Privacy Policy

Nourikit Face Mask ("we", "us", "our") operates the website nourikit.com. We are the data controller responsible for your personal data. For any privacy-related questions or requests, contact us at hello@nourikit.com. We aim to respond within 5 business days.

We collect only the data necessary for the purposes listed below:

• Name, email, shipping address, phone number — to process and fulfill your order (legal basis: performance of a contract)
• Payment data — processed securely by Shopify. We never store card details ourselves (legal basis: performance of a contract)
• Order history and support correspondence — to handle disputes, refunds, and customer service (legal basis: legitimate interest / legal obligation)
• Technical data (IP address, browser type, pages visited) — to maintain site security and improve user experience via analytics (legal basis: legitimate interest / consent where required)

We share your data only where strictly necessary:

• Shopify Inc. — e-commerce platform and payment processing. Data may be processed outside the EEA under Standard Contractual Clauses.
• Our fulfillment partner — your name and shipping address are shared solely to dispatch your order
• Shipping carriers — to deliver your package
• Google Analytics — anonymized, aggregated traffic data

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

Some of our service providers (including Shopify and Google) process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

We retain order and customer data for 3 years from the date of your last transaction, after which it is securely deleted, unless a longer retention period is required by law.

If you are based in the EU or EEA, you have the following rights:

• Right of access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data, subject to legal obligations
• Right to restriction — request that we limit how we process your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email hello@nourikit.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority. In Sweden: Integritetsskyddsmyndigheten (IMY) at imy.se.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Payment transactions are encrypted via SSL and handled by Shopify's PCI-compliant infrastructure.

We may update this policy from time to time. Material changes will be communicated by updating the date at the top of this page.