VoilitVoilit

Privacy Policy

Last revised: March 5, 2026

Voilit operates the digital gift card wallet at voilit.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding it. By using Voilit you agree to the practices described here.

1. Information We Collect

Account information

Your email address and authentication credentials are managed by Clerk, our auth provider. We do not store your password.

Gift card data you enter

  • Store name and domain (e.g., Amazon, amazon.com)
  • Last 4 digits of your card number (stored in plaintext for display)
  • Full card number and PIN — encrypted with AES-256-GCM before storage; only decrypted when you tap to reveal
  • Card balance (initial and current), currency, and expiry date
  • Transaction history (amounts, timestamps, transaction type)

Automatically collected data

When you view or reveal a card, we log your IP address and browser user agent as part of your personal security audit trail. This log is visible only to you in the app. We do not use this data for advertising.

2. How We Use Your Information

  • To provide and operate the Voilit wallet service
  • To display card balances, transaction history, and expiry warnings
  • To generate your personal security audit log (for your benefit)
  • To apply rate limiting and prevent abuse
  • To send authentication-related emails via Clerk

We do not sell your data. We do not use your gift card information for marketing or share it with third parties except as described in Section 4.

3. How We Protect Your Data

  • Encryption at rest: Full card numbers and PINs are encrypted with AES-256-GCM. The encryption key is never stored in the database.
  • Account isolation: Every database query is scoped to your user ID. It is architecturally impossible to access another user's cards.
  • Rate limiting: Reveal and API endpoints are rate-limited to prevent brute-force attacks.
  • Soft deletes: Deleted cards are flagged before purging, protecting against accidental data loss.
  • HTTPS everywhere: All traffic is encrypted in transit via TLS.

4. Third-Party Services

Voilit uses the following services to operate. Each has its own privacy policy:

  • Clerk — authentication and 2FA (clerk.com)
  • Neon — PostgreSQL database hosting (neon.tech)
  • Vercel — application hosting (vercel.com)
  • Upstash — Redis rate limiting (upstash.com)
  • logo.dev — brand logo images; your browser requests logos using the store domain you entered

5. Affiliate Links

Some cards display a “Reload” or “Buy more credit” link. These are affiliate links to authorized retailers. If you click one, the affiliate network (Amazon Associates, Rakuten, CJ Affiliate, or Impact.com) may place a cookie and track your purchase. Voilit may earn a small commission at no cost to you.

We do not share any personal information with affiliate networks. Tracking is triggered only by your click.

6. Your Rights

Depending on where you live, you may have rights to access, correct, or delete your personal data (GDPR Articles 15–17; CCPA section 1798.100).

  • Access: Your full activity log is in-app under Activity and each card's Audit page.
  • Delete a card: Available in the app. Cards are soft-deleted and purged within 30 days.
  • Delete your account or export your data: Email us below. We fulfill requests within 30 days.

California residents: We do not sell personal information and do not discriminate against users who exercise their CCPA rights.

7. Data Retention

  • Active accounts: data retained while your account exists.
  • Soft-deleted cards: retained up to 30 days, then permanently purged.
  • Account deletion requests: all personal data purged within 30 days.
  • Audit logs: retained for the life of your account for your security benefit.

8. Children's Privacy

Voilit is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have done so inadvertently, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of Voilit after changes are posted constitutes acceptance of the updated policy.

10. Contact

For questions about this policy or to exercise your data rights:

privacy@voilit.com