Privacy policy
Last updated: 12 June 2026
Nodra Skin ("Nodra", "we", "us") is the data controller for personal information collected through nodraskin.com (the "Site"). This policy explains what we collect, why, who we share it with, and the rights you have. If anything is unclear, write to us at legal@nodraskin.com.
1. What we collect
Order and account information. When you buy from us or create an account, we collect your name, billing and delivery address, email address, phone number (if provided), and details of what you ordered. Payment card details are collected and processed directly by our payment processors; we never see or store your full card number.
Device information. When you browse the Site, we automatically collect your IP address, browser type and version, time zone, the pages you view, the products you look at, and how you arrived at the Site. This is collected through cookies and similar technologies (see section 7).
Customer support information. When you email us, we keep the correspondence, your contact details, and any photos or information you choose to send us, including photos submitted under the Nodra Promise guarantee.
Marketing information. If you sign up to our emails, we collect your email address and a record of your consent, and we track whether our emails are opened and clicked so we can send fewer, better ones.
Skin Quiz answers. Answers you give in our Skin Quiz are stored only in your own browser so the quiz can remember where you left off. They are not transmitted to us and we cannot see them.
Children. The Site is intended for adults. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will delete it.
2. How we use your information
We use your information to: process and fulfil your orders, including payment, dispatch, delivery and order confirmations; provide customer support and administer guarantee claims and refunds; send you marketing emails where you have agreed to receive them (you can unsubscribe at any time using the link in any email); screen orders for fraud and keep the Site secure; understand how the Site is used so we can improve it; and comply with our legal obligations, including tax and accounting rules.
3. Lawful bases (UK and EU GDPR)
Where UK or EU data protection law applies, we rely on: performance of a contract (processing your order and providing support); consent (marketing emails and non-essential cookies); legitimate interests (fraud prevention, site analytics, improving our products and service); and legal obligation (tax, accounting and consumer protection records).
4. Who we share information with
We do not sell your personal information. We share it only with service providers who help us run the store: Shopify Inc., which hosts our Site and stores order data (Shopify's own privacy policy is at www.shopify.com/legal/privacy); payment processors, who handle your payment securely; our fulfilment partners and delivery carriers, who receive your name, address and contact details so your order can reach you; our email marketing platform, which sends our emails on our behalf; and analytics and advertising partners, as described in section 7. We may also disclose information where required by law, regulation, court order or other lawful request, or to protect our rights.
5. International transfers
Some of our service providers are located outside the United Kingdom and the European Economic Area, including in Canada and the United States. Where information is transferred internationally, we rely on safeguards recognised under applicable law, such as adequacy decisions and standard contractual clauses.
6. How long we keep information
We keep order records for as long as needed to fulfil your order and afterwards as required for tax, accounting and legal purposes (typically six years). Support correspondence and guarantee documentation are kept for as long as reasonably necessary to administer claims and resolve disputes. Marketing data is kept until you unsubscribe or ask us to delete it.
7. Cookies and advertising
We use cookies that are necessary for the Site to work (for example, keeping items in your cart and enabling secure checkout) and, with your consent where required, analytics and marketing cookies that help us understand site performance and show relevant advertising. These include standard Shopify cookies such as cart, checkout_token and secure_session_id (functional) and shopify_y, shopify_s and tracking_consent (analytics).
We may share information about your use of the Site with advertising partners so that you see relevant ads elsewhere. You can opt out of targeted advertising through: Facebook (facebook.com/settings/?tab=ads), Google (google.com/settings/ads/anonymous), and the Digital Advertising Alliance (optout.aboutads.info). You can also block or delete cookies in your browser settings, although parts of the Site may stop working properly.
Some browsers send a Do Not Track signal. Because there is no industry standard for responding to these signals, the Site does not currently change its behaviour when one is received.
8. Your rights
If you are in the United Kingdom or the European Economic Area, you have the right to access the personal information we hold about you, to have it corrected or deleted, to restrict or object to our processing of it, to receive it in a portable format, and to withdraw consent at any time where consent is our basis for processing. To exercise any of these rights, email legal@nodraskin.com. We will respond within one month. You also have the right to complain to your data protection authority; in the UK this is the Information Commissioner's Office (ico.org.uk).
If you are a California resident, you have the right to know what personal information we collect, to request its deletion or correction, and not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined in the CCPA. You may make requests yourself or through an authorised agent by emailing legal@nodraskin.com.
9. Security
Payment is handled by PCI-compliant processors over encrypted connections, and access to personal information is limited to those who need it to do their job. No method of transmission or storage is completely secure, but we take the protection of your information seriously and review our practices regularly.
10. Changes to this policy
We may update this policy from time to time to reflect changes to our practices or for legal and regulatory reasons. The date at the top shows when it was last revised. Material changes will be flagged on the Site.
11. Contact us
Privacy and legal matters: legal@nodraskin.com
Orders and support: hello@nodraskin.com
