April 2014 Important Notice:
Airbrushes.com is NOT affected by the "Heartbleed bug" because the website has never used the version of OpenSSL that contains the vulnerability.
The Heartbleed bug is a vulnerability which has been much reported in the media in April 2014 as affecting around 2/3rds of the internet. More information is available on http://heartbleed.com/ or by searching for Heartbleed on the internet.
Comodo, the internet security firm who issued our SSL certificate, have provided a tool for checking whether a site is exposed to the vulnerability. Please click on the link below. You can check our site is not affected and also check any other sites you visit. If sometimes the tool is unresponsive, this is due to the heavy amount of traffic using the tool.
Security while shopping on the Internet is of utmost importance to Airbrushes.com.
Airbrushes.com is committed to protecting your privacy and does not disclose customers details to third
parties and complies with the Data Protection Act 1998.
Secure Socket Layer (SSL)
SSL (Secure Socket Layer) technology is a standard Internet method of encrypting information exchange between your browser and the website. All of our web pages are secure and begin with 'https', whereas sites beginning with 'http' are not secure.
On fully secure pages you will see the padlock icon on your browser status. The padlock icon is in different locations in different browsers and versions - for example the padlock is at the top next to the
URL entry field in Internet Explorer 7, whilst it is shown at the bottom in older versions of Internet Explorer. Our EV SSL certificate uses the latest 2048 bit RSA key size for stronger encryption.
EV SSL (Extended Validation SSL)
We've gone green! We have an Extended Validation (EV) SSL certificate, which is the highest assurance certificate. The green address bar, exclusive to EV SSL, provides visual assurance to visitors that the site is verified and secured.
An EV SSL certificate assures you that the most complete and thorough checks have been preformed on our company by the certificate issuer, Comodo, to validate our identity before issuing our EV SSL certificate.
The Extended Validation provides assurance of who you are dealing with. Even if your web browser does not support the new EV identifier, your web transactions are still encrypted over SSL.
These are the only browsers as of Dec 2008 that support the EV identifier. If a site uses an EV Certificate and it is valid, it typically changes some part of the Address Bar to a shade of green.
- Internet Explorer 7+
- Firefox 3+
- Safari 3.2+
- Google Chrome 1.x+
- Opera 9.5x+
- Comodo Dragon 0.9x+
Some reasons why your URL bar does not turn green, even though we have EV SSL:
- Your URL address bar has been hi-jacked by other providers of online security software, such as Trusteer. Look out for other icons on your URL address bar.
- In IE 7, the Phishing filter is not enabled. IE 7 requires the Phishing filter (Tools Menu) to be on. On Windows XP it is off by default.
- In Firefox 3, OCSP is off. Firefox 3 requires OCSP to be on, which is the default.
- Your web browser does not support EV. Most modern browsers do support it. If yours doesn't support EV then you will still have protection of SSL encryption.
- Your web browser DOES support EV, but does not change the URL address bar. Only those listed above change the appearance of the address bar to green.
Every page on https://airbrushes.com is EV SSL secure, but for further assurance on the pages where you enter any personal information we also display our TrustLogo™ to allow you to verify our identity as a legitimate organisation with a valid SSL certificate.
Hover your mouse pointer over the TrustLogo™ in the bottom right corner of your web browser to authenticate in real-time our EV SSL certificate and see the sum assured by Comodo.
Our EV SSL certificate is issued by Comodo, an Internet security company who offer web identity assurance and other Internet security products.
Comodo are Web Trust compliant, meaning that their business practices have been rigorously audited to AICPA (American Institute of Certified Public Accountants) guidelines by an independent approved auditor (KPMG).
Comodo only provide High Assurance Certificates.
In the extremely unlikely event that you fall victim to identity theft by an illegitimate website that has been issued a TrustLogo, you can claim against Comodo's warranty
which covers you for $10,000 per online transaction (incident) on a fraudulent website, up to the maximum number of incidents covered by the total sum assured.
Therefore Comodo are very careful that they validate the businesses they issue EV SSL certificate warranties to.
Since Comodo issued our EV SSL certificate to a legitimate and legally accountable company, The Airbrush Company Ltd, you will not have cause to claim against our Comodo warranty.
But the knowledge that this kind of warranty is available will help you when choosing which other sites to trust.
If you see a Comodo TrustLogo™ displayed on a web-shop, you should check it is valid and authentic in real-time simply by hovering your mouse pointer over it (Point to Verify™ technology). If a website has used a bogus TrustLogo that has not actually been issued by Comodo, the TrustLogo certificate will not be authenticated when you hover over it.
If you want this extra assurance that an https (SSL secure) site belongs to a legitimate and trusted company, then shop on websites that have been issued an EV SSL Certificate.
For more information on TrustLogo™ visit http://www.trustlogo.com/ssl-certificate-corporate/index.html
Check out our TrustLogo now! It is in the bottom right corner of your browser.
