Skip to main content
Launching soonFounding 100 spots open93 left

Legal

Privacy Policy

Last updated: May 2026

Who we are

Data Controller: Fatemi Consultancy Ltd (trading as Nutistry), Saltley House, Taywood Road, Northolt, Middlesex, UB5 6GX. Company No. 10789818.

ICO registration: pending. Our application is being processed; the registration number will appear here within 30 days of launch.

For data access, deletion, or correction requests under UK GDPR Articles 15-17, email hello@nutistry.co.uk.

We are committed to protecting your personal data and complying with the UK GDPR and the Data Protection Act 2018.

What data we collect

When you place an order, we collect your name, email address, delivery address, and payment information. Payment details are processed by Stripe and never stored on our servers.

When you create an account or sign in, we collect your email address and, where you use Google Sign-In, your Google profile name and photo.

We collect technical data automatically when you visit our site, including your IP address, browser type, pages visited, and time spent. This is collected via anonymised analytics.

How we use your data

We use your data to process and fulfil orders, send order confirmation and shipping emails, provide customer support, and prevent fraud.

If you have opted in to marketing communications, we may send you updates about new products and offers. You can unsubscribe at any time.

Legal basis for processing

We process your data on the basis of contract performance (to fulfil your order), legitimate interests (fraud prevention, service improvement), and consent (marketing emails).

Third parties

Stripe — payment processing. Stripe processes card data under its own PCI-DSS certified systems. See stripe.com/privacy.

Resend — transactional email delivery (order confirmations, magic link sign-in). See resend.com/legal/privacy-policy.

Neon — database hosting. Your data is stored on servers in the EU. See neon.tech/privacy.

Vercel — website hosting and CDN. See vercel.com/legal/privacy-policy.

We do not sell your personal data to any third party.

How long we keep your data

Order records are retained for 7 years to comply with UK tax law. Account data is retained until you request deletion. Marketing consent is retained until withdrawn.

Your rights

Under UK GDPR you have the right to access, correct, or delete your personal data; to restrict or object to processing; and to data portability. To exercise these rights, contact us at privacy@nutistry.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Right to erasure (Article 17)

You can request deletion of your personal data at any time by emailing privacy@nutistry.co.uk (or hello@nutistry.co.uk) with the subject line “Data deletion request”. Please include the email address linked to your account or recent orders.

On receipt we will:

  1. Acknowledge your request within 3 business days.
  2. Verify your identity via the email address on file.
  3. Permanently delete your account record, saved addresses, newsletter subscription, and Founding 100 entry within 30 days.
  4. Anonymise the customer fields on past order records — order numbers, dates, totals, and line items are retained for 7 years to comply with UK tax law (HMRC requires transaction records to be kept).
  5. Confirm completion by email.

You can also unsubscribe from marketing emails instantly using the link at the bottom of any newsletter — no need to email us first.

Cookies

We use strictly necessary cookies for authentication (session management). We do not currently use advertising or tracking cookies.

Contact

For any privacy-related queries, contact us at privacy@nutistry.co.uk.