vaultr
Packs Marketplace How It Works
Log in Sign Up
Added to cart
View Cart (0) Checkout
Every card graded & authenticated — Securely stored
Log In Sign Up

Privacy Policy

Last updated: May 2026

Vaultr is operated by 1001541506 Ontario Inc., doing business as "Vaultr," a corporation incorporated in the Province of Ontario, Canada (the "Company"). References in this Privacy Policy to "Vaultr," "we," "us," or "our" mean 1001541506 Ontario Inc. We are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use vaultr.pro. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.

Cross-border processing. Several of our service providers — including Coinflow Labs Limited (a Delaware corporation headquartered at 406 N. Sangamon Street, Chicago, IL 60642), Persona (identity verification), and Cloudflare — are based outside of Canada and may process your personal information on servers located in the United States or other jurisdictions. Information processed outside Canada may be subject to the laws of those jurisdictions, including lawful access by foreign authorities. By using Vaultr, you acknowledge this cross-border processing.

1. Information We Collect

We collect the following categories of personal information:

  • Account information: Email address, username, and password (stored as a bcrypt hash — we never store your plain-text password)
  • Payment information: Payment details are collected and processed exclusively by Coinflow Labs Limited. Vaultr does not store your credit card numbers, bank account details, or full payment card information on our servers
  • Identity verification: If you request a withdrawal, identity verification is handled by Persona (Coinflow's KYC provider). Vaultr does not store your ID documents, selfies, or government-issued identification — Persona processes and retains these
  • Transaction data: Purchase history, pack openings, buyback transactions, marketplace activity, wallet balance and deposit/withdrawal history
  • Shipping information: Name and shipping address, only if you request physical card redemption
  • Technical data: IP address, browser type, device information, and session data for security and fraud prevention
  • Communication data: Support inquiries and correspondence

2. What We Do NOT Store

To be clear about what stays off our servers:

  • Credit card numbers — handled entirely by Coinflow Labs Limited (PCI-DSS compliant)
  • Bank account details — handled entirely by Coinflow
  • Full ID documents — handled entirely by Persona
  • Selfies or biometric data — handled entirely by Persona

3. How We Use Your Information

We use your personal information for:

  • Account management: Create and maintain your account, process authentication, manage your wallet balance
  • Payment processing: Facilitate deposits, purchases, marketplace transactions, and withdrawals through Coinflow Labs Limited
  • Fraud prevention: Detect and prevent fraudulent transactions, unauthorized access, chargeback abuse, wash trading, and platform manipulation
  • Email communications: Send order confirmations, pack opening results, shipping notifications, withdrawal confirmations, and account security alerts via Resend
  • Card pricing: We use eBay's API to fetch recent completed sales data for pricing cards. This does not involve your personal information
  • Tax compliance: Calculate and remit applicable sales taxes
  • Service improvement: Analyze usage patterns to improve the experience (aggregated, non-identifying data only)

4. Marketing Communications

We will never send you marketing or promotional emails without your explicit opt-in consent. You may withdraw consent at any time by clicking "unsubscribe" in any marketing email or contacting us. Transactional emails (order confirmations, security alerts, etc.) are not marketing and will be sent as needed to operate your account.

5. Third-Party Services

We share personal information only with the following third-party providers, solely for the purposes described:

  • Coinflow Labs Limited (payment processing and payouts): A Delaware corporation headquartered at 406 N. Sangamon Street, Chicago, IL 60642. Processes your card and bank-account details for wallet deposits, marketplace transactions, and withdrawals (ACH and Real-Time Payment). Coinflow's Privacy Policy
  • Persona (identity verification): Used by Coinflow to handle KYC verification when you request a withdrawal. Receives and retains your ID documents, selfies, and biometric data — Vaultr does not. Persona's Privacy Policy
  • Resend (email delivery): Receives your email address to deliver transactional emails. Resend's Privacy Policy
  • Cloudflare (CDN, security, DNS, inbound email routing): Provides website security, DDoS protection, DNS, and routes inbound mail sent to support@vaultr.ca to our team. Cloudflare may process your IP address, request data, and (for support inquiries) the contents of email you send to our support address. Cloudflare's Privacy Policy
  • eBay API (pricing data): We query eBay's completed sales data to determine fair market values for cards. No personal information is shared with eBay
  • Shipping carriers: Receive your name and shipping address when you redeem a card for physical delivery

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service:

  • Account data: Retained while your account is active and for 30 days after a deletion request to allow for recovery
  • Transaction records: Retained for a minimum of 7 years as required by Canadian tax and financial reporting laws
  • Technical logs (IP, session data): Retained for up to 90 days for security and fraud prevention
  • Support correspondence: Retained for up to 2 years after resolution

7. Your Rights

Under PIPEDA and applicable privacy laws, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to our legal retention obligations
  • Withdraw consent: Withdraw your consent to the processing of your personal information at any time, subject to legal or contractual restrictions
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at support@vaultr.ca. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures to protect your information:

  • Passwords are hashed using bcrypt and never stored in plain text
  • Sessions use secure, httpOnly cookies with appropriate expiration
  • All data transmitted between your browser and our servers is encrypted via TLS/SSL
  • Payment processing is handled entirely by Coinflow Labs Limited (PCI-DSS compliant)
  • Access to personal data is restricted to authorized personnel on a need-to-know basis

9. Cookies & Sessions

We use essential cookies required for the operation of the Service:

  • Session cookie: Maintains your login session and authentication state
  • Security cookies: CSRF protection and rate limiting

We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

10. Children's Privacy

Vaultr is not intended for individuals under 18. We do not knowingly collect personal information from minors. If we learn that we have collected information from a person under 18, we will promptly delete it.

11. PIPEDA Compliance

Vaultr adheres to the ten fair information principles set out in PIPEDA:

  • Accountability: We are responsible for personal information under our control
  • Identifying purposes: We identify the purposes for collection at or before the time of collection
  • Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information
  • Limiting collection: We collect only the information necessary for the identified purposes
  • Limiting use, disclosure, and retention: Personal information is used only for the purposes for which it was collected and retained only as long as necessary
  • Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary
  • Safeguards: We protect personal information with appropriate security measures
  • Openness: We make our privacy policies and practices readily available
  • Individual access: Upon request, we inform you of the existence, use, and disclosure of your personal information and provide access to it
  • Challenging compliance: You may challenge our compliance with these principles by contacting us

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us:

Email: support@vaultr.ca

Legal entity: 1001541506 Ontario Inc.
Registered address: 100 Harbour St, Toronto, ON M5J 0B5, Canada
Jurisdiction: Province of Ontario, Canada
Doing business as: Vaultr

You may also contact the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.