// LEGAL

Privacy Policy

Last updated: June 2025 · VaultX.lk · DigiMart Solutions (Pvt) Ltd

//

OVERVIEW

VaultX.lk ("we", "our", "us") is operated by DigiMart Solutions (Pvt) Ltd, a company registered in Sri Lanka. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at vaultx.lk. By using our platform, you agree to the practices described in this policy.
//

INFORMATION WE COLLECT

Account Information

When you register, we collect your email address, display name, and password (stored securely via Supabase Auth). We do not store plain-text passwords.

Order Information

When you place an order, we collect your full name, phone number, Steam email address, items purchased, and payment amounts. This is required to process and deliver your order.

Usage Data

We may collect anonymised data about how you interact with the site — pages visited, search queries, and session duration — to improve platform performance.

Device & Technical Data

IP address, browser type, device type, and referring URLs may be logged for security and fraud prevention purposes.

//

HOW WE USE YOUR INFORMATION

  • To process your orders and deliver Steam game gifts to your account.
  • To communicate order confirmations, updates, and support responses.
  • To verify your identity and prevent fraudulent transactions.
  • To improve our platform, fix issues, and optimise the user experience.
  • To comply with legal obligations under Sri Lankan law.
  • To send occasional service announcements (not marketing emails without your consent).
//

THIRD-PARTY SERVICES

We use trusted third-party services to operate VaultX.lk. Each has its own privacy policy governing how they handle data:

Supabase

User authentication, database, and file storage.

Policy →

Koko (Merchant Services Ltd)

Buy-now-pay-later payment processing.

Policy →

Valve / Steam

Game catalogue data and pricing via the Steam API.

Policy →

Cloudflare

CDN, DDoS protection, and email routing.

Policy →

Vercel

Website hosting and edge functions.

Policy →
//

COOKIES

We use essential cookies required for authentication sessions and cart state. We do not use advertising cookies or third-party tracking pixels.

Your browser settings allow you to control or disable cookies. Disabling essential cookies may affect login functionality and cart persistence.

//

DATA STORAGE & SECURITY

Your data is stored on Supabase infrastructure, which is hosted in secure data centres. All data in transit is encrypted using TLS. Passwords are hashed and never stored in plain text.

We retain your account data for as long as your account is active. Order data is retained for a minimum of 3 years for accounting and dispute resolution purposes under Sri Lankan commercial law.

//

YOUR RIGHTS

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your account and associated personal data (subject to legal retention requirements).
  • Withdraw consent for optional data processing at any time.
  • Lodge a complaint with relevant data protection authorities in Sri Lanka.

To exercise any of these rights, contact us at support@vaultx.lk.

//

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the platform after changes constitutes acceptance of the revised policy.
Questions? Contact our support team