1. General Provisions
1.1. This Privacy and Personal Data Processing Policy (hereinafter — Policy) governs the collection, storage, processing, and protection of personal data of users (hereinafter — Users) of the Nutson platform (hereinafter — Service).
1.2. This Policy is designed in compliance with international data protection standards, including but not limited to GDPR (EU), CCPA (California, USA), LGPD (Brazil), and applicable national laws.
1.3. By using the Service, the User agrees to the terms of this Policy. If the User does not agree, they must stop using the Service.

2. Personal Data Collected
The Operator may collect the following personal data:
Full name, nickname;
Contact details (email, phone number);
Payment details (in anonymized form where possible);
Account and activity data within the Service;
IP address, browser, and device information;

Cookies and other online identifiers.
3. Purposes of Processing Personal Data
Personal data is processed exclusively for:
Providing services and ensuring the operation of the Service;
Improving service quality;
Conducting analytics and statistical research;
Fulfilling legal obligations (e.g., government requests);
Marketing and informational communications (with the User’s consent).

4. Marketing & Informational Communications
4.1. The Operator is entitled to send Users notifications about new products and services, special offers, and various events.
4.2. The User may opt out of receiving such notifications at any time by sending an email to [Your Email] with the subject line:
“Unsubscribe from notifications about new products, services, and special offers.”
4.3. Upon receiving the opt-out request, the Operator will stop sending such communications within a reasonable period (no more than 10 business days).

5. Legal Basis for Processing
The Operator processes personal data only if one or more of the following legal bases apply:
The User has given consent;
Processing is necessary for contract performance;
Processing is required for the Operator’s legitimate interests;
Processing is required to comply with legal obligations.

6. Data Sharing with Third Parties
6.1. The Operator may share personal data with third parties only if:
The User has given explicit consent;
It is necessary for contract performance or service provision;
It is required by law.
6.2. All third parties are required to maintain confidentiality and process data in compliance with applicable data protection laws.

7. Data Protection Measures
The Operator applies organizational and technical security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction, including but not limited to:
Data encryption;
Access control systems;
Regular security audits.

8. User Rights
Depending on applicable law, Users may have the right to:
Obtain a copy of their data;
Correct or delete their data;
Restrict or object to data processing;
Withdraw consent at any time;
Lodge a complaint with a supervisory authority.

9. Data Retention
Personal data is retained only for the period necessary to fulfill the purposes of processing or as required by applicable law.

10. Changes to the Policy
The Operator reserves the right to amend this Policy without prior notice to Users by publishing an updated version on the website.
The new version becomes effective upon publication unless stated otherwise