Privacy Policy

Nocturne & Co.
Last updated: April 22, 2026

This Privacy Policy describes how Nocturne & Co. ("we," "us," or "our") collects, uses, and shares information about you when you visit or make a purchase from nocturneco.com (the "Site"). By using the Site, you agree to the collection and use of information in accordance with this policy.

We are based in Washington State and operate under applicable federal law and the laws of the State of Washington. If you are a resident of California, please also review the additional disclosures in the California Residents section below.

1. Information We Collect

Information you provide directly

When you place an order, create an account, or contact us, we collect:

  • Name and billing/shipping address
  • Email address
  • Phone number (if provided)
  • Payment information — we do not store your full card number; payment data is processed and held by Shopify Payments, a PCI-DSS compliant payment processor
  • Order history and product preferences
  • Any information you include in communications with us (e.g., customer service enquiries)

Information collected automatically

When you visit the Site, we automatically collect certain information about your device and browsing behavior, including:

  • IP address and approximate geographic location
  • Browser type and version
  • Operating system
  • Pages visited, time spent on pages, and referring URLs
  • Device identifiers
  • Cookie data and similar tracking technologies (see Section 4 below)

Information from third parties

We may receive information about you from third-party services we use to operate our business, including:

  • Meta Platforms, Inc. (Facebook/Instagram): We use the Meta Pixel on our Site to track website events (including page views, product views, add-to-cart events, and purchases) for the purpose of measuring ad performance and delivering relevant advertising on Facebook and Instagram. Meta may match this information with your existing Facebook or Instagram profile. For more information on Meta's data practices, visit facebook.com/privacy/policy.
  • Shopify Inc.: Our store is hosted on Shopify, which processes order and payment data on our behalf. For Shopify's privacy practices, visit shopify.com/legal/privacy.

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders, including sending order confirmations and shipping notifications
  • Communicate with you about your purchases and respond to enquiries
  • Operate, maintain, and improve the Site
  • Detect and prevent fraudulent transactions and other illegal activities
  • Comply with our legal obligations
  • Send you marketing communications about our products, promotions, and updates — but only where you have opted in to receive them or where permitted by applicable law (see Section 6 below)
  • Measure and analyze the effectiveness of our advertising campaigns
  • Personalize your experience on the Site

We do not sell your personal information to third parties.

3. How We Share Your Information

We share your information only as described below:

Service providers. We share information with third-party vendors and service providers that help us operate our business, including:

  • Shopify Inc. — ecommerce platform and payment processing infrastructure
  • Shopify Payments (powered by Stripe) — payment processing
  • Shipping carriers — to fulfill and deliver your orders
  • Email service providers — when we launch email marketing, we will engage a provider such as Klaviyo or Shopify Email. This policy will be updated to reflect that addition at that time.
  • Meta Platforms, Inc. — advertising and analytics (as described in Section 1)

These service providers are authorized to use your personal information only as necessary to provide services to us and are bound by contractual obligations consistent with this policy.

Legal requirements. We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency), or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Business transfers. If Nocturne & Co. is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Site of any change in ownership or uses of your personal information.

We do not sell, trade, or rent your personal information to third parties for their independent marketing purposes.

4. Cookies and Tracking Technologies

We use cookies, pixel tags, and similar tracking technologies to collect and use personal information about you.

What we use:

  • Essential cookies — necessary for the Site to function, including shopping cart and checkout functionality. These cannot be disabled without affecting Site operation.
  • Analytics cookies — we use Shopify's built-in analytics to understand how visitors use the Site (pages visited, traffic sources, session duration).
  • Advertising cookies — the Meta Pixel places cookies on your device to track your activity on our Site and report it to Meta for ad measurement and targeting purposes.

Your choices:

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Note that disabling cookies may affect the functionality of the Site, including the ability to complete a purchase.

You may opt out of Meta's use of your information for advertising purposes by visiting facebook.com/ads/preferences or by adjusting your settings in the Facebook or Instagram apps.

Washington State residents have additional rights under the Washington My Health MY Data Act (MHMDA) regarding health-related data. We do not knowingly collect sensitive health data through our Site.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

  • Order information: retained for a minimum of 7 years for tax and accounting compliance purposes
  • Account information: retained for the duration of your account and for a reasonable period thereafter
  • Marketing preferences: retained until you withdraw consent or unsubscribe
  • Server logs and analytics data: typically retained for 12–26 months

When we no longer need your information, we will securely delete or anonymize it.

