NOSUTAROT Privacy Policy
Last updated: October 17, 2025
At NOSUTAROT, your privacy and trust are sacred. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website, book a service, or interact with us online.
1. Information We Collect
We may collect the following types of information:
- Personal Information: Name, email address, billing address, and payment details when booking a session or purchasing a service.
- Account Information: If you create an account via Ecwid, we store your username, contact details, and order history.
- Payment Data: Payments are securely processed by Stripe and PayPal. NOSUTAROT does not store your full payment details — only limited transaction references provided by these platforms.
- Communication Data: Emails or messages you send to us, including inquiries or feedback.
- Technical Data: IP address, browser type, operating system, and general usage statistics collected via Ecwid and analytics tools.
- Cookies: Small files placed on your device to improve website functionality and personalize your experience (see our Cookie Policy).
2. How We Use Your Information
We use your information to:
- Process and deliver your bookings and purchases.
- Communicate with you regarding your sessions, questions, or updates.
- Improve our website, services, and user experience.
- Comply with legal obligations and payment verification.
- Send marketing and promotional content (only with your explicit consent — you can unsubscribe anytime).
3. Legal Basis for Processing (GDPR Compliance)
If you are located in the EU or UK, we process your personal data under the following lawful bases:
- Contractual necessity: To fulfill your purchase or service booking.
- Consent: For marketing and newsletters.
- Legal obligation: For tax, accounting, and fraud prevention purposes.
- Legitimate interest: To enhance services and client experience.
4. CCPA / CPRA Compliance (California Residents)
If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the personal information we collect, use, and share.
- Right to Delete: You can request deletion of your personal data, subject to legal and transactional requirements.
- Right to Opt-Out: You can opt out of the “sale” or “sharing” of personal data (note: NOSUTAROT does not sell personal information).
- Right to Non-Discrimination: You will not be treated differently for exercising your privacy rights.
- Right to Correct: You may request correction of inaccurate data.
NOSUTAROT does not sell or trade personal information. Any data sharing is solely for essential service delivery (e.g., payment processing and store operation through Ecwid, Stripe, and PayPal).
5. How We Store and Protect Data
6. Sharing Your Information
- Ecwid (Lightspeed): to manage store operations.
- Stripe and PayPal: to process payments.
- Service providers: like email and hosting partners that help operate our website, under strict confidentiality agreements.
- Legal authorities: if required by law or to protect our rights.
7. Data Retention
We retain your data for as long as necessary to provide services and comply with legal requirements (for example, tax and transaction records are typically kept for up to 7 years).
8. Your Rights
Depending on your location, you may have the right to:
- Access, correct, or delete your data.
- Withdraw consent for marketing.
- Request a copy of the data we hold about you.
- File a complaint with your local data protection authority.
Requests can be made by contacting us directly at nosutarot@gmail.com.
9. Children’s Privacy
10. International Transfers
11. Updates to This Policy
12. Contact Us
