There are two types of addresses on the ethereum network: externally owned addresses (EOAs) and contract addresses.
EOAs are simple addresses, like you would find in bitcoin or some other blockchains. They can send and receive funds, but they do not run any additional code.
Contract addresses, on the other hand, run code every time an EOA or other contract address interacts with them. This code can do a very wide variety of things, from simply updating a balance to creating new digital assets!
Your Pay wallet in the Casa app generates EOAs, and your Casa app uses an HD (hierarchical deterministic) key, which generates a new address with each transaction that's made.
It's normal for your receiving address to change, but any previous addresses that you've used for that keyset can be used again to receive funds, even though your Casa app is showing you a different deposit address.
This means that you can whitelist an address at your exchange, for example, and any withdrawals you make to that address will go to your Casa wallet, despite the app showing you a different address, unless you ever transfer funds to a new keyset in your Casa app (we call this a key rotation), which you may do if, for example, you want to replace a hardware device in the future. In that case, you should not send to any previous addresses from the old keyset.
Vaults in your Casa app are contract addresses. The contract, in this case, governs how many keys are necessary to sign a transaction, and specifies which keys are active.
If and when you need to, you can replace a key for your vault by updating this contract to tell it to remove one key and replace it with a new one.