Skip to main content

Privacy Policy

Last updated: January 2026

Introduction

NightSip Inc. (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://thenightsip.com) or make a purchase.

This policy applies to all visitors, users, and customers regardless of location, and includes specific provisions for residents of the European Economic Area (GDPR) and California (CCPA).

Data Controller

For the purposes of applicable data protection laws, the data controller is:

NightSip Inc.

Miami, FL, USA
privacy@thenightsip.com
+1 (305) 970-8452

Information We Collect

We collect information you provide directly and information collected automatically:

Identity Data

Examples: First name, Last name

Retention: Until account deletion or 3 years of inactivity

Contact Data

Examples: Email address, Phone number, Shipping address

Retention: Until account deletion or 3 years of inactivity

Financial Data

Examples: Payment card details (processed by Stripe)

Retention: We do not store payment details

Transaction Data

Examples: Order history, Payment records

Retention: 7 years (legal requirement)

Technical Data

Examples: IP address, Browser type, Device information

Retention: 26 months

Usage Data

Examples: Pages visited, Features used

Retention: 26 months

Marketing Data

Examples: Communication preferences, Consent records

Retention: Until consent withdrawn

Lawful Basis for Processing

Under GDPR, we process your personal data based on the following legal bases:

consent

You have given clear consent for us to process your personal data for a specific purpose.

Applies to: marketing, analytics, personalization

contract

Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Applies to: orders, shipping, account

legal obligation

Processing is necessary for us to comply with the law.

Applies to: tax_records, fraud_prevention

legitimate interests

Processing is necessary for our legitimate interests or the legitimate interests of a third party.

Applies to: security, improvement

How We Use Your Information

  • Process and fulfill your orders
  • Send you order updates and shipping notifications
  • Notify you about product restocks and new releases (with consent)
  • Respond to your inquiries and provide customer support
  • Improve our website, products, and services
  • Detect and prevent fraud or unauthorized access
  • Comply with legal obligations

Information Sharing

We do not sell your personal information. We only share your information with third parties necessary to provide our services:

  • Stripe — Payment processing (Privacy Policy)
  • Shipping carriers — Order delivery
  • Plausible Analytics — Privacy-friendly analytics (Data Policy)
  • Email service providers — Transactional emails

Cookies and Tracking

We use cookies and similar technologies to operate our website. You can manage your cookie preferences using our cookie consent banner or browser settings.

Types of Cookies We Use:

  • Essential: Required for basic site functionality
  • Analytics: Help us understand how visitors use our site (opt-in)
  • Preferences: Remember your settings and choices (opt-in)
  • Marketing: Measure advertising effectiveness (opt-in)
🇪🇺

Your Rights Under GDPR (EU/EEA Residents)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR).

Right of Access

Article 15 GDPR

You have the right to obtain confirmation of whether we process your personal data and access to that data.

Right to Rectification

Article 16 GDPR

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure

Article 17 GDPR

You have the right to have your personal data deleted in certain circumstances.

Right to Restriction

Article 18 GDPR

You have the right to restrict processing of your personal data in certain circumstances.

Right to Data Portability

Article 20 GDPR

You have the right to receive your personal data in a structured, commonly used format.

Right to Object

Article 21 GDPR

You have the right to object to processing of your personal data for direct marketing.

How to Exercise Your GDPR Rights

To exercise any of these rights, please contact us:

We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority.

🇺🇸

Your Rights Under CCPA (California Residents)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA).

Right to Know

Cal. Civ. Code § 1798.100

You have the right to know what personal information we collect, use, disclose, and sell about you.

Right to Delete

Cal. Civ. Code § 1798.105

You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out

Cal. Civ. Code § 1798.120

You have the right to opt-out of the sale of your personal information.

Right to Non-Discrimination

Cal. Civ. Code § 1798.125

We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information

CategoryCollectedSoldDisclosed
IdentifiersYesNoYes
Customer RecordsYesNoYes
Commercial InformationYesNoNo
Internet ActivityYesNoYes
Geolocation DataYesNoNo
InferencesYesNoNo

We Do Not Sell Your Personal Information

NightSip does not sell your personal information as defined under the CCPA. We do not exchange your data for monetary or other valuable consideration.

How to Exercise Your CCPA Rights

We will respond within 45 days (up to 90 days if additional time is needed).

Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • TLS 1.3 encryption for all data in transit
  • Encrypted data storage at rest
  • Regular security assessments and monitoring
  • Access controls and authentication
  • PCI DSS compliant payment processing via Stripe

For more details, see our Security page.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Typical retention periods are:

  • Account data: Until account deletion or 3 years of inactivity
  • Transaction records: 7 years (legal requirement)
  • Analytics data: 26 months
  • Marketing consent: Until withdrawn

International Data Transfers

Your information may be transferred to and processed in countries outside your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with service providers
  • Privacy Shield certification where applicable

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. For significant changes, we may also send you an email notification.

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

privacy@thenightsip.com(Privacy inquiries)
hello@thenightsip.com(General inquiries)
+1 (305) 970-8452
NightSip Inc.
Miami, FL
USA