Privacy Policy · NennVersa Atelier
Effective date: June 20, 2026 Last updated: June 20, 2026
NENNVERSA LLC (“NennVersa,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have over it.
This policy applies to your use of nennversa.com, app.nennversa.com, and the NennVersa Atelier digital subscription service.
NennVersa is registered in Sharjah, United Arab Emirates, under trade license number 2430224.01. We comply with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, “PDPL”). For customers located in the European Union and United Kingdom, this policy is also designed to comply with the EU General Data Protection Regulation (GDPR) and the UK GDPR. For California residents, see Section 11 for CCPA-specific rights.
1. Who is the data controller
NENNVERSA LLC, registered in Sharjah, United Arab Emirates, is the data controller responsible for your personal data.
For any privacy-related questions or requests, contact us at: support@nennversa.com
2. What personal data we collect
We collect personal data in the following ways:
Information you give us directly
When you sign up, subscribe, or interact with the Atelier, we collect:
- Account information — your name, email address, password (stored encrypted), and any profile details you provide
- Payment information — billing name, postal address, country, and the last 4 digits of your card. Full card numbers are processed and stored by Stripe (see Section 5), not by us
- Subscription details — your tier (Basic or Premium), subscription start date, billing frequency
- Communications — any messages you send us by email or through the app
- Style profile data — voluntary inputs you make in the Atelier such as your style word, color preferences, body shape quiz results, signature style quiz results, photos of clothing you upload to your Closet, and outfit formulas you save
Information collected automatically
When you visit nennversa.com or use the Atelier, we automatically collect:
- Device and browser information — IP address, browser type and version, operating system, device type, screen size
- Usage data — pages visited, time on page, navigation paths, clicks, search terms used within the Atelier
- Cookies and tracking data — see Section 8 for full cookie disclosure
Information from third parties
We may receive information from:
- Stripe — payment confirmations, fraud indicators, card metadata
- MemberPress — subscription status and tier
- Mail Mint / Brevo — email engagement (opens, clicks, bounces)
3. Why we use your data and legal bases
We use your data for the following purposes:
| Purpose | Examples | Legal basis (GDPR) | Legal basis (PDPL) |
|---|---|---|---|
| Providing the service | Logging you in, syncing your closet, generating outfits | Contract performance | Contract performance |
| Processing payments | Charging your subscription via Stripe | Contract performance | Contract performance |
| Sending transactional emails | Receipts, account notifications, password resets | Contract performance | Contract performance |
| Sending marketing emails | Newsletters, launch announcements, challenge sequences | Consent (with opt-out) | Consent |
| Improving the service | Aggregate usage analysis via Google Analytics | Legitimate interest | Legitimate interest |
| Security and fraud prevention | Detecting unauthorized access, blocking abusive accounts | Legitimate interest | Compliance with law |
| Legal compliance | Tax records, responding to lawful requests | Legal obligation | Legal obligation |
You can withdraw consent for marketing emails at any time by clicking “unsubscribe” at the bottom of any marketing email, or by emailing support@nennversa.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
4. Payment data
NennVersa does NOT store your full payment card details. All payment processing is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor.
When you enter your card at checkout, the card data goes directly from your browser to Stripe’s servers. NennVersa receives only:
- A token representing your payment method (for future renewal charges)
- The last 4 digits and card brand (for your reference and ours)
- The billing name and country
Stripe’s privacy policy is available at: https://stripe.com/privacy
5. Who we share your data with
We share your data ONLY with the following categories of third parties, each chosen for their compliance posture and limited to the data they need:
| Third party | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Name, email, billing address, card data | United States, EU |
| MemberPress | Subscription management | Account email, subscription status | United States |
| Mail Mint / Brevo | Email delivery | Email, name, email engagement data | EU |
| Google LLC (Analytics) | Site analytics | IP, browser, usage patterns (anonymized) | United States, global |
| WordPress hosting provider | Site hosting | All data above (as it’s stored in the WP database) | United States |
| Pinterest, Inc. | Affiliate / acquisition tracking (limited) | Conversion events | United States |
We do NOT sell your personal data to anyone, ever.
We may disclose your data when required by law (court order, lawful government request, or to protect our legal rights). In such cases we will notify you unless prohibited by law.
If NennVersa is acquired or merges with another company, your data may transfer to the new owner. You will be notified by email and given the opportunity to delete your account before the transfer takes effect.
6. International data transfers
Because we use third-party services hosted outside the UAE (Stripe in the US, Google Analytics globally), your data may be transferred to and processed in countries with different data protection laws.
For transfers to the United States and other non-adequate jurisdictions, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, where the third party offers them
- Provider certifications such as the EU-US Data Privacy Framework, where applicable
- Your consent for the specific transfer, where the above are not sufficient
If you have questions about a specific transfer, email support@nennversa.com.
7. How long we keep your data
We retain your data for as long as you have an active subscription, plus:
| Data type | Retention period after subscription ends |
|---|---|
| Account information | 90 days, then deleted (unless you’ve requested deletion earlier) |
| Style profile, closet, collections | 90 days, then deleted |
| Transactional records (invoices, payment history) | 7 years (UAE tax and commercial record requirements) |
| Marketing email engagement history | 24 months from your last interaction |
| Analytics data (anonymized) | 14 months in Google Analytics |
| Support email correspondence | 24 months |
You may request deletion of your data at any time, subject to our legal obligation to retain certain records (see Section 9).
8. Cookies and tracking
We use the following types of cookies and similar tracking technologies:
| Type | Purpose | Examples | Can you opt out? |
|---|---|---|---|
| Essential cookies | Keep you logged in, remember your preferences, secure your session | WordPress session cookies, MemberPress auth | No (required for service) |
| Analytics cookies | Help us understand how people use the site | Google Analytics (_ga, _gid) | Yes — via cookie banner or browser settings |
| Functionality cookies | Remember your light/dark theme, last-visited tab | Atelier app local storage | Yes — clear via browser |
We do NOT currently use:
- Facebook / Meta Pixel
- Advertising cookies from any network
- Cross-site tracking pixels
If we add any of these in the future, we will update this policy and notify active members at least 14 days in advance.
Cookie banner: On your first visit, you will be shown a cookie consent banner. You can choose to accept analytics cookies, decline them, or manage your preferences. You can change your choice at any time by clicking “Cookie preferences” in the website footer.
9. Your rights
Depending on your location, you have the following rights regarding your personal data:
For all users (UAE PDPL, GDPR, UK GDPR)
- Right to access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure (“right to be forgotten”) — ask us to delete your data, subject to our legal obligation to retain certain records
- Right to restrict processing — ask us to limit how we use your data
- Right to data portability — receive your data in a structured, commonly used format
- Right to object — to processing based on legitimate interest, especially marketing
- Right to withdraw consent — for any processing based on consent
Additional rights for EU/UK users (GDPR / UK GDPR)
- Right to lodge a complaint with your local data protection authority (in the EU, this is your country’s Data Protection Authority; in the UK, it’s the ICO)
Additional rights for California users (CCPA / CPRA)
- Right to know what categories of personal information we collect and the business purpose
- Right to delete personal information we have collected (with exceptions)
- Right to opt out of sale — NennVersa does not sell personal information
- Right to non-discrimination — we will not penalize you for exercising your rights
How to exercise your rights
Email support@nennversa.com with your request. We will respond within:
- 30 days for UAE PDPL and GDPR requests
- 45 days for CCPA requests
We may ask you to verify your identity before fulfilling certain requests.
10. Children’s privacy
NennVersa is not directed to children. We do not knowingly collect personal information from anyone under 18 years of age.
If you believe a child has provided personal information to us, contact support@nennversa.com and we will delete it immediately.
11. Security
We take reasonable technical and organizational measures to protect your personal data, including:
- Encryption in transit — all data transmitted between you and our servers uses HTTPS/TLS
- Encryption at rest — passwords are hashed using industry-standard algorithms; sensitive data is encrypted in the database
- Access controls — only authorized personnel have access to personal data, on a need-to-know basis
- Regular security reviews — we monitor for vulnerabilities and apply security updates promptly
- Third-party vetting — we choose service providers (Stripe, hosting, email) based on their security certifications
No system is 100% secure. If we become aware of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours (where required by GDPR/PDPL).
To help us protect your account:
- Use a strong, unique password
- Don’t share your login credentials
- Log out on shared devices
- Notify us immediately at support@nennversa.com if you suspect unauthorized access
12. Updates to this policy
We may update this Privacy Policy from time to time. When we do:
- The “Last updated” date at the top will reflect the change
- For non-material changes (clarifications), the new policy takes effect immediately
- For material changes (new data collection, new third-party sharing, changed legal basis), we will notify you by email at least 14 days before the change takes effect
If you do not agree to a revised policy, you may delete your account as described in Section 9.
13. Contact us
For privacy-related questions, data subject requests, or to report a concern:
- Email: support@nennversa.com
- Postal: Sharjah Media City, Sharjah, UAE
- Business: NENNVERSA LLC, Trade License 2430224.01, Sharjah, United Arab Emirates
Thank you for trusting us with your data. We take that trust seriously.
