Complimentary Express Shipping on orders over $50

Trust & Transparency

Privacy & Payment Security

Your trust is the foundation of the House of Umay. This policy explains what we collect, why we collect it, and the safeguards we put in place for every transaction.

Encrypted, PCI-DSS compliant checkout

Payments at Umay Luxe are processed by Stripe, a Level 1 PCI-DSS certified payment provider. All card data is transmitted over TLS 1.2+ with 256-bit SSL encryption. We never see, store, or have access to your full card number, expiry date, or CVC — these details are tokenised by Stripe at the point of entry.

Every transaction is screened with Stripe Radar for fraud, and every customer-not-present payment is authenticated with 3-D Secure 2 where supported by your bank. Chargeback and dispute handling is managed via Stripe's regulated framework.

What we collect, and why

  • Order details — name, shipping address, email, items purchased. Used to fulfil and ship your order.
  • Payment metadata — last 4 digits of your card, brand, country. Stored only as a Stripe reference for refunds and customer support. Never the full PAN.
  • Account data — email and (optionally) password hash. Used to access order history.
  • Marketing preferences — only when you opt in. Unsubscribe at any time from any email footer.

We do not sell, rent, or share your personal data with third parties for advertising. We share data only with the processors required to deliver your order (Stripe for payment, DHL Express for shipping, our email platform for transactional messages).

Cookies & analytics

We use a minimal set of first-party cookies to keep you signed in, remember your cart, and measure aggregate site performance. We do not run ad-tech tracking pixels, behavioural retargeting, or sell event data to third parties.

Your rights (GDPR / UK GDPR / CCPA)

You have the right to:

  • Request a copy of the personal data we hold about you.
  • Correct or update inaccurate data.
  • Request deletion of your account and associated data.
  • Withdraw consent for marketing at any time.
  • Lodge a complaint with your local supervisory authority.

To exercise any right, email hello@umayluxe.com. We respond within 30 days.

Contact our DPO

Data controller: Umay Luxe, operated by Twin M Group Ltd.
Data Protection contact: hello@umayluxe.com.

Last updated: June 2026. Contact us with any question.

Encrypted Checkout

256-bit SSL · PCI-DSS compliant via Stripe

Safe Payments

Buyer protection · 3-D Secure authentication

VISAMastercardAMEXApple PayGoogle PayKlarnaStripe

Encrypted Checkout

256-bit SSL · PCI-DSS compliant via Stripe

Safe Payments

Buyer protection · 3-D Secure authentication

VISAMastercardAMEXApple PayGoogle PayKlarnaStripe

Trusted Partners

The names behind every Umay Luxe order.