Privacy Policy
Last updated: Effective date: March 26, 2026
Nutrascia respects your privacy and handles personal data with care. This policy explains what we collect, why we collect it, and your rights regarding your data.
1. Data we collect
- Identity and contact details such as name, email, phone number, and shipping details.
- Order and transaction details, including purchased products and payment status (we do not store full card numbers).
- Account activity, wishlist, and support interactions.
- Technical data such as device/browser details, cookies, and analytics events.
2. How we use your data
- Process orders, fulfill shipments, and provide customer support.
- Improve product discovery, recommendations, and site performance.
- Send service updates and, where permitted, marketing communications.
- Prevent fraud, abuse, and unauthorized access.
3. Data sharing
- We share data only with service providers needed to operate the store, such as payment, shipping, analytics, and infrastructure providers.
- We do not sell personal data.
- We may disclose data when legally required or to protect Nutrascia, our users, or the public.
4. Cookies and analytics
- We use essential cookies for checkout and account functionality.
- With consent, we use analytics and marketing technologies to measure performance and improve user experience.
- You can manage consent preferences at any time through cookie controls.
5. Data retention and security
- We retain data only as long as needed for operational, legal, and accounting purposes.
- We apply technical and organizational safeguards to protect data from unauthorized access, loss, or misuse.
- No system is completely risk-free, but we continuously improve our security controls.
6. Your rights
- You may request access, correction, deletion, or restriction of your personal data, subject to legal obligations.
- You may opt out of marketing communications at any time.
- For privacy requests, contact us through the Contact Us page.
7. Facebook Messenger, Instagram Direct, and WhatsApp messaging
- When you message our Facebook Page, Instagram business account, or WhatsApp Business number, we receive the message content along with the identifiers Meta assigns to you for communicating with our business — a Page-Scoped User ID (PSID) on Facebook Messenger, an Instagram-Scoped ID on Instagram, and a WhatsApp phone number on WhatsApp.
- With your permission, granted implicitly by messaging our page, Meta shares basic public profile information with us — such as your first name, last name, profile picture, and (on Instagram) your public username — so our team can greet you and continue the conversation across multiple sessions.
- We use these identifiers and message contents only to respond to your inquiry, help you place or track an order, provide product guidance, and keep a support history so you do not have to repeat yourself.
- We do not use Meta-originated data for advertising, we do not share it with unrelated third parties, and we do not build advertising audiences from messages you send us.
- Messages you send us are stored on our hosted Chatwoot customer-support platform and processed by our back-office systems. You may ask us to delete your message history at any time using the contact details in section 10 below.
8. AI-assisted customer service (Nora)
- Our customer-service assistant "Nora" uses large-language-model technology to understand your questions and draft replies on Messenger, Instagram, WhatsApp, and our website chat widget.
- To generate a reply, the content of your message — plus, when relevant, the name on file and the order history already associated with your account — is sent to our AI providers (Anthropic and OpenAI) over encrypted connections. These providers act as data processors and, per their contractual terms with us, do not train their foundation models on your messages.
- Nora does not take irreversible actions on your account on its own. Order confirmations, refunds, and address changes are either confirmed by you in the conversation or handed off to a human teammate.
- You may at any time ask to be transferred to a human agent by replying with "human" or "عايز حد حقيقي", and Nora will hand the conversation off to our team.
9. Service providers we share data with
- Payments: Paymob, Stripe (card processing; we do not store full card numbers).
- Shipping and fulfillment: Egyptian and regional carriers as required to deliver your order.
- Messaging infrastructure: Meta Platforms (Facebook Messenger, Instagram, WhatsApp Business), and our self-hosted Chatwoot instance for agent inboxes.
- AI providers: Anthropic and OpenAI for AI-assisted replies, strictly as data processors.
- Analytics and performance: PostHog and Sentry, configured to minimize personally identifiable data.
- Transactional email and push: our self-hosted Novu and Dittofeed instances.
- Each provider is bound by contract to use your data only on our instructions.
10. Data deletion, retention, and contacting us
- To request deletion of your account, your message history on any channel (Messenger, Instagram, WhatsApp, web chat), or any other personal data, email [email protected] with the account email, phone number, or Instagram/Facebook handle you used. We will respond within 30 days.
- For Facebook and Instagram specifically, you can also revoke our access at any time from Facebook Settings → Apps and Websites, or Instagram Settings → Apps and Websites. Revoking access does not delete past messages held in our system — to delete those, please email the address above.
- We retain order-related data for the period required by Egyptian tax and consumer-protection law, and support conversations for up to 24 months after the last interaction unless you ask us to delete them sooner.
- Data controller: Nutrascia, Cairo, Egypt. Privacy contact: [email protected]. General support: [email protected].
11. Children
- Our services are intended for users aged 18 or older. We do not knowingly collect data from children. If you believe a minor has contacted us or created an account, email [email protected] and we will remove the data.
12. Changes to this policy
- We may update this policy as our services evolve. Material changes will be highlighted on this page and, where appropriate, communicated to registered customers by email. The "Last updated" date at the top reflects the current version.
