ADD TO CART FOR DISCOUNT!

Security Policy

Let’s Create is committed to maintaining the utmost security for your account details, personal information and payments. We are always here to answer any questions you might have about security. Just drop an email to our customer care team, if you have any questions or concerns that haven’t been answered by this document.

Log in Details

Whenever you log in or make a payment on Let’s Create, we employ Secure Socket Layers (SSLs), which encrypt data so it cannot be easily accessed by third parties who might have unauthorized access to your computer. The use of SSL is enforced on our website throughout and complies with the 256 bit encryption policy provided by Namecheap SSL Certificates.

You may also choose to login via your social accounts: Such as Facebook.com. In this case, you will not be asked to provide your Facebook username and password on the letscreate.ae website. You will be redirected to Facebook (in the form of a popup) and using the OAuth protocol provided by the channel, you will be securely logged in to the website. We do not access data from your Facebook account except your name, email address, gender and hometown. We DO NOT access your friend list or track your location.

Privacy

All the personal information we hold about you is stored on secure servers. For more details, see our Privacy Policy

Payment Security

Whilst your payment is being authorized, look out for https// in the address line of the page you are directed to. This indicates that your data is being transferred using Secure Socket Layer (SSL) protection. We use industry standard data encryption to make sure no unauthorized parties can access your payment details. All payments for credit/debit cards is processed by Stripe International FZ LLC. As part of the policy of merchant payment access, we do not have access to your credit card details. We do not store or retain your complete credit card number. Stripe using Tokenization to encrypt the card number and only returns back the last four digits of your credit card.

Let’s Create stores the token using the Magento Vault API in a further encrypted dataset. The token provided by Stripe can be used for further payments or new orders on the website. However, you must confirm the purchase by entering your CVV number. Without this we are unable to charge your payment method.

Phishing and InternetFraud

Phishing refers to the practice of fraudulently contacting people and asking them to provide confidential information, such as bank details, home address and date of birth. From time to time, we will contact our customers asking them to confirm personal details relevant to their order, such as shipping address or telephone number. If you are in any doubt about whether an email you have received is in fact from Let’s Create, please contact our Customer Service Team by email before replying, so we can confirm that the email was in fact sent by us.

Please take care that all pages that you visit that asks you to login to the website will always originate from the domain "letscreate.ae" only. Let’s Create will never ask you to enter your credit/debit card on our website except when you are about to place an order for products you intend to purchase. We will never ask for your bank account number or pin number.

Cookies

Cookies are small text files which your computer stores when you visit certain web pages. We use cookies to help personalize your experience on Let’s Create and to track trends in traffic. Cookies do not collect personally identifiable information about you. You must enable cookies on your computer to purchase any of our products. To find out more about how and why we use Cookies, see our Privacy Policy

Servers

Let’s Create used a combination of IT infrastructure technology to power the website and all of it's services. The website is powered by Shopify's provided servers. We use server's running Ubuntu and various database entities running on clusters to store data. All servers are powered by Firewall rules applied by Shopify. Database clusters are locked to internal use only. External cache data storage does not contain any personal identifiable information.