Privacy Policy

How we harvest, secure, and route customer data. Last updated: June 2026.

1. Data Collection & Telemetry

We collect direct information necessary to process orders, including your name, shipping address, contact number, and email. Telemetry data (such as IP address, browser footprint, and cookies) is analyzed to maintain security protocols and personalize the product matrix.

2. Information Sharing inside the Vendor Network

As a multivendor marketplace, relevant shipping details are securely transmitted to the respective Vendor fulfilling your purchase. Vendors are bound by strict protocol agreements and are not authorized to utilize customer information for unsolicited campaigns.

3. Payment Integrity

Payment details (credit card tokens, bank data) are processed via external, fully compliant gateways like PayHere. GoBuy.lk does not cache, log, or store complete payment credentials on our servers.

4. User Rights & Data Retention

You retain full autonomy over your data. You may request account deletion or data export by contacting the support operations team. We retain transaction logs only as required to meet local audit, taxation, and regulatory compliance standards.

5. Cookies & Tracking Nodes

Our system employs persistent and session cookies to persist shopping cart contents, monitor security threats, and collect anonymous platform analytics. You may deactivate cookie tracking in your browser settings, though this may degrade checkout flow mechanics.

Security Operations Center

We periodically update our data management procedures to counter emerging threat vectors. For privacy concerns or to revoke data access, please address telemetry logs directly to security@gobuy.lk.