How Indie Beauty Brands Protect Their Customers’ Information

In this edition of Beauty Independent’s ongoing series posing questions to beauty entrepreneurs, we ask 18 founders and executives: How do you ensure your customers’ information is protected from hackers?

NASIMEH YAZDANI Founder, Seaside Medical Technologies

This is certainly a very real and imminent problem in the sphere of internet commerce. We use trusted sites to conduct commerce like Shopify and that protect people’s sensitive data, and have a company policy in place to notify all clients who have been affected in the event of hacked episodes. 

Natalie Wong Founder, Pep Soap Co.

Let’s start with the basics. Things like not using weak passwords or the same passwords on multiple platforms. I’m the first to admit: managing passwords can cause ulcers! We use LastPass for password management. It allows us to have strong passwords that are unique and secured. To be extra safe, we always use two-factor authentication. 

Next is the software. Like many indie brands, we use cloud-based software tools and platforms for things like online store, invoicing, payment processing and more. We pick reputable companies that we trust and stay away from freeware and questionable companies. 

Finally, there's an aspect of cybersecurity that’s obvious yet easy to overlook: don’t share. It’s tempting to upload customers data to third parties for convenience, marketing or both. We make it a rule not to share our customers data. No uploading customer lists, no exceptions. This means, for example, we may not be ranked favorably on online marketplaces, but that’s the way we roll.

Sahar Saidi Founder and CEO, LUS Brands

We built our store on Shopify, and one of the main reasons I chose this platform was because of their security features. Shopify takes data privacy and security very seriously, and invests quite heavily to stay ahead of the game. 

Internally, every member on the team has to execute an NDA before gaining access to any of our systems and, even then, we are very selective and careful as to who gains access to what. And, of course, we never store sensitive financial information anywhere (i.e. customer credit cards). Even the biggest companies in the world can get hacked, but we do everything in our power to ensure customer information is protected.

Jay Hack Co-Founder, Mira

We built our infrastructure on Amazon Web Services, the world's most comprehensive and adopted cloud platform. At AWS, security is the No. 1 priority. Standing on the shoulders of giants, we're able to leverage industry best practices in security to ensure our users' data is secure. 

All that being said, the information we collect directly from consumers is publicly available for other community members to leverage in their learning and understanding. This includes skin type, skin tone and pinned products.

Chris Smith CIO, TwinMedix

The security of our users' sensitive data is of extreme importance to us. We help to reduce credit card fraud by being PCI DSS compliant with all transactions. This includes using Transport Layer Security (TLS) encryption during the checkout process and industry best practices for managing security risks.

Selmin Karatas Co-Founder and CEO, Kazani

I use Shopify. The platform, as a security measure, does not include full credit card digits. It has a privacy policy which explains how it stores customer’s information. Shopify provides secured domains. They provide an SSL certificate.

Evelyn Subramaniam Founder, Bija Essence

I treat all my customers the way I would like to be treated. I am scared of hackers and my personal information such as credit card numbers and passwords being stolen. Therefore, I am very careful and private about all my customers’ private details. 

I have two rules: Never send all private info via email, text or digital devices such as credit numbers and expiration dates over email. Hackers can hack this easily. Never write down on paper all private info. Paper can be misplaced, lost or stolen, and someone can use this private info. 

A secure measure I use for sales is using swipe or chip machines where a credit card is swiped into a machine, and there is no need for personal info to be shared. I use Shopify, and this is where I digitally store all my customers’ information.  This is how I try to secure my customers’ info.

Jan Fay Founder, Nami Naturale

I used to work in the fraud department of a bank, so cybersecurity was a priority when we were setting up the website. I hired a professional web designer to design the website and gave him my requirements. After he turned over the website, I enlisted another professional web designer to take a look at the back office of our website to ensure that everything is secure. I also called my web domain hosting company and asked them if we missed additional security protection to be added to secure our website. Thankfully, our web designer has everything covered.

Lissette Monzon Founder, Lilly Be

My web designer and hosting service greatly assist me here. I have learned in the past to hire a team for the areas I lack. They understand the ins and outs of cybersecurity much better than I do. There are many different plans out there that offer malware protection, firewalls, scans for threats, SSL certificates and more. 

Other options are adding plug-ins to set up captchas on pages that require a log-in or response. This helps minimize bots. I invest in my designer and hosting service to help me find the best choices that will protect my customers and ensure their confidence.

Kethlyn White COO, Coil Beauty

We leverage the best platforms out there with built in cybersecurity measures, follow all key standards and ensure we are GDPR compliant. Our customers’ data privacy is of the utmost importance to us, so we spent a lot of time interviewing, testing and going through demos of the mail servers and website platforms we were using to make sure that it not only exceeded our expectations, but that they were constantly updating the technology to stay ahead of potential threats. 

Camille Obadia President, Camille Obadia

We use Shopify as the hosting company for our website, and they use the latest technology to make sure that our customers information is protected from hackers.

Tonia Walker Founder, Ime Natural Perfume

That’s a tricky one because hackers are very good at what they do. The best I can do as an online business owner is to make sure I have all the necessary security options enabled on our website to ensure all data is secure and blocked from attack. We have a https website, which secures and encrypts data communication. 

Christy Hall Skin Therapist, Mikel Kristi

The last thing I want is for our customers to be victim to fraud due to lack of cybersecurity. The security really lies within the e-commerce platform and secure payment processor of your choosing. In choosing where I was going to sell products online, this was a major concern of mine. 

After researching, I decided to go with Shopify, mostly due to their high standards in online payment safety. While using Shopify, we have never had any security or fraudulent activity and will ensure customers credit information is safe from hackers. 

Marie Vanderstichel Founder, The SIGN Tribe

We work with external IT and legal specialists. Protecting our customers’ privacy is very important to us and as we don’t have the capacity and expertise internally, we decided from the beginning to work with external partners to make sure to protect our customers. For us, the scope is quite limited as we don’t have our own online direct to consumer website for now.

Jill Rowe Co-Founder, Cultivate Apothecary

Our e-commerce website is hosted by Squarespace. Squarespace is fully managed and cloud-based. We also have a secure HTTPS website with an SSL certificate. We’ve also enabled two-factor verification to add another level of security.

Marcella Cacci CEO and Founder, One Ocean Beauty

We follow industry standards on information security and management to safeguard information. Our e-commerce platform (Shopify) provides annual audits to ensure they are aligned with industry guidelines and are PCI DSS level compliant which is the highest level of compliance. We also carry full cyber insurance through Coalition.

Renae Moomjian Founder and CEO, NipLips

We take cybersecurity very seriously.  All communications with our website, App, commerce, etc. use Secure Sockets Layer (SSL).  We encrypt all transmitted data with a public/private key methodology.  Every password is encrypted with an irreversible hash algorithm prior to storage.  No highly sensitive data is stored on our site such as social security numbers or financial information.  Square handles all of our credit card processing so we keep it at arms-length from our systems. Access logs track all server requests so there is an audit trail.  Our host is WP Engine which dynamically detects and blocks malicious behavior.

Loraine R. Dowdy Founder and CEO, Coloured Raine Cosmetics

We have a strong encrypted security measure in place that is continuously being updated to remain in compliance. Security is one of our top priorities.

If you have a question you’d like Beauty Independent to ask beauty entrepreneurs, please send it to