Bringing your favourite Aussie products straight to Sri Lanka

Privacy Policy

Last updated: 9 May 2026

Originals ("we", "us", "our") respects your privacy. This policy explains what information we collect when you use our website, why we collect it, who we share it with, and the choices you have. If anything here is unclear, email us at hello@getoriginals.lk and we'll explain in plain English.

1. Information we collect

You give us, directly

  • Account details — name, email address, password (hashed, never stored in plain text), phone number (optional), profile photo (optional).
  • Shipping addresses — recipient name, street address, suburb, city, state, postcode, country, phone for delivery.
  • Order history — what you bought, when, how much you paid, your selected currency, the shipping option you chose, any discount codes used.
  • Communications — messages you send via the contact form, replies to our emails, anything you tell us during a support conversation.

Collected automatically

  • Device & browsing — IP address, browser type, device type, pages visited, time spent, referring URL.
  • Cart state— items in your cart, stored so you can come back to them later. If you're logged in we also keep a snapshot in our database to enable abandoned-cart reminder emails (you can opt out at any time — see Section 5).
  • Currency preference— whether you've set the storefront to AUD or LKR.

From third parties

  • Stripe — when you pay, Stripe sends us a payment confirmation including the last four digits of your card, card brand, and a payment ID. We never see or store your full card number, CVV, or expiry — Stripe handles all of that.
  • Australia Post — tracking events as your parcel moves through the postal network.

2. How we use your information

  • To process your orders and send them to you.
  • To calculate shipping costs and the estimated Sri Lanka Customs duty for your parcel.
  • To send you transactional email — order confirmation, shipping notification, refund confirmation, invoice.
  • To respond to questions you send through the contact form or by email.
  • To send abandoned-cart reminder emails (opt-out below) and, with your separate consent, occasional marketing emails about new arrivals or promotions.
  • To detect and prevent fraud — for example, an unusual number of orders from a single IP using different cards.
  • To comply with our legal obligations, including tax records and customs documentation.

3. Who we share it with

We don't sell your data, ever. We share what's necessary with the following service providers, only to the extent needed to do the job:

  • Stripe (USA / Australia) — payment processing.
  • Google Firebase (USA) — our database and backend hosting (Firestore, Cloud Functions, Authentication).
  • Vercel (USA) — website hosting.
  • Cloudflare R2 (USA / global) — storage of invoice PDFs and product imagery.
  • Brevo / Sendinblue (EU) — sending transactional and marketing email.
  • Australia Post (Australia) — international shipping and tracking.
  • Sri Lanka Customs & Sri Lanka Post — we include your name, address, and a customs declaration on every parcel; this is required for the parcel to clear customs.
  • Analytics providers (Google Analytics, Meta Pixel) — aggregated usage data to understand which pages and products people engage with. These can be opted out via standard browser tools and ad-blocker extensions.

We may also disclose information if required by law (a valid court order, subpoena, or comparable legal process), or if necessary to protect our rights, your safety, or the safety of others.

4. International transfers

Originals operates from Australia and serves customers primarily in Sri Lanka and the Maldives. Your information is stored on servers in the United States (Firebase, Vercel) and may be processed in any country where our service providers have infrastructure. We rely on the data-protection commitments of these providers — most are SOC 2 / ISO 27001 certified.

5. Your choices

  • Update or delete your account — sign in and edit your profile, or email us to request deletion.
  • Opt out of marketing email — every email has an unsubscribe link in the footer, or email us.
  • Opt out of abandoned-cart reminders — email us at hello@getoriginals.lk and we'll flag your account.
  • Opt out of analytics— install a browser extension like uBlock Origin, or enable "Do Not Track" in your browser settings.
  • Request a copy of your data— email us and we'll send you everything we have on file within 30 days.

6. Security

We use HTTPS everywhere, Stripe handles all card data, passwords are stored hashed with a one-way function, and access to our internal systems is restricted to staff who need it. No system is perfectly secure, but we work hard to keep yours safe. If you suspect your account has been compromised, email us immediately.

7. Cookies

We use cookies for three things: keeping you logged in, remembering your cart and currency preference, and (anonymous) analytics. You can delete cookies in your browser settings or block them entirely — but the site won't remember your cart or keep you logged in if you do.

8. Children

Originals is not directed at children under 16. We don't knowingly collect data from children. If you believe a child has given us personal information, email us and we'll delete it.

9. Changes to this policy

We'll update this policy if our practices change. The "Last updated" date at the top tells you when. For significant changes (new categories of data, new providers, policy direction shifts) we'll email logged-in customers before the change takes effect.

10. Contact

Questions, requests, or complaints about how we handle your data:

Email: hello@getoriginals.lk
See also our Contact page.