Legal

Privacy Policy

Last updated: March 2026

1. Introduction

Nourish & Notes ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We comply with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. If you are located in the EU or UK, you have specific rights regarding your personal data.

2. Information We Collect

Personal Information You Provide:

  • Name and email address (for account creation and communication)
  • Postal address (for physical letter delivery)
  • Payment information (processed securely by Stripe; we do not store card details)
  • Communication preferences and consent records

Information Collected Automatically:

  • IP address and device information
  • Browser type and operating system
  • Pages visited and time spent on our site
  • Referral source

3. How We Use Your Information

We use your information to:

  • Process your subscription and deliver letters
  • Send transactional emails (order confirmations, shipping updates)
  • Communicate about your account and respond to inquiries
  • Improve our service and user experience
  • Comply with legal obligations
  • Send marketing communications (only with your consent)

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract: To fulfill your subscription and deliver services
  • Consent: For marketing communications and non-essential communications
  • Legal Obligation: To comply with tax and accounting requirements
  • Legitimate Interest: To improve our service and prevent fraud

5. Data Sharing

We do not sell or rent your personal information. We share data only with:

  • Stripe: Payment processor (PCI-DSS compliant)
  • Email Service Provider: To send transactional emails
  • Legal Requirements: When required by law or court order

We ensure all service providers are GDPR-compliant and have appropriate data processing agreements in place.

6. Your Rights (GDPR & UK Data Protection Act)

If you are located in the EU or UK, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate information
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Opt-out of marketing and profiling
  • Right to Withdraw Consent: Withdraw consent for any processing

To exercise these rights, contact us at [email protected]

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Specifically:

  • Active Subscribers: Data retained while subscription is active
  • After Cancellation: Data retained for 12 months for legal and accounting purposes
  • Marketing Opt-outs: Retained for 3 years to honor preferences
  • Audit Logs: Retained for 2 years for security and compliance

8. Security

We implement industry-standard security measures to protect your personal data, including:

  • Secure SSL/TLS encryption for all data transmission
  • Secure password storage using industry-standard hashing
  • Magic link authentication (no passwords stored)
  • Regular security audits and updates
  • Limited access to personal data on a need-to-know basis

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Cookies

We use cookies and similar tracking technologies to enhance your experience. You can control cookie preferences through your browser settings. Essential cookies are required for the service to function.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing any information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or by posting a notice on our website.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:

Nourish & Notes
Email: [email protected]