Secure Payments

We take payment security very seriously and that’s why we’ve implemented rigorous security measures to protect both our site and your data.

We don’t store any of your credit card details and have no access to your credit card information at any time. The following security processes and checks are in place on our site to ensure that your details are handled properly and securely.


Sanctuary Skin online shop has an SSL certificate provided by ESET.


SSL (Secure Sockets Layer) is a computing protocol that ensures the security of data sent via the Internet by using encryption.

The presence of SSL means that communications (e.g. credit card numbers) between your browser and this site’s web servers are private and secure when the SSL session is activated.


Sanctuary Skin online shop uses Sage Pay to ensure that your card details are always secure and never compromised.

Sage Pay encrypts every transaction to the highest global standards of card data security (PCI DSS Level 1 compliant). Sage Pay's secure systems are scanned and audited regularly by one of the world’s leading Qualified Security Assessors (QSA), giving you peace of mind that you’re protected against fraud when you shop with us.


Sanctuary Skin online shop accepts PayPal as a method of payment for online purchases.

Paypal does not disclose your credit card number or bank account details to us, but they do provide us with your name, email address and shipping/billing address to allow us to complete your transaction. Unless you have agreed to it, we do not use this information for any purpose other than to enable PayPal Services.

You can find out more about PayPal’s privacy and security policies here:


Sanctuary Skin online shop is certified PCI DSS compliant (Payment Card Industry Data Security Standard).

This means that all of the payments we process are done so in a secure and safe environment. PCI DSS compliance ensures that your card data is handled in accordance with the PCI DSS standard. You can view the PCI Data Security Standard on the PCI DSS website:

  • The right to data portability
  • The right to object
  • The right not to be subject to automated decision-making including profiling

We hope that our Privacy Policy has explained how we work to ensure all your rights are adhered and respected.