Privacy Policy

The Nitelyfe, LLC, a Delaware limited liability company (“Nitelyfe,” “Company,” “we,” “us,” or “our”), respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy (“Policy”) describes the types of information we may collect from you or that you may provide when you visit the website thenitelyfe.com (including all subdomains), use the Nitelyfe mobile application available on the Apple App Store, or interact with any other digital property owned or operated by Nitelyfe (collectively, the “Services”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Policy applies to information we collect through the Services, in email, text, and other electronic messages between you and the Services, and when you interact with our advertising and applications on third-party websites and services if those applications or advertising include links to this Policy. It does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from the Services.

Please read this Policy carefully to understand our policies and practices regarding your information. By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with our policies and practices, do not use the Services.

1. Definitions

For the purposes of this Policy, the following terms shall have the meanings set forth below:

• “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes, but is not limited to, the categories enumerated in Section 2.
• “Processing” means any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, restriction, erasure, or destruction.
• “Service Provider” means a person or entity that processes Personal Information on behalf of Nitelyfe pursuant to a written contract that prohibits the recipient from retaining, using, or disclosing the Personal Information for any purpose other than performing the services specified in the contract.
• “Consumer” or “you” means a natural person who is a resident of any jurisdiction and who interacts with the Services in any capacity, including as a visitor, registered user, customer, business account holder, or prospective customer.
• “De-identified Data” means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual or household, provided that Nitelyfe has implemented technical safeguards and business processes to prevent re-identification and has made no attempt to re-identify such information.

2. Categories of Personal Information We Collect

We have collected the following categories of Personal Information from Consumers within the preceding twelve (12) months. Not all categories are collected from every Consumer; the information collected depends on how you interact with the Services.

A. Identifiers

Real name, alias, email address, postal address, telephone number, unique personal identifier, online identifier, Internet Protocol (IP) address, and account name. Sources: directly from you when you complete a purchase, submit a form, or create an account; automatically from your device when you access the Services.

B. Customer Records Information

Name, address, telephone number, billing address, and financial information (payment card data is collected and processed solely by our third-party payment processor and is never stored on Nitelyfe’s servers). For business account holders: additional identity verification and tax identification information as required by applicable law. Sources: directly from you during transactions or account registration.

C. Commercial Information

Records of products or services purchased, transaction amounts, and purchasing history. Sources: generated through your use of the Services and our payment processor.

D. Internet or Other Electronic Network Activity

Browsing history on the Services, search history within the Services, information regarding your interaction with the Services (pages visited, click behavior, session duration), browser type and version, operating system, referring URL, device identifiers, and diagnostic data. Sources: automatically collected via cookies, pixels, and third-party analytics tools.

E. Geolocation Data

Approximate geographic location inferred from your IP address, and precise location data if you grant the Services permission to access location services on your device. Sources: automatically collected from your device and/or provided directly by you.

F. Sensory Data

Photographs and images you upload in connection with your use of the Services. Sources: directly from you through file upload functionality.

G. Professional or Employment-Related Information

Company name, job title, and role. Sources: directly from you via inquiry or account registration forms.

H. Inferences

We may draw inferences from the above categories to create a profile reflecting your preferences and characteristics. Sources: derived from other Personal Information we collect.

3. Legal Bases for Processing

We process your Personal Information only when we have a valid legal basis to do so. Depending on the specific context in which we collect your information, our legal bases include:

• Performance of a contract — Processing is necessary for the performance of a contract to which you are a party (e.g., processing your purchase or fulfilling a service you requested).
• Legitimate interests — Processing is necessary for our legitimate business interests, such as improving the Services, preventing fraud, ensuring network security, and direct marketing, provided those interests are not overridden by your fundamental rights and freedoms.
• Consent — Where required by applicable law, we obtain your affirmative consent before processing. You may withdraw consent at any time by contacting us (see Section 15), though withdrawal will not affect the lawfulness of processing conducted prior to withdrawal.
• Legal obligation — Processing is necessary for compliance with a legal obligation to which Nitelyfe is subject, including tax reporting, regulatory compliance, and responding to lawful governmental requests.

4. How We Use Your Information

We may use the Personal Information we collect for the following business and commercial purposes:

• Transaction processing — To process and fulfill your purchases and related payment processing; to send order confirmations, receipts, and invoices.
• Account management — To create, maintain, and secure your account and to verify identity.
• Communications — To respond to your inquiries and support needs; to send administrative information such as service updates and security alerts.
• Service improvement — To understand how the Services are used; to diagnose technical problems; to improve the content, functionality, and user experience of the Services.
• Personalization — To tailor content and recommendations based on your preferences and interactions.
• Security and fraud prevention — To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities; to enforce our Terms of Service.
• Legal compliance — To comply with applicable laws, regulations, legal processes, or enforceable governmental requests; to establish, exercise, or defend legal claims.
• Business transfers — In connection with, or during negotiations of, any merger, acquisition, sale of assets, financing, or transfer of all or a portion of our business.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice and, where required, obtaining your consent.

5. Disclosure of Personal Information

We do not sell, rent, or lease your Personal Information to third parties. We do not share your Personal Information for cross-context behavioral advertising purposes.

We may disclose your Personal Information to the following categories of recipients for the business purposes described herein:

A. Service Providers

We engage third-party companies and individuals to facilitate the Services and perform services on our behalf, including payment processing, data hosting, email delivery, analytics, and security. These Service Providers have access to your Personal Information only to perform these tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose. Your payment card details are handled directly by our payment processor and are never stored on our servers.

B. Business Partners

When you complete a transaction through the Services, we may share limited information (such as your name and email address) with the applicable business partner solely for the purpose of fulfilling your order and communicating relevant updates.

C. Legal and Regulatory Disclosures

We may disclose your Personal Information to third parties if we determine, in our sole discretion, that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Terms of Service, including investigation of potential violations; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) protect against harm to the rights, property, or safety of Nitelyfe, our users, or the public as required or permitted by law.

D. Business Transfers

In the event that Nitelyfe is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, sale of all or a portion of its assets, or similar transaction, your Personal Information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information, prior to any such transfer becoming effective.

6. Cookies & Tracking Technologies

We and our third-party Service Providers use cookies, web beacons, pixels, and similar tracking technologies to collect information automatically as you navigate the Services. A “cookie” is a small data file stored on your device by your web browser.

Types of Cookies We Use

Your Cookie Choices

Most web browsers are set to accept cookies by default. You may remove or reject cookies by adjusting your browser settings; however, doing so may affect the availability and functionality of the Services. You may opt out of third-party analytics tracking by adjusting your browser’s cookie settings or by using available opt-out tools provided by your analytics provider.

Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, the Services do not respond to DNT signals. However, you may opt out of certain tracking as described above.

7. Data Retention

We retain your Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected, as described in this Policy, unless a longer retention period is required or permitted by law. The retention period for each category of data is determined based on the nature of the data, the purposes for which it is processed, applicable legal and regulatory requirements (including tax and financial reporting obligations), and our legitimate business interests.

Account information is retained for the duration of your active account and for a reasonable period thereafter. Transaction records are retained as required by applicable law. When Personal Information is no longer necessary for the purposes for which it was collected, we will securely delete or de-identify it in accordance with our internal data retention and destruction policies.

8. Data Security

We have implemented and maintain reasonable and appropriate administrative, technical, and physical security measures designed to protect the confidentiality, integrity, and availability of your Personal Information against unauthorized access, disclosure, alteration, and destruction. These safeguards are regularly reviewed and updated to address evolving threats.

Payment card data is processed entirely by a PCI DSS-compliant third-party payment processor. Nitelyfe does not receive, transmit, or store payment card numbers on its systems.

No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee absolute security. In the event of a data breach involving your Personal Information, we will notify you and applicable regulatory authorities in accordance with the timelines and procedures required by applicable law (see Section 14).

9. Your Privacy Rights & Choices

Depending on your jurisdiction, applicable data protection laws may provide you with certain rights regarding your Personal Information. We honor these rights irrespective of your state of residence when technically feasible and commercially reasonable. Your rights may include:

• Right to know / access — You have the right to request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom it has been shared.
• Right to correct — You have the right to request correction of inaccurate Personal Information that we maintain about you, taking into account the nature of the data and the purposes of processing.
• Right to delete — You have the right to request deletion of Personal Information we have collected from you, subject to certain exceptions provided by law (e.g., completion of a transaction, legal compliance, security, or exercising free speech).
• Right to data portability — You have the right to request a copy of your Personal Information in a structured, commonly used, and machine-readable format.
• Right to opt out of sale or sharing — Although we do not sell your Personal Information or share it for cross-context behavioral advertