

The database is encrypted both at rest and in transit using an SSL key, also hosted and managed by GCP.

Backup and Recovery Procedures

We use Cloud SQL with a 14-day SQL backup retention configuration (global standard).

Point-in-time restore functionality, utilizing database logs, allows for daily backups and restoration to a precise moment (down to the second) within the last 14 days.

Cloud Run enables rollbacks to previous program versions.

Data Hosting and Physical Storage Location

Our servers are located in a Google datacenter in Belgium, within the EU-WEST1 zone.

Security Standards and Certifications Followed

Authentication & Authorization: OAuth2 via Firebase.

Dependency Verification: Package verification via NPM audit and YARN Audit.

Licensing: Exclusive use of MIT-licensed (or equivalent) packages.

SQL Injection Protection: Achieved through the use of our ORM.

Resource Management: OAuth2 scoping and unique resource management per user to prevent IDOR (Insecure Direct Object References).

Secure Data Access: Temporary URL signing for all BLOB data access.

Access Control: Verified via Middleware & Usecase with role-based access management (Authorization).

Database Access: Limited to accepted IP ranges configured on servers.

Server Communication: Secure connection (VPN) implemented in GCP between back-end and database.

Dedicated Users: Each database access has a dedicated user (support access, back-end access, read access).

Front-end Code Protection: Production bundle obfuscation (without publishing .map files), similar to other providers.

GraphQL API: Introspection disabled in production.

Secure Tokens: Use of scopes and resources in token management.

OWASP Compliance: Designed to be compatible with the OWASP Top 10 at the time of MVP delivery.

Anti-spam Protection: IP blocking in case of excessive consecutive requests.

API Resource Limitation: Depth control on the GraphQL API.

Code Review: Security service verification of each code on the main branch.

Tech-Lead Validation: Manual security review (OWASP) of critical PRs by the tech lead.

Secure Deployment: Automation via CI/CD with tag creation and integration test validation.

Environments: Staging and production environments implemented.

Deployment Consistency: Use of identical Docker images based on the same commit.

Containerization: Docker for development, staging, and production environments.

5. Consent

By using the MVP version of the app, you agree:

to take part in a real-world test,

to give some feedback through surveys and through one-on-one interactions (teams or phone call);  

that we may use your contact details to reach out to you regarding product development (email address);

that your data will be processed in accordance with this policy.  

6. Updates

These Terms may evolve as the project progresses. You will be informed of any updates.

‍