Clothing Occasions Editor's Pick Hijabs
View all Dresses Abayas Jilbab Co-Ord Sets Swimwear Tops
View all Hijab Pins

Privacy Policy

Privacy Notice

Version 1.0

Last updated: 20 February 2026

This Privacy Notice explains how A-Z Modesty LLC (“we”, “us”, “our”) collects, uses, stores and shares personal data when you purchase products or interact with our e-commerce services. A-Z Modesty LLC provides a marketplace of global retailers (“Sellers”) and individual retail consumers (“Buyers”). This policy applies to individuals in both capacities, where certain processing activities only apply to one category, this will be specified.

We are committed to protecting personal data and complying with applicable data protection laws, including:

  • UK GDPR and the Data Protection Act 2018
  • EU General Data Protection Regulation (GDPR)
  • Applicable US state privacy laws (including CCPA/CPRA where relevant)
  • Applicable data protection laws in other regions (“ROW”)

1. Who We Are

Legal entity name: A-Z Modesty LLC

Registered address: 8 The Green Suite R, Dover, 19901, USA

Country of establishment: USA

Contact email: support@azmodesty.com

For UK / EU GDPR purposes, A-Z Modesty acts as a data controller for platform operations, security, and fraud prevention. Sellers (and Buyers where applicable) act as independent data controllers for order fulfilment and returns. Sellers with standard Stripe accounts act as independent controllers for refund processing. Certain processing may be conducted jointly where necessary to operate the marketplace.

2. Personal Data We Collect

We collect only the personal data necessary to process orders, take payment, and communicate with customers.

Categories of Personal Data

Personal Data Types

Purpose

Lawful Basis

  • Name, billing address, delivery address, email address, phone number

    To create and fulfil orders, deliver goods, and communicate with Buyers and Sellers

    Legitimate Interest

    Contract Performance

    Consent

  • Order reference, products purchased, order value, currency, date/time

    To process purchases, manage accounts, and maintain transaction records

    Legitimate Interest

    Contract Performance

    Legal Obligation

  • Payment token, transaction ID, payment confirmation status

    To complete Buyer payments via third-party payment processors (we do not store card details)

    Legitimate Interest

    Contract Performance

  • IP address, browser type, device information, timestamps

    To operate and secure the website and prevent fraud

    Legitimate Interest

  • Enquiries, emails, support requests

    To respond to customer queries and provide support

    Legitimate Interest

    Contract Performance

We do not intentionally collect:

  • Special category (sensitive) personal data
  • Biometric or health data
  • Children’s personal data (see below)

As per the Website Terms, you must be 18 years of age or older to use the platform. By creating an account or placing an order, you confirm that you meet this age requirement.

3. How We Collect personal data

We collect personal data in the following ways:

Directly from you when you:

  • Place an order
  • Enter your contact or delivery details
  • Contact customer support

Automatically when you browse or interact with our website (e.g. IP address, device information).

From third party payment providers confirming payment status and transaction references.

4. How We Use Personal Data (Legal Bases)

Under UK and EU GDPR, we process personal data on the following legal bases:

  • Performance of a contract: to process and fulfil your order
  • Legal obligation: accounting, tax, and record-keeping requirements
  • Legitimate interests: fraud prevention, website security, and service improvement
  • Consent: where required for marketing or optional cookies

For US and ROW users, processing is based on contractual necessity, legitimate business purposes, or consent, as required by local law.

5. Who We Share Personal Data With

We only share personal data where necessary and with appropriate safeguards.

Categories of Recipients

  • Payment service providers (e.g. card processors (such as Stripe), digital wallet providers)
  • E-commerce and hosting providers (website hosting, order management systems)
  • Communications Platforms (e.g. SendGrid, Mailchimp)
  • Delivery and logistics partners (to fulfil orders)
  • Professional advisers (legal, accounting, audit)
  • Regulators or authorities (only if legally required)

When a Buyer places an order through the A-Z Modesty marketplace, certain personal data (name, email, delivery address, and order details) will be shared with the Seller to fulfil the order and manage any returns. In most cases, refunds are handled by A-Z Modesty, except for Sellers using Standard Stripe accounts, who process refunds directly.

All Sellers are bound by the Seller Agreement to process this data only for order fulfilment, returns, refunds (if applicable), and related communications.

All third parties are required to process personal data securely and only for authorised purposes.

6. Payment Processing

All payments are processed by third party payment providers. We do not receive or store full card numbers, CVV codes, or bank account credentials. Payment information is submitted directly to our payment providers using encrypted connections. Payment data is handled in accordance with PCI-DSS standards.

We use reputable payment processors including Stripe, Paypal and Shopify to process card information. Our payment providers are certified as compliant with the Payment Card Industry Data Security Standard (PCI-DSS)These providers process personal data in accordance with their own privacy notices and may act as independent data controllers for payment related processing. Payment providers may use personal data to detect and prevent fraud, comply with financial crime laws, and enforce their terms.

You can review the privacy practices for Stripe here.

7. Data Security

We implement appropriate technical and organisational security measures, including:

  • Encrypted communications (HTTPS/TLS)
  • Restricted access controls
  • Secure hosting environments
  • Vendor due diligence and contractual safeguards

Despite these measures, no system can be completely secure, and users transmit data at their own risk.

8. International Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the UK, EU, USA, and ROW regions depending on where we or the corresponding Buyer or Seller are located. We may also use service providers (processors) located in different regions necessitating an international transfer of personal data.

Where required by law, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTA)
  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Equivalent lawful transfer mechanisms under applicable local laws

Payment providers may process personal data in the United States and other jurisdictions where they operate global infrastructure. Where required, transfers are safeguarded using approved contractual mechanisms such as Standard Contractual Clauses or equivalent frameworks.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil orders and provide services
  • Meet legal, accounting, or tax obligations
  • Resolve disputes or enforce agreements

Data will typically be retained for seven (7) years from your last interaction with our services or commercial activity on the website. In such cases, we may alert you prior to deleting or removing your personal data. Certain transaction data may be required to be retained for longer periods to comply with legal obligations in certain jurisdictions. When no longer required, personal data is securely deleted or anonymised.

10. Your Rights (UK & EU Individuals)

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data (subject to legal limitations)
  • Restrict or object to processing including automated decision making
  • Data portability
  • Withdraw consent at any time (where applicable)

United States

Depending on your state of residence, you may have rights to:

  • Access personal data
  • Request deletion
  • Correct inaccurate information
  • Opt out of certain data sharing or targeted advertising

We do not sell personal data or share it for cross context behavioural advertising within the meaning of applicable US privacy laws.

ROW Regions

Rights vary by jurisdiction but may include:

  • Access to personal data
  • Correction of inaccurate data
  • Withdrawal of consent
  • Objection to processing in certain circumstances

Requests can be made by contacting us at support@azmodesty.com

11. Complaints

UK & EU

If you are unhappy with how we handle your personal data, you may contact us first. You also have the right to lodge a complaint with your local supervisory authority, the Information Commissioner’s Office (ICO)

Other Regions

You may raise concerns with relevant local data protection authorities or regulators as permitted by law.

12. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. The latest version will always be published on our website with the effective date shown above.

Sign up for newsletter, for first access to new product drops, inspiration and styling tips.

*By signing up, you agree to our Terms of Service and Privacy Policy

Cookies

To tailor your experience and help us provide the best service, we use cookies. Learn more