What we actually do to protect your data and your customers' payment details — and where to report a problem.
Payments run through Stripe's hosted elements. We store only the resulting token, never the card number.
Address and security-code verification runs on every charge. Mismatches stop the transaction before it authorizes.
More than three card attempts from one IP in 60 minutes triggers an automatic hold, not a silent decline.
All traffic is served over TLS. Stored customer records use AES-256 encryption at rest.
Internal systems use role-based access — staff see only the data needed for their function.
Product and order data is backed up daily, with backups retained on a rolling 30-day window.
We rely on Stripe's PCI-DSS Level 1 certified infrastructure for card processing; we never ingest raw PANs.
We process personal data under UK GDPR as data controller for account and order information. See our privacy policy below for your rights.
Stripe (payments), and our hosting provider, process data on our behalf. A full subprocessor list is available on request.
We use essential cookies to keep you signed in and, with consent, analytics cookies to understand site usage. No advertising cookies.
We aim to meet WCAG 2.1 AA. Found a barrier? Email accessibility@smartmartglobaltrade.com.
Account and order data is kept for as long as your account is active, plus the period required by UK tax law, then deleted or anonymized.
The platform targets standard commercial availability; planned maintenance is announced in advance where possible.
Suspected security incidents are triaged immediately; affected customers are notified in line with UK GDPR breach-notification timelines.
Found a security issue? Email security@smartmartglobaltrade.com — we ask that you don't publicly disclose before we've had a chance to respond.
Full legal documents available as downloadable PDFs on request from info@smartmartglobaltrade.com. Summary below.