LEGALLAST UPDATED 2026-04-21

Privacy policy.

How NUUN Digital collects, uses, and protects personal information — across our websites, our newsletter, and our client engagements.

Quick answer
NUUN Digital treats personal information as a fiduciary responsibility. We collect only what we need to deliver the service you requested, we never sell your data, and we honour deletion requests within 30 days. This page is the plain-language version of our full privacy policy — updated quarterly and reviewed by legal counsel.

What we collect

We collect three categories of information. First, information you give us directly — your name, email, company, and message when you fill a form. Second, information we collect automatically — IP address, browser type, pages visited, and referrer, via privacy-respecting analytics. Third, information required to deliver a contracted service — only what's necessary, documented per engagement, and held under the client's own data-processing agreement.

How we use it

We use the information you give us to respond to your inquiry, send you content you explicitly requested, and, where applicable, deliver services under a signed agreement. We use automatic information to measure traffic, debug issues, and improve content. We do not use your information to build advertising profiles or sell to third parties.

Cookies & tracking

This site uses essential cookies for functionality and, with your consent, analytics and marketing cookies to measure traffic and attribute campaigns. In the EU, UK, Switzerland, Brazil, and Quebec, we ask for consent before any non-essential cookies load (opt-in). Elsewhere, we use opt-out with a visible control in the consent banner. See the cookie policy for the full list.

Your rights

You can request a copy of the data we hold on you, correct it, or ask us to delete it. Email and we will respond within 30 days. Residents of the EU/UK, Quebec, California, and any jurisdiction with equivalent protections have additional rights under GDPR, Law 25, CCPA, and similar statutes — which we honour.

Data retention

Newsletter subscribers: we hold your email until you unsubscribe. Form submissions: 24 months unless a client engagement is active. Analytics: 14 months, aggregated and de-identified. Client project data: per the signed Master Services Agreement, typically 7 years from engagement close for tax and legal reasons.

Security

We store client and prospect data on SOC 2 Type II-compliant infrastructure (our primary processors: HubSpot, Google Workspace, and AWS). Access is role-based and audited. We report breaches that affect personal data within 72 hours where required by law.

Children's privacy

This site is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from children.

Changes to this policy

Material changes are posted here with an updated "last reviewed" date. If a change affects how we use data you've already shared, we will notify you by email before it takes effect.

Contact us

For any privacy-related question, email — attention: Privacy Officer. Postal correspondence is accepted on request to the same address; ask via email and we will share details.

This is a working version of our privacy policy. The next scheduled legal review is Q3 2026. For the full text in French or Arabic, email .