Lumbus is a real, UK-registered company. Card payments are handled by Stripe, your data stays under your control, and quiet safeguards run behind every order.
Lumbus is operated by Lumbus Technologies Limited, an independent, bootstrapped company registered in the United Kingdom. We have been live since October 2025 — and our registration is public, so you can verify exactly who you are buying from.
Payment is the most sensitive moment of a purchase, so we hand it to a specialist. Stripe processes every transaction, and Apple Pay and Google Pay keep your real card number private.
Checkout runs on Stripe, a dedicated global payment provider. Your card data goes straight to Stripe — it never passes through or rests on our servers.
Lumbus keeps no card numbers, CVV codes or full payment credentials. There is nothing card-related on our side for an attacker to take.
Pay with Apple Pay or Google Pay and your real card number is never shared — a device-specific token is used in its place.
We follow GDPR principles and keep deletion in your hands. You can remove your account or wipe your personal data yourself, whenever you want — no support ticket required.
Close your Lumbus account and remove the profile tied to it — fully self-serve.
Go to account deletionRequest erasure of the personal data we hold about you, in line with your GDPR rights.
Go to data deletionQuestions about your data? Email privacy@lumbus.com.
Most of what keeps a purchase safe should be invisible. Here is what runs behind the scenes so your order is delivered cleanly — and corrected automatically if something goes wrong.
Orders are screened for suspicious and high-risk patterns before an eSIM is issued, so genuine travellers get through cleanly.
Payment and provisioning events are processed exactly once, so a retried message can never double-charge or double-issue an order.
If an order stalls, the system retries provisioning and, where it cannot complete, issues a refund without you having to chase it.
Traffic from known-bad sources and disallowed regions is blocked at the edge, keeping abuse away from your purchase and account.
A strict content security policy and enforced HTTPS protect the pages you use from injection and downgrade attacks.
Every request between your browser, our app and our payment provider travels over modern, encrypted connections.
Spotted something, or have a question about how we handle your data? Reach the right team directly — a real person will get back to you.