Legal
Security Policy
Security at Deluxerie is mostly invisible — the way it should be. Here's what protects you, in plain words. We only list what's actually in place.
Encrypted connection. The entire store runs over HTTPS — everything between your browser and us is encrypted in transit.
Your card never reaches us. Payments are handled by Stripe: you type your card details into Stripe's secured fields, and they never touch our servers. We receive only a payment confirmation. Your statement shows "MBU TRADE" and your order number — never what you bought.
Your password is unreadable — even to us. Passwords are stored only as strong one-way hashes (bcrypt). Sign-in codes expire in 10 minutes; password-reset links in 30 — both single-use and stored hashed.
Brute force doesn't get far. Sign-in codes, password resets and order lookups are rate-limited, so automated guessing is throttled at multiple layers.
European infrastructure. We run on EU servers (Germany) behind Cloudflare's security network, with internal services talking to each other over signed, authenticated calls only.
Your privacy is a security feature. Plain unbranded packaging, a neutral name on your bank statement, and an order lookup that reveals nothing unless both the order number and your contact details match.
Found something?
If you believe you've found a security vulnerability, tell us: tech@mbu-trade.com. We read every report. Please give us reasonable time to fix an issue before sharing it publicly — we'll treat you with the same respect.