Not necessarily, depends on how you set it up.
If you’re hosting a store for someone else, I would create a specific store for that person in btcpay (you can have multiple), and add them as the owner. You could have a profile to access the store too if needed.
Then on that persons phone configure tailscale and bookmark the ip:port for the btcpay app. They will open just that app and login with their created profile.
Even if they try to access something else by entering the ip without port, they will need to pass the umbrel login screen to use anything else.