6. Email Marketing

We may send you marketing emails about our products, promotions, and updates. We will only send marketing emails where:

  • You have opted in at checkout or via a sign-up form on our Site, or
  • You are an existing customer and the communication relates to similar products or services, and you have not opted out

Every marketing email we send will include a clear and easy way to unsubscribe. You can also unsubscribe at any time by emailing us at hello@nocturneco.com with "Unsubscribe" in the subject line.

We comply with the CAN-SPAM Act. Our marketing emails will always:

  • Identify themselves clearly as advertisements where required
  • Include our physical mailing address
  • Include a clear opt-out mechanism
  • Honor opt-out requests promptly (within 10 business days)

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

  • SSL/TLS encryption for all data transmitted to and from the Site (indicated by "https" in your browser)
  • PCI-DSS compliant payment processing through Shopify Payments
  • Access controls limiting who within our organization can access personal information

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law.

8. Children's Privacy

Our Site is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information. If you believe we may have collected information from a child under 13, please contact us at hello@nocturneco.com.

9. Third-Party Links

Our Site may contain links to third-party websites. This Privacy Policy does not apply to those sites, and we are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Your Rights (All Users)

Regardless of your location, you may:

  • Access your personal information by contacting us at hello@nocturneco.com
  • Correct inaccurate personal information by contacting us or updating your account
  • Delete your personal information by contacting us — note that we may need to retain certain information for legal or legitimate business purposes as described in Section 5
  • Opt out of marketing communications at any time (see Section 6)
  • Request information about how your data is used

To exercise any of these rights, email us at hello@nocturneco.com. We will respond within 30 days. We will not discriminate against you for exercising your privacy rights.

11. California Residents — Additional Disclosures (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of personal information we collect

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers — name, email address, IP address, shipping and billing address
  • Commercial information — records of products purchased, order history
  • Internet or other electronic network activity — browsing history on our Site, interactions with our ads
  • Geolocation data — approximate location derived from IP address
  • Inferences — product preferences drawn from purchase history

Purposes for collection

We collect this information for the business and commercial purposes described in Section 2 above.

Disclosure of personal information

We disclose personal information to the service providers listed in Section 3 for business purposes. We do not sell personal information. We do share certain identifiers and internet activity data with Meta Platforms for advertising purposes — under the CPRA, this may constitute "sharing" for cross-context behavioral advertising. You have the right to opt out of this sharing (see below).

Your California rights

As a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and share
  • Delete personal information we hold about you (subject to certain exceptions)
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of your personal information for cross-context behavioral advertising
  • Limit the use and disclosure of sensitive personal information
  • Non-discrimination — we will not discriminate against you for exercising your rights

How to exercise your California rights

Submit a request by emailing hello@nocturneco.com with the subject line "California Privacy Request." We will verify your identity before processing your request and respond within 45 days (with a possible 45-day extension where reasonably necessary).

To opt out of sharing with Meta for advertising purposes: You may click the "Do Not Sell or Share My Personal Information" link in the footer of our Site, or visit facebook.com/ads/preferences to manage Meta's use of your data directly.

12. Washington State Residents

We comply with applicable Washington State privacy laws, including the Washington Privacy Act (WPA) where applicable. Washington residents have similar rights to access, correct, delete, and opt out of certain processing of their personal information. To exercise these rights, contact us at hello@nocturneco.com.

We do not collect sensitive data as defined under Washington law (including precise geolocation, health data, biometric data, or data concerning a known child) through our Site.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make changes, we will update the "Last updated" date at the top of this page. If we make material changes, we will notify you by email (if we have your email address) or by posting a prominent notice on the Site prior to the change becoming effective. We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Nocturne & Co.
Email: hello@nocturneco.com
Website: nocturneco.com

For privacy-specific requests, please include "Privacy Request" in the subject line of your email so we can route it appropriately.

This Privacy Policy was last reviewed and updated on April 22, 2026. This document does not constitute legal advice. Nocturne & Co. recommends periodic review by qualified legal counsel as the business grows and data practices evolve.

Button label