Security at NightSip

Your security and privacy are our top priorities. Learn about the measures we take to protect your data.

How We Protect Your Data

Encryption in Transit

All data transmitted to and from our servers is encrypted using TLS 1.3. We enforce HTTPS across all connections.

Secure Infrastructure

Our website is hosted on Netlify with DDoS protection and automatic failover.

Privacy by Design

We collect only the minimum data necessary to provide our services. We never sell your personal information.

PCI Compliance

Payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never store your card details.

Security Headers

Header	Status	Purpose
Strict-Transport-Security	Enabled	Forces HTTPS connections
X-Frame-Options	DENY	Prevents clickjacking attacks
X-Content-Type-Options	nosniff	Prevents MIME sniffing
Content-Security-Policy	Enabled	Controls allowed content sources
Referrer-Policy	strict-origin	Controls referrer information
Permissions-Policy	Restricted	Limits browser features

Data Handling Practices

What We Collect

Email address (for waitlist and communications)
Name and shipping address (when you order)
Anonymous analytics (via privacy-friendly Plausible)

What We Never Do

✗Sell your personal information
✗Store payment card details (handled by Stripe)
✗Share data with third parties for marketing
✗Use invasive tracking cookies

Third-Party Services

We use the following trusted third-party services:

Stripe

Payment processing

PCI DSS Level 1

Netlify

Hosting and CDN

Security docs

Plausible

Privacy-friendly analytics

Data policy

Compliance & Certifications

PCI DSS

Level 1 via Stripe

GDPR

Aligned with

See policy

CCPA

Aligned with

See policy

TLS 1.3

256-bit Encryption

Food-Grade

Quality Ingredients

Made in USA

Miami, FL

What We Do to Protect Your Data

NightSip has not completed a formal GDPR or CCPA audit. We operate in alignment with these frameworks based on our own implementation. Here is what we do today:

GDPR Alignment

We honor data portability, right to deletion, and right to object. Contact privacy@thenightsip.com for requests. Read our privacy policy.

CCPA Alignment

California residents can request data access, deletion, and opt-out. We do not sell personal data. Read our privacy policy.

Data Retention

We retain personal data only as long as necessary for business purposes or legal requirements. Customer data is automatically deleted 7 years after last activity.

Encryption at Rest

All customer data is encrypted at rest using AES-256 encryption. Database backups are encrypted and stored in geographically distributed locations.

Last validated: January 2026 (internal review). Next review: July 2026. No third-party audit completed.

Responsible Disclosure

Found a Security Issue?

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Email: security@thenightsip.com

Response time: Within 72 hours

Security.txt: /.well-known/security.txt

Product Information Disclaimer

NightSip is a functional beverage made with food-grade ingredients. These statements have not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease. Individual results may vary. Not intended for children under 12. Consult a healthcare provider if pregnant, nursing, or have a medical condition.

Questions About Security?

Contact our team at hello@thenightsip.com

Last security review: January 2026. Next scheduled review: July 2026.

How We Protect Your Data

Encryption in Transit

All data transmitted to and from our servers is encrypted using TLS 1.3. We enforce HTTPS across all connections.

Secure Infrastructure

Our website is hosted on Netlify with DDoS protection and automatic failover.

Privacy by Design

We collect only the minimum data necessary to provide our services. We never sell your personal information.

PCI Compliance

Payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never store your card details.

Security Headers

Header	Status	Purpose
Strict-Transport-Security	Enabled	Forces HTTPS connections
X-Frame-Options	DENY	Prevents clickjacking attacks
X-Content-Type-Options	nosniff	Prevents MIME sniffing
Content-Security-Policy	Enabled	Controls allowed content sources
Referrer-Policy	strict-origin	Controls referrer information
Permissions-Policy	Restricted	Limits browser features

Data Handling Practices

What We Collect

Email address (for waitlist and communications)
Name and shipping address (when you order)
Anonymous analytics (via privacy-friendly Plausible)

What We Never Do

✗Sell your personal information
✗Store payment card details (handled by Stripe)
✗Share data with third parties for marketing
✗Use invasive tracking cookies

Compliance & Certifications

PCI DSS

Level 1 via Stripe

GDPR

Aligned with

See policy

CCPA

Aligned with

See policy

TLS 1.3

256-bit Encryption

Food-Grade

Quality Ingredients

Made in USA

Miami, FL

What We Do to Protect Your Data

NightSip has not completed a formal GDPR or CCPA audit. We operate in alignment with these frameworks based on our own implementation. Here is what we do today:

GDPR Alignment

We honor data portability, right to deletion, and right to object. Contact privacy@thenightsip.com for requests. Read our privacy policy.

CCPA Alignment

California residents can request data access, deletion, and opt-out. We do not sell personal data. Read our privacy policy.

Data Retention

We retain personal data only as long as necessary for business purposes or legal requirements. Customer data is automatically deleted 7 years after last activity.

Encryption at Rest

All customer data is encrypted at rest using AES-256 encryption. Database backups are encrypted and stored in geographically distributed locations.

Last validated: January 2026 (internal review). Next review: July 2026. No third-party audit completed.