Login
Join for Free
Join for Free

Privacy Notice

Last updated: March 2026

Nivoda Limited and its affiliates (collectively “Nivoda”, “we” and “us”) take your data and privacy very seriously.

This Privacy Notice, together with the materials referred to in it, describes the types of Personal Data we collect and process through our platform (“Platform”), including our website nivoda.com. This notice also describes how we use Personal Data, with whom we share it, and your rights and choices.

We need to use your personal data to operate our business, provide you with the services through our Platform, and fulfil other necessary purposes as outlined in detail below. Please read this Privacy Notice carefully before using our Platform.

TABLE OF CONTENTS

  1. ABOUT US

Nivoda Limited, together with its affiliates (collectively referred to as “Nivoda,” “we,” or “us”), operates globally. Nivoda Limited is registered in England and Wales under company number 10736332, VAT number GB274703691, and has its registered office at 100 Hatton Garden, Suite 202, London, United Kingdom EC1N 8NX.

We are the data controller responsible for your personal data, and we are registered with the Information Commissioner’s Office (“ICO”) with reference number ZA436707.

  1. PERSONAL DATA WE COLLECT ABOUT YOU

Registration, Account Set-Up and Service Usage

To access the Platform you need to have an Account. When you create an account at Nivoda you provide us with the following information:

In order to register your Business on the Platform you provide us with the following information:

Referral Program

If you are referred to Nivoda by an existing user, that user may share a referral link with you. If you click the referral link and choose to register on the Platform, you will voluntarily submit the following personal data:

We process this data to create your account, administer the referral program, and prevent misuse. The legal basis for this processing prior to account creation is our legitimate interests; once you register and accept our terms, we rely on contract performance.

Compliance with Legal Obligations

To comply with our AML and KYC policy you provide us with the following information:

For each additional Office you register on the Platform you provide us with the following information:

When you add your Bank Account to the Platform you provide us with the following information:

When you make purchases on the Platform we store information about each order, including:

Customer Service and Virtual Assistant Interactions

We also collect information when you communicate with us through our customer service channels, such as by phone and live chat. In compliance with applicable law, we may record calls and store chat transcripts. Please note that we use a chatbot/virtual assistant to assist you with customer service requests and, by using the live chat, you agree to the practices described in this Privacy Notice.

Information We Collect Automatically

Browser and Device Data: We automatically collect technical and device information when you use the Platform, such as: IP address, device type, operating system, internet browser type, screen resolution, operating system name and version, device manufacturer and model, and language.

Usage Data: We use session replay technology to collect information such as the time spent on the Platform, pages visited, links clicked, language and account preferences, and the pages that led or referred you to the Platform.

  1. MINORS

Protecting the privacy of minors is of utmost importance to us. Access to the Platform is not directed to individuals under the age of thirteen (13) and we request that they do not provide Personal Data through the Platform. We do not knowingly collect personal data from minors. If we become aware of any such data having been inadvertently collected, we will take immediate steps to delete it.

  1. HOW WE USE PERSONAL DATA AND THE LEGAL BASIS

A. Our Platform

We use Personal Data to facilitate the use of the Platform, to comply with our financial, regulatory and other legal obligations, and to pursue our legitimate business interests. We also use Personal Data to complete transactions and to provide payment-related services.

B. Use of the Platform

Personal Data allows us to enable the following (among other functions): Register an Account, Access the Platform, Search for Goods, Manage Account Settings, Make and Manage Purchases, Send and Manage Transactions, Exchange Currencies, and Manage Bank Accounts.

C. Provide Nivoda WISE – Written In Stone Eternally – Services

Personal data collected via WISE website allows us to enable the following: register an account as an Ambassador, access WISE-certified stones, preview and shape upcoming features in the WISE certificate, and access tailored co-marketing toolkits — including FAQs, digital assets and articles.

We collect the following data: name,surname,email address, mobile phone number, country company name, company type. We also collect information automatically. WISE operates under a separate WISE Privacy and Cookie Notice. Where there is any conflict between this Notice and the WISE notice, the WISE Privacy and Cookie Notice shall prevail solely in respect of the data collected through WISE. 

D. Legal and Regulatory Compliance

We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, and laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties and to submit to third-party verification audits.

E. Marketing and Events-Related Communications

We may send you communications by email about Nivoda’s Platform, new features and/or products, or invite you to participate in events or surveys, in accordance with the consent requirements imposed by applicable law. Where we rely on your consent for marketing, you may withdraw that consent at any time by clicking the unsubscribe link in any marketing email or by contacting us.

F. Providing Lead Capture and Analytics Services

If you opt in to the Lead Capture features on Nivoda Connect, we use the personal data you provided (name, surname, email address) solely to:

We process this data exclusively on your instructions and in accordance with Shopify’s Privacy Policy. We act as a data processor in respect of this data; our merchant customers are the data controllers.

G. Order Fulfilment and Supply Chain Management

We process your personal contact information (mobile number) and business transaction data to manage the supply chain effectively. This includes:

Please note that when we communicate with you via WhatsApp, Meta Platforms, Inc. processes data in accordance with its own terms of service and privacy policy. We send only the minimum information necessary for operational purposes. The legal basis for this processing is the performance of our contract with you and your consent. If you would prefer to receive operational communications by an alternative method, please contact us.

H. Referral Program

We offer a referral program that allows existing users of the Platform to invite prospective users to learn about and register for our services. An existing user may share a referral link with their contact. If you access the Referral Program, you voluntarily submit your personal data to create an account with Nivoda. We process your personal data to operate, administer and secure the referral program, and to prevent misuse. Please refer to Section 2 for details of the data collected through the Referral Program and the applicable legal basis.

Legal Basis

Depending on the context in which Personal Data is collected and used, we rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable laws.

When we rely on our legitimate business interests to process Personal Data, the purposes we have identified include:

Where required by law, we rely on your consent for:

You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

We rely on performance of a contract for:

We rely on compliance with legal obligations for:

  1. HOW WE SHARE PERSONAL DATA

Nivoda does not sell or rent Personal Data to anyone. We only share Personal Data with trusted entities as outlined below, when we have a lawful basis to do so, when you have provided your consent, or when you have expressly made such personal data public.

Service Providers

We share Personal Data with a limited number of Service Providers who deliver services on our behalf, including:

We also use security services to help us mitigate threats such as unauthorised access, DDoS attacks and other malicious activities. We authorise service providers to use or disclose Personal Data only as necessary to perform services on our behalf or to comply with legal requirements. We require all service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf.

Our service providers are predominantly located in the European Union and the United States of America. Whenever we transfer Personal Data to countries outside the EEA, we ensure that the transfer is conducted in accordance with this Privacy Notice and applicable data protection law. Please see Section 8 for further details on the safeguards we apply to international transfers.

Use of Artificial Intelligence (AI) and Large Language Models (LLMs)

We may use Artificial Intelligence (AI) and Large Language Model (LLM) tools to help us deliver and improve our services — for example, to improve communication, enhance retention, analyse customer feedback, and support the customer experience. When we use these tools, Nivoda remains responsible for your personal data. The AI service providers we work with act only as data processors, following our strict instructions and data protection standards.

All AI-related activities are carried out with human oversight, and we never make solely automated decisions about you. You can ask us not to use AI-assisted processing of your personal data at any time by contacting us at [email protected].

We carefully assess our AI systems to ensure they are fair, transparent and free from bias, and we always handle your personal data in line with the GDPR, UK GDPR, CCPA and our privacy policies.

Some of our service providers (particularly in fraud and security) use machine learning to detect patterns and enhance their services. However, with respect to generative AI and LLM tools specifically, your Personal Data is never used by those providers to train their public models.

Business Partners

We share Personal Data with third-party business partners where this is necessary to provide Platform functionality. Examples of such third parties include banks and payment method providers (such as credit card networks) when we provide transaction processing services.

Compliance and Harm Prevention

We share Personal Data as we believe necessary to: (i) comply with applicable law or payment method rules; (ii) enforce our contractual rights; (iii) protect the rights, privacy, safety and property of Nivoda, you or others; and (iv) respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

Buy Now Pay Later / Extended Payment Providers

If you use our buy now, pay later function or we otherwise provide extended payment terms to you (“BNPL Service”), the Personal Data you provide will be processed by our third-party credit and payment service provider, MarketFinance Limited (the “BNPL Service Provider”), to assess your eligibility for the BNPL Service and for other purposes including fraud prevention and identity verification. MarketFinance Limited processes your data under its own privacy policy, which we encourage you to review before using the BNPL Service.

The BNPL Service Provider may share your Personal Data with credit reference agencies (“CRAs”) such as Experian, and may use Personal Data about you and anyone with a financial association to you. The BNPL Service Provider may also collect information from other CRAs in order to assist in assessing your eligibility for credit and payment services in connection with the BNPL Service. The data accessed includes publicly held data, including the electoral roll and shared credit performance data.

When a CRA receives a search from us or a BNPL Service Provider to assess your eligibility for the BNPL Service, the CRA will place a soft quotation search footprint on your credit report, regardless of whether you progress any application. This search will not affect your ability to obtain credit.

If you choose to proceed with an application for the BNPL Service, any Personal Data you provide will be shared with our BNPL Service Provider. Upon making a purchase using the BNPL Service, the BNPL Service Provider may undertake a search with a CRA which will leave a hard search footprint on your credit report. The BNPL Service Provider may also continue to exchange information about your business with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs may share your Personal Data with other organisations.

Further information about each CRA is available at the following locations:

You can contact any of the CRAs if you wish to obtain a copy of your personal or business credit report.

  1. YOUR RIGHTS AND CHOICE

You have choices regarding your Personal Data:

Opting Out of Electronic Communications

If you no longer wish to receive marketing-related emails from us, you can click the unsubscribe link provided at the bottom of each email. We may still send you important service-related messages that are necessary to provide our Platform functionality. These service communications are not subject to opt-out as they form part of the contractual service we provide.

Viewing, Changing or Rectifying Your Personal Data

You can view, change and rectify your Personal Data by going to the Settings section on the Platform. You can also contact us directly at [email protected] to inform us of any changes.

Your Data Protection Rights

Under the GDPR, UK GDPR and other applicable data protection laws, you have the following rights:

To exercise any of the above rights, please contact us at [email protected]. We will respond within one month of receipt of your request. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with a supervisory authority — see Section 10 for details.

  1. SECURITY AND DATA RETENTION

Security

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organisational, technical and administrative measures designed to protect Personal Data against unauthorised access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties and provide services to you.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please notify us immediately at [email protected].

All Personal Data is stored in the European Union, on secure servers, and transmitted using Secure Sockets Layer (SSL) encryption technology.

Data Retention

We retain your Personal Data for as long as we are providing Platform access to you. We retain Personal Data after we cease providing Platform access — even if you close your Nivoda account — only to the extent necessary to comply with our legal and regulatory obligations and for the purpose of fraud monitoring, detection and prevention.

We also retain Personal Data to comply with our tax, accounting and financial reporting obligations, where we are required to retain data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods we support. 

Where we retain data beyond active use, we do so in accordance with any limitation periods and records retention obligations imposed by applicable law. Where personal data is no longer required, we will securely delete or anonymise it.

Personal Data processed by our service providers will be retained in accordance with their respective data retention practices, subject to our contractual requirements. We ensure, through strict data processing agreements, that such retention is limited to what is necessary to fulfill the purposes for which the data was collected, to comply with applicable legal obligations, resolve disputes, and enforce our agreements. Service providers are required to delete or anonymize Personal Data once it is no longer needed for these purposes.

  1. INTERNATIONAL DATA TRANSFER

We are part of a global group of companies. When providing our services through the Platform, we process your personal data in the European Economic Area (“EEA”), the United Kingdom (“UK”), the United States, and other countries in which we and our partners operate, for the purposes described in this notice. This includes sharing your information with our US parent company Nivoda USA LLC other group companies, as well as third-party service providers. We will transfer your information only to countries to which we are permitted by law to do so, and we will take all reasonable steps to ensure that your information is protected.

Transfer Mechanisms

Whenever we transfer personal data to a third country outside of the EEA, UK and Switzerland, we do so on one or more of the following legal bases and transfer mechanisms:

Necessary to perform our contract with you: You may choose whether or not to use our Platform. However, if you want to use the Platform you must agree to our terms and conditions, which set out the contract between us and you. As we use technical infrastructure in the EEA, UK, US and other countries to deliver the services, we may need, occasionally, to transfer your personal data to those jurisdictions as necessary to provide the services.

Where applicable, we also rely on:

In the absence of an adequacy decision, we have implemented the following appropriate safeguards:

  1. UPDATES TO THE PRIVACY NOTICE

We may update this notice from time to time to reflect changes in our practices or applicable laws. Any changes are effective when we publish the updated notice on the Platform. Where changes are material, we will provide you with prominent notice by posting an alert on our website and/or by contacting you through the Platform or the email address associated with your Account. We encourage you to review this notice periodically to stay informed about how we protect your information.

  1. HOW TO CONTACT US, DATA PROTECTION AUTHORITIES AND COMPLAINTS

If you have any questions or comments about this notice, your personal data, or your rights and choices, please contact us at:

Email: [email protected]

Postal address: 100 Hatton Garden, Suite 202, London, United Kingdom EC1N 8NX

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

If you live in the EEA, you are also entitled to lodge a complaint with your local Data Protection Authority. You may find details of your local authority here.

In addition to our DPO, we have appointed an EU representative under Article 27 of the GDPR to act as a point of contact for data subjects and supervisory authorities in the EU/EEA

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Powered by  GDPR Cookie Compliance