Privacy policy

Privacy Policy

Last updated: June 2026

Nuvra ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, why we collect it, how we use it, who we share it with, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Nuvra is a UK-based wellness brand selling food supplements direct to consumers in the United Kingdom. For the purposes of UK GDPR, we are the data controller of personal data collected through this website.

Contact: hello@nuvra.com

2. What data we collect

We collect personal data that you provide directly when you place an order or contact us, and certain technical data automatically when you visit our site.

Data you give us:

  • Name, email address, phone number
  • Billing and shipping address
  • Payment information (processed by Shopify Payments / Stripe — we never see or store full card numbers)
  • Order history and customer service correspondence

Data collected automatically:

  • Device data (browser, operating system, screen size)
  • IP address and approximate location
  • Pages viewed, time on site, referral source
  • Cookie data (see Section 7)

3. Why we collect it (lawful basis)

Purpose Lawful basis (UK GDPR)
Process and fulfil your order Performance of a contract
Send order updates and shipping notifications Performance of a contract
Respond to customer service queries Legitimate interest
Send marketing emails / newsletters Consent (opt-in only)
Analytics, advertising and improving the site Consent (via cookie banner)
Fraud prevention and legal compliance Legal obligation / Legitimate interest

4. Who we share data with

We only share your data with trusted third parties who help us run the business. They process your data on our behalf and are bound by data protection agreements. Current processors include:

  • Shopify Inc. — our e-commerce platform (hosting, checkout, customer accounts)
  • Shopify Payments / Stripe — payment processing
  • AppScenic / our fulfilment partner — order fulfilment and dispatch (we share name, address and order details)
  • Royal Mail / nominated couriers — delivery
  • Email service providers (e.g. Shopify Email, Klaviyo) — transactional and (if you opt in) marketing emails
  • Meta Platforms, Google — advertising and analytics, only with your cookie consent

We do not sell your personal data to anyone, ever.

5. International transfers

Some of our processors (notably Shopify and our advertising partners) are based outside the UK / EEA. When data is transferred outside the UK we rely on the UK Government's adequacy decisions, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK Addendum.

6. How long we keep your data

  • Order records: 7 years (legal requirement under UK tax law)
  • Customer account data: until you ask us to delete it
  • Marketing opt-in: until you unsubscribe
  • Customer service emails: 3 years from the date of last contact
  • Cookie / analytics data: per the relevant provider's retention (typically 12–26 months)

7. Cookies

We use cookies and similar technologies for essential site functionality, analytics, and advertising. The first time you visit the site you will see a cookie banner where you can accept, reject or customise non-essential cookies. You can change your choice any time via "Cookie preferences" in the site footer.

Essential cookies (always on): session, cart, checkout, security.

Analytics cookies (consent required): Shopify Analytics, Google Analytics.

Advertising cookies (consent required): Meta Pixel, Google Ads.

8. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Ask us to delete your data (subject to legal retention obligations)
  • Restrict or object to certain processing
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time (for processing based on consent)
  • Lodge a complaint with the UK Information Commissioner's Office: ico.org.uk

To exercise any of these rights, email hello@nuvra.com. We respond within 30 days.

9. Children

Our products are food supplements not intended for children. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Security

We use industry-standard security measures (TLS encryption, PCI DSS-compliant payment processing through Shopify Payments, restricted internal access) to protect your data. No system is 100% secure; if a personal data breach occurs that is likely to result in a high risk to your rights, we will notify you and the ICO within 72 hours as required.

11. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email (to opted-in customers) or a notice on the site. The "Last updated" date at the top reflects the most recent revision.

12. Contact us

For any privacy question, request, or complaint:

Email: hello@nuvra.com
Response time: within 30 days (UK GDPR requirement)