Last updated: April 16, 2026
GJT Wallet is a product of GJT Globe (Private) Limited ("we", "our", "us"), a company incorporated in Sri Lanka. Our registered address is Colombo, Western Province, Sri Lanka. You can contact us at privacy@gjtglobe.com.
We collect the following information when you use GJT Wallet: (a) Account information: email address, company name, and subdomain when you sign up; (b) Payment information: processed entirely by Stripe or PayPal — we never store your card number or PayPal credentials; (c) Usage data: actions taken within the vault (for audit logging purposes) including IP address and timestamp; (d) Communication data: messages sent via our contact form.
We use your information to: provide and maintain the GJT Wallet service; process payments and manage subscriptions; send transactional emails (welcome, password reset, receipts); provide customer support; comply with legal obligations; and improve our product based on aggregated usage patterns.
All credentials stored in GJT Wallet are encrypted with AES-256-GCM before storage. The encryption key is derived from your account-specific secret. We do not have access to your unencrypted passwords. For self-hosted plans, your credential data never leaves your own server.
We do not sell your personal data. We share data only with: (a) Stripe and PayPal for payment processing; (b) Resend for transactional email delivery; (c) Supabase for database hosting; (d) Vercel for application hosting. All third-party services are contractually obligated to protect your data. We may disclose data if required by law or to protect our rights.
We retain your account data for as long as your subscription is active plus 90 days after cancellation, then permanently delete it on request. Audit logs are retained for 12 months. Payment records are retained as required by applicable accounting laws (typically 7 years).
You have the right to: access a copy of your personal data; correct inaccurate data; request deletion of your data; data portability (export your credential vault); withdraw consent at any time; lodge a complaint with a data protection authority. To exercise any of these rights, contact us at privacy@gjtglobe.com.
We use only essential cookies required for authentication and session management. We do not use tracking, advertising, or analytics cookies. No third-party cookies are set on GJT Wallet.
We implement industry-standard security measures including TLS/HTTPS encryption in transit, AES-256 encryption at rest, TOTP two-factor authentication, IP-based brute force protection, and regular security reviews. No system is 100% secure; if you discover a vulnerability please report it to security@gjtglobe.com.
GJT Wallet is not directed at children under 18. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice within the application. Continued use after changes constitutes acceptance of the updated policy.
For privacy-related queries: privacy@gjtglobe.com. For general support: support@gjtglobe.com. GJT Globe (Private) Limited, Colombo, Sri Lanka.