Privacy policy
PRIVACY POLICY
Effective date: June 28, 2026
This Privacy Policy explains how Somava 01 SL ("we," "our," or "us"), operating under the brand Nuralee, collects, uses, and protects your personal data when you visit nuralee.com or purchase our products.
We are committed to complying with the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection law.
1. Data Controller
Somava 01 SL Pl. de Correus, S/N, Ciutat Vella, 08002 Barcelona, Spain VAT: ES04559791H Email: hello@reguli.io
2. Data We Collect
Information you provide directly:
- Name, email address, shipping and billing address, phone number
- Payment information (processed securely by Shopify Payments — we do not store card data)
- Order history and subscription preferences
- Communications you send us
Information collected automatically:
- IP address, browser type, operating system
- Pages visited, time on site, referral source
- Device identifiers
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your orders | Performance of a contract |
| Managing subscriptions (via Recharge) | Performance of a contract |
| Sending transactional emails (order confirmations, shipping updates) | Performance of a contract |
| Sending marketing emails (where you have opted in) | Consent |
| Improving our website and products | Legitimate interests |
| Fraud prevention and security | Legitimate interests |
| Complying with legal obligations | Legal obligation |
4. Third-Party Service Providers
We share data with the following processors, only to the extent necessary to provide our services:
| Provider | Purpose |
|---|---|
| Shopify | E-commerce platform and order management |
| Recharge | Subscription billing and management |
| Klaviyo | Email marketing and customer communications |
| Meta (Facebook/Instagram) | Advertising and conversion tracking |
| Google Analytics | Website analytics |
All processors are contractually bound to handle your data securely and in accordance with applicable law. Some providers may transfer data outside the European Economic Area; where this occurs, appropriate safeguards (such as Standard Contractual Clauses) are in place.
5. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law. Order data is typically retained for a minimum of 5 years for accounting and legal compliance purposes.
6. Your Rights
Under GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten"), subject to legal obligations
- Restriction — request that we limit how we process your data
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests or for direct marketing
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at hello@reguli.io. We will respond within 30 days.
You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos — www.aepd.es).
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All transactions are encrypted using SSL/TLS.
8. Links to Third-Party Sites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page with an updated effective date.
10. Contact
For any privacy-related questions or requests: hello@reguli.io Somava 01 SL · Pl. de Correus, S/N, Ciutat Vella, 08002 Barcelona, Spain