We could put this on every Airbrushes.com page as our whole site is hosted on our dedicated SSL server, which is not shared with anyone else. However, we just display it on
any pages which ask for any sort of personal data to remind and reassure you that the page is fully SSL secure. We have left it off pages where you are simply browsing products and information so that it does not
intrude on your browsing experience.
When submitting your order you are confirming to purchase goods and allowing Airbrushes.com to use your
personal details for the purpose of supplying goods. Any information given at the time of ordering may
be collected and used for Airbrushes.com marketing purposes, but will not be supplied
to third parties. If you would prefer not to receive information
about Airbrushes.com products, promotions and vouchers, please untick the newsletter box when creating or editing your account details or click on Unsubscribe on the newsletter page or contact us.
Information is collected lawfully and in accordance with the UK Data Protection Act 1998. If you have
any questions or concerns about privacy matters please contact us.
Airbrushes.com will never collect sensitive information about you without your explicit consent.
Enabling Cookies (recommended)
Airbrushes.com only use 'web cookies' to collect data
for the shopping cart. Cookies are simply packets of data only readable by the site originates them and they are not programs. Cookies cannot infect your PC or send us any information about your PC or about you that you do not explicitly provide.
For a full explanation of cookies please see http://en.wikipedia.org/wiki/HTTP_cookie.
For example, in Internet Explorer 7:
- Select Tools->Internet Options on the browser menu bar.
- Select Privacy tab on the Internet Options window.
- Click Advanced button.
- On Advanced Privacy Settings window:
- Tick Overide automatic cookie handling.
- Tick Always allow session cookies.
- You can decide whether to Accept, Block or Prompt for all other first-party and third-party cookies, so you still
have control over blocking those if you wish, whilst allowing session cookies for safe shopping carts.
- Click on OK on both windows to save settings.
Disabling Cookies (not recommended)
Many people are wary of cookies because of popular misconceptions about them, but they are a standard and widely used
internet method of tailoring your web experience to you and implementing interactive functions like shopping carts.
You can disable cookies completely and still shop safely on Airbrushes.com.
Your session will be stored in our database on our SSL secure server instead of in your local client-based cookie.
If you have disabled cookies above a certain level (Medium / Medium High), you will see that your session id becomes part of the URL in your browser for every page on Airbrushes.com.
This URL is personal to your current session until logging off, so if you wish to share links to interesting web pages with other people by cutting and pasting them into emails or web forums,
we strongly recommend enabling cookies first and then opening a new browser, so that the URL you cut and paste does not contain your session id. Alternatively edit out everything in the URL after the '.php'
page name before you send it.
It is possible, though rare, that you might follow a link that someone else has posted on a forum and includes their session id, at the same time that someone else follows the same link.
Also some search engines might have created a session when indexing pages and included the session id in the link - although we recognise and prevent all known search engine 'spiders'
from creating a session id, whilst still allowing them access to our web pages for indexing safe and clean URLs. Some little known search engines may list 'unsafe' URLs
with session ids included. So we recommend you stick to the most well-known search engines such as Google (in which Airbrushes.com is ranked number one in the natural listings for 'airbrushes').
If you ever follow such a link at the same time as another user, it might seem as if someone else has added items to your shopping cart (Have you ever found that someone has accidentally put something in your shopping trolley at Tescos?).
If this ever happens to you, simply:
- Log off your account (if you are logged in). The other user, who is as innocent as you, will not be able to
view your account further as they do not know your password.
- Consider enabling cookies (see above) for a much safer and more enjoyable internet experience.
- Close your browser and open a new one to start using a cookie session if now enabled or get a fresh and unique session id if cookies are still disabled - shared by noone. Don't follow the same
web link to the site. Go to our home page www.airbrushes.com and follow our easy-to-navigate links to where you want to be. If you enabled cookies, sometimes it seems to take a few attempts with new browsers for the cookie session to come into effect, but don't worry as
long as you have instigated linking to the website on a new browser, the session is yours only whether it is server based or cookie-based.
- Delete in any bookmarks that you've already made during the time you were using a non-unique session id. Any bookmarks you make from your unique session are fine. If you cut and paste any URLs to share, you can edit out the osCsid=xxx....xxx& (up to the next amphersand if there is one).
- Beware in future when you are following any more web linkes that have a session id in them. You click on them, but then then just edit out the osCsid as described above and the next page request will give you a new session id that will be fine.
This is why we believe that using cookies provides you with a much safer shopping experience on most websites with shopping carts.
Most importantly please be assured that for the maximum security your payment card details are requested (via the SSL encrypted payment and confirmation page) only at the last moment before you confirm your purchase. These most sensitive details are not
stored as part of your user session either before or beyond this point (whether it be a cookie session or a server session).
Paying over the phone
If you are in any doubt about the security of internet technology, then please call us on +44(0)1903 767800 to place your order
over the phone. This has the added advantage that you will also receive advice about your purchase from a friendly and helpful human-being. Our excellent service and technical support is what differentiates The Airbrush Company in particular from companies that are primarily web-based shops, but also from all of our other competitors.
Thank you for taking the time to read about our Airbrushes.com security policy.