How we handle your data.

1. Who we are

This privacy notice applies to the website nilapure.com, operated by Nila Pure (the "Controller"). Nila Pure is in pre-launch and is in the process of being incorporated as a Spanish Sociedad Limitada (SL) based in Madrid, Spain. Once incorporated, the registered company details will replace this paragraph.

For any data-related question or to exercise your rights, contact us at privacy@nilapure.com.

2. What data we collect and why

When you join our waitlist, we collect:

• First and last name — to address you personally when we get in touch.
• Email address — to notify you when we launch and send occasional brand updates.
• Phone number with country code — for optional SMS or WhatsApp launch notification, and to help us understand our market geography.
• Language preference — to send communications in the language you've selected.

We also automatically receive technical metadata: your approximate country (derived from IP address by Cloudflare's edge network), your browser's user-agent string, and a timestamp. We use this to detect abuse and understand where our audience is based. We do not store your IP address itself.

3. Legal basis for processing

Under Article 6(1) of the EU General Data Protection Regulation (GDPR), our legal basis for processing your data is:

• Your consent (Article 6(1)(a)) — by submitting the waitlist form, you actively consent to us using your data for the purposes described in section 2. You may withdraw consent at any time.
• Our legitimate interest (Article 6(1)(f)) in detecting abuse and ensuring our service runs reliably — this covers minimal technical metadata only.

4. Who has access to your data

Your data is processed by:

• Nila Pure — the Controller, the only party that uses your data for the purposes above.
• Cloudflare, Inc. — our hosting and database provider, acting as Data Processor under a Data Processing Agreement compliant with GDPR Article 28. Cloudflare stores data on infrastructure within the European Union and operates under Standard Contractual Clauses for any incidental cross-border transfers.

We do not sell, rent, or share your data with advertisers, data brokers, or any third party for marketing purposes.

5. How long we keep it

We keep your data on the waitlist until either of these happens:

• You ask us to remove it (we'll do so within 30 days).
• Twenty-four months pass after our public launch with no engagement from you, at which point we delete inactive records automatically.

6. Your rights under GDPR

Under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct any data that is inaccurate or incomplete.
• Erasure ("right to be forgotten") — ask us to delete your data.
• Restriction — ask us to stop processing your data while keeping it stored.
• Portability — receive your data in a structured, commonly used, machine-readable format.
• Object — object to our processing, particularly for direct marketing purposes.
• Withdraw consent — at any time, with no impact on the lawfulness of prior processing.

To exercise any of these rights, email privacy@nilapure.com. We will respond within 30 days. There is no charge for these requests.

If you believe we have not handled your data properly, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es, or with the supervisory authority in your EU country of residence.

7. Cookies and tracking

This website does not use marketing or analytics cookies. We use one technical browser storage entry called nila-lang to remember your language preference between visits. This is stored locally in your browser, contains no personal data, and is never transmitted to us. You can clear it at any time through your browser settings.

8. Security

We protect your data using HTTPS encryption in transit, encrypted storage at rest via Cloudflare, restricted administrative access via authenticated tokens, and minimal data collection by design. No system is perfectly secure, but we have taken reasonable measures appropriate to the limited scope of data we hold.

9. Changes to this notice

We may update this notice as our business grows — for example, when we launch our online store, payment processing, or marketing tools. Material changes will be communicated by email to everyone on the waitlist before they take effect.