Added to cart
View Cart (0) Checkout
Every card graded & authenticated — Securely stored
Log In Sign Up

Privacy Policy

Last updated: March 2026

Vaultr ("we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable privacy laws in North America.

1. Information We Collect

We collect the following categories of personal information:

  • Identity information: Full name, username, date of birth (to verify you are 18+)
  • Contact information: Email address, shipping address(es)
  • Payment information: Payment details are collected and processed exclusively by Stripe. Vaultr does not store your credit card numbers, CVV, or full payment card details on our servers.
  • Transaction data: Purchase history, pack openings, buyback transactions, marketplace activity, store credit balance
  • Technical data: IP address, browser type, device information, and session data for security, fraud prevention, and rate limiting
  • Communication data: Support inquiries and correspondence with our team

2. How We Use Your Information

We use your personal information for the following purposes:

  • Service delivery: Process orders, manage your account, facilitate pack openings, vault storage, card redemptions, and marketplace transactions
  • Age verification: Confirm that you meet the minimum age requirement of 18 years
  • Tax compliance: Calculate and remit applicable sales taxes based on your province or state
  • Transactional communications: Send order confirmations, shipping notifications, and account-related emails
  • Security & fraud prevention: Detect and prevent fraudulent transactions, unauthorized access, and abuse of the platform
  • Legal compliance: Meet our obligations under applicable laws, including tax reporting and record-keeping requirements
  • Service improvement: Analyze usage patterns to improve the user experience (aggregated, non-identifying data only)

3. Marketing Communications

We will never send you marketing or promotional emails without your explicit opt-in consent. You may withdraw your consent at any time by clicking "unsubscribe" in any marketing email or by contacting us directly. Transactional emails (order confirmations, shipping updates, security alerts) are not considered marketing and will be sent as necessary to operate your account.

4. Third-Party Service Providers

We share your personal information only with the following third-party service providers, solely for the purposes described:

  • Stripe (payment processing): Receives your payment card details to process transactions securely. Stripe is PCI-DSS Level 1 compliant. See Stripe's Privacy Policy.
  • Resend (email delivery): Receives your email address to deliver transactional and, where consented, marketing emails on our behalf. See Resend's Privacy Policy.
  • Shipping carriers: Receive your name and shipping address when you redeem a card for physical delivery.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention periods:

  • Account data: Retained while your account is active and for 30 days after a deletion request, to allow for account recovery
  • Transaction records: Retained for a minimum of 7 years as required by tax and financial reporting laws
  • Technical logs (IP, session data): Retained for up to 90 days for security and fraud prevention purposes
  • Support correspondence: Retained for up to 2 years after resolution

6. Your Rights

Under PIPEDA and other applicable privacy laws, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to our legal retention obligations
  • Withdraw consent: Withdraw your consent to the processing of your personal information at any time, subject to legal or contractual restrictions
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada or your applicable data protection authority

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

7. Data Security

We implement industry-standard security measures to protect your personal information:

  • Passwords are hashed using bcrypt and are never stored in plain text
  • Sessions use secure, httpOnly cookies with appropriate expiration
  • All data transmitted between your browser and our servers is encrypted via TLS/SSL
  • Payment processing is handled entirely by Stripe (PCI-DSS Level 1 compliant)
  • Access to personal data is restricted to authorized personnel on a need-to-know basis

8. Cookies

We use essential cookies required for the operation of the Service (session management, authentication, security). We do not use third-party tracking or advertising cookies.

9. Children's Privacy

Vaultr is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected information from a person under 18, we will promptly delete that information.

10. PIPEDA Compliance

Vaultr adheres to the ten fair information principles set out in PIPEDA:

  • Accountability: We are responsible for personal information under our control
  • Identifying purposes: We identify the purposes for which information is collected at or before the time of collection
  • Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information
  • Limiting collection: We collect only the information necessary for the identified purposes
  • Limiting use, disclosure, and retention: Personal information is used only for the purposes for which it was collected and is retained only as long as necessary
  • Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary
  • Safeguards: We protect personal information with appropriate security measures
  • Openness: We make our privacy policies and practices readily available
  • Individual access: Upon request, we inform you of the existence, use, and disclosure of your personal information and provide access to it
  • Challenging compliance: You may challenge our compliance with these principles by contacting our privacy officer

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact & Privacy Officer

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

You may also contact the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.