Privacy policy

Last updated: November 11, 2025

This Privacy Policy explains how Nocs Provisions, LLC (“Nocs Provisions,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit or make a purchase from our websites, use our services, engage with our marketing, or otherwise interact with us (collectively, the “Services”). It also describes your rights and choices, including rights available to individuals in the European Economic Area (EEA), the United Kingdom (UK), and the European Free Trade Association (EFTA) states (together, “Europe”).

1) Who We Are (Data Controller) & How to Contact Us

Data Controller: Nocs Provisions, LLC, United States
Contact for privacy matters: yo@nocsprovisions.com
We have not appointed a Data Protection Officer. You may use the contact above for all privacy inquiries, including to exercise your data rights.

2) Scope

This Policy applies to our processing of personal information of individuals worldwide, including residents of the EU, UK, and EFTA. We sell and ship to these regions and may run paid advertising directed at European residents.

3) Personal Information We Collect

We collect personal information that you provide directly, that is collected automatically through your use of the Services, and that we receive from third parties:

  • Identity & Contact Data: first and last name, email address, phone number, shipping and billing addresses.
  • Account & Order Data: account credentials, order history, items purchased, delivery preferences, support communications.
  • Payment Data: payment method details processed by our payment processors (e.g., Shopify Payments). We do not store full card numbers.
  • Device/Usage Data: IP address, cookie identifiers, device and browser information, approximate location (derived from IP), pages viewed, links clicked, referring/exit pages, and similar usage analytics.
  • Marketing Preferences: newsletter opt-ins/opt-outs, interaction with email campaigns (e.g., opens, clicks).
  • Social/Ads Data: data associated with advertising platforms and pixels as described in the “Cookies & Similar Technologies” and “Advertising & Analytics” sections.

4) Why We Use Your Information (Purposes) & Legal Bases (EU/UK/EFTA)

We process personal information for the purposes and under the legal bases listed below:

  • To provide the Services and fulfill contracts (e.g., process and deliver orders, provide customer support, manage accounts). Legal basis: performance of a contract; legitimate interests.
  • To comply with legal obligations (e.g., tax, accounting, fraud prevention, regulatory requirements). Legal basis: legal obligation.
  • To operate, secure, and improve the Services (e.g., troubleshooting, analytics, service improvements). Legal basis: legitimate interests.
  • To send marketing communications (where permitted) and measure campaign effectiveness. Legal basis: consent (where required) or legitimate interests (where permitted); you can withdraw consent at any time.
  • To run advertising and retargeting (see “Advertising & Analytics”). Legal basis: consent for non-essential cookies and tracking in Europe; legitimate interests where permitted.

5) Cookies & Similar Technologies

We use cookies, pixels, and similar technologies to operate the site, measure engagement, remember preferences, and personalize advertising. In Europe, we display a cookie banner and/or preferences tool to obtain consent for non-essential cookies (including analytics and advertising cookies). Your choices in the banner will be honored, and you may update preferences at any time via the banner or browser settings.

6) Advertising & Analytics Tools

Subject to consent where required, we use the following tools:

  • Google Analytics: to understand how our site is used. Our current retention setting is 14 months.
  • Meta (Facebook/Instagram) Pixel: to measure ads and run retargeting.
  • Reddit Pixel: to measure ads and run retargeting on Reddit.
  • Klaviyo: to send emails and measure engagement (e.g., opens/clicks) where you have signed up.

Where required in Europe, these tools operate only with your consent. You can withdraw consent at any time via the cookie banner/preferences or by contacting us.

7) How We Share Information

We share personal information with:

  • Service Providers (Processors): e-commerce platform and hosting (Shopify), payment processors, email & marketing platforms (e.g., Klaviyo), analytics and adtech partners (as above), IT/security providers, and support tools. These providers process data on our behalf under contractual safeguards.
  • Fulfillment & Logistics: warehouse and delivery partners (currently including Amazon FBA) to ship and deliver orders.
  • Legal & Compliance: to comply with laws or respond to lawful requests; to protect our rights, users, or others.
  • Business Transfers: in connection with a merger, acquisition, financing, or sale of all or part of our business.

8) International Transfers

We are based in the United States and use service providers that may process your personal information outside your country, including in countries that may not provide the same level of data protection as your home jurisdiction. Where required by law (e.g., for transfers from the EEA/UK/EFTA), we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and take additional measures where necessary to protect your information.

9) Data Retention

  • Order & Account Data: retained indefinitely unless you request deletion or unless we are legally required to retain for a specific period (e.g., tax and accounting).
  • Marketing Data (Klaviyo): we remove inactive subscribers after 200 days of inactivity or earlier if you unsubscribe or request deletion.
  • Analytics Data (Google Analytics): retained per our current setting of 14 months.

We may retain certain information as required by law or for legitimate business purposes (e.g., to prevent fraud, resolve disputes, and enforce our terms).

10) Your Rights

Worldwide (including U.S.): You may request access to or deletion of your personal information, and you may opt out of marketing at any time (e.g., via unsubscribe links or by contacting us).

EU/UK/EFTA Individuals: You may have the following rights under applicable law:

  • Right of access to your personal data and to obtain a copy;
  • Right to rectification (correction) of inaccurate or incomplete data;
  • Right to erasure (“right to be forgotten”) in certain circumstances;
  • Right to restriction of processing in certain circumstances;
  • Right to data portability for data you provided to us, where technically feasible;
  • Right to object to processing based on legitimate interests, including direct marketing;
  • Right to withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at yo@nocsprovisions.com. We may request information to verify your identity. You also have the right to lodge a complaint with your local supervisory authority (for UK residents, the Information Commissioner’s Office).

11) Children’s Privacy

Our Services are not directed to children, and we do not knowingly collect personal information from individuals under the age of 16 in the EU/UK/EFTA (or the age defined by local law). If you believe a child has provided us personal information, please contact us so we can take appropriate action.

12) Security

We implement technical and organizational measures designed to protect personal information, including access controls, encryption in transit where appropriate, and vendor due diligence. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

13) Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects on individuals without human involvement.

14) Managing Your Choices

  • Cookies/Tracking: Use our cookie banner or your browser settings to manage non-essential cookies and withdraw consent.
  • Marketing Emails: Use the unsubscribe link in emails or contact us at yo@nocsprovisions.com.
  • Access/Deletion/Other Requests: Email yo@nocsprovisions.com.

15) Third-Party Links & Sites

Our Services may contain links to third-party websites, services, and plugins. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

16) Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technologies, legal requirements, or other factors. When we make material changes, we will take appropriate steps to notify you (for example, by posting the updated policy with a new “Last updated” date and/or providing a notice on our website). Your continued use of the Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

17) Region-Specific Information

EU/UK/EFTA: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Where we rely on legitimate interests, you may object to processing, and we will assess your objection and stop processing unless we have compelling legitimate grounds. For cross-border transfers, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and implement supplementary measures where necessary.

If you have any questions about this Privacy Policy or our data practices, please contact us at yo@nocsprovisions.com.