Introduction
NightSip Inc. (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://thenightsip.com) or make a purchase.
This policy applies to all visitors, users, and customers regardless of location, and includes specific provisions for residents of the European Economic Area (GDPR) and California (CCPA).
Data Controller
For the purposes of applicable data protection laws, the data controller is:
Information We Collect
We collect information you provide directly and information collected automatically:
Identity Data
Examples: First name, Last name
Retention: Until account deletion or 3 years of inactivity
Contact Data
Examples: Email address, Phone number, Shipping address
Retention: Until account deletion or 3 years of inactivity
Financial Data
Examples: Payment card details (processed by Stripe)
Retention: We do not store payment details
Transaction Data
Examples: Order history, Payment records
Retention: 7 years (legal requirement)
Technical Data
Examples: IP address, Browser type, Device information
Retention: 26 months
Usage Data
Examples: Pages visited, Features used
Retention: 26 months
Marketing Data
Examples: Communication preferences, Consent records
Retention: Until consent withdrawn
Lawful Basis for Processing
Under GDPR, we process your personal data based on the following legal bases:
consent
You have given clear consent for us to process your personal data for a specific purpose.
Applies to: marketing, analytics, personalization
contract
Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
Applies to: orders, shipping, account
legal obligation
Processing is necessary for us to comply with the law.
Applies to: tax_records, fraud_prevention
legitimate interests
Processing is necessary for our legitimate interests or the legitimate interests of a third party.
Applies to: security, improvement
How We Use Your Information
- Process and fulfill your orders
- Send you order updates and shipping notifications
- Notify you about product restocks and new releases (with consent)
- Respond to your inquiries and provide customer support
- Improve our website, products, and services
- Detect and prevent fraud or unauthorized access
- Comply with legal obligations
Information Sharing
We do not sell your personal information. We only share your information with third parties necessary to provide our services:
- Stripe — Payment processing (Privacy Policy)
- Shipping carriers — Order delivery
- Plausible Analytics — Privacy-friendly analytics (Data Policy)
- Resend — Transactional email delivery
- Supabase — Database and authentication hosting
- Upstash Redis — Cache, rate limiting, and job queue
Cookies and Tracking
We use cookies and similar technologies to operate our website. You can manage your cookie preferences using our cookie consent banner or browser settings.
Types of Cookies We Use:
- Essential: Session ID, CSRF token (session duration) — Required for basic site functionality
- Analytics: Plausible Analytics is cookie-free and stores no personal data — Helps us understand how visitors use our site (opt-in)
- Preferences: cookie_consent (1 year), theme (1 year) — Remember your settings and choices (opt-in)
- Marketing: Measure advertising effectiveness (opt-in)
Your Rights Under GDPR (EU/EEA Residents)
If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR).
Right of Access
Article 15 GDPRYou have the right to obtain confirmation of whether we process your personal data and access to that data.
Right to Rectification
Article 16 GDPRYou have the right to have inaccurate personal data corrected and incomplete data completed.
Right to Erasure
Article 17 GDPRYou have the right to have your personal data deleted in certain circumstances.
Right to Restriction
Article 18 GDPRYou have the right to restrict processing of your personal data in certain circumstances.
Right to Data Portability
Article 20 GDPRYou have the right to receive your personal data in a structured, commonly used format.
Right to Object
Article 21 GDPRYou have the right to object to processing of your personal data for direct marketing.
How to Exercise Your GDPR Rights
To exercise any of these rights, please contact us:
- Email: privacy@thenightsip.com
- Or use our Data Request Form
We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority.
Your Rights Under CCPA (California Residents)
If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA).
Right to Know
Cal. Civ. Code § 1798.100You have the right to know what personal information we collect, use, disclose, and sell about you.
Right to Delete
Cal. Civ. Code § 1798.105You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out
Cal. Civ. Code § 1798.120You have the right to opt-out of the sale of your personal information.
Right to Non-Discrimination
Cal. Civ. Code § 1798.125We will not discriminate against you for exercising your CCPA rights.
Categories of Personal Information
| Category | Collected | Sold | Disclosed |
|---|---|---|---|
| Identifiers | Yes | No | Yes |
| Customer Records | Yes | No | Yes |
| Commercial Information | Yes | No | No |
| Internet Activity | Yes | No | Yes |
| Geolocation Data | Yes | No | No |
| Inferences | Yes | No | No |
We Do Not Sell Your Personal Information
NightSip does not sell your personal information as defined under the CCPA. We do not exchange your data for monetary or other valuable consideration.
How to Exercise Your CCPA Rights
- Email: privacy@thenightsip.com
- Phone: +1 (954) 954-6826
- Do Not Sell My Personal Information
We will respond within 45 days (up to 90 days if additional time is needed).
Data Security
We implement appropriate technical and organizational security measures to protect your personal information:
- TLS 1.3 encryption for all data in transit
- Encrypted data storage at rest
- Regular security assessments and monitoring
- Access controls and authentication
- PCI DSS compliant payment processing via Stripe
For more details, see our Security page.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Typical retention periods are:
- Account data: Until account deletion or 3 years of inactivity
- Transaction records: 7 years (legal requirement)
- Analytics data: 26 months
- Marketing consent: Until withdrawn
International Data Transfers
Your information may be transferred to and processed in countries outside your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by relevant authorities
- Data processing agreements with service providers
- Adherence to applicable data protection frameworks for international transfers
Children's Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. For significant changes, we may also send you an email notification.
Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, please contact us:
Miami, FL
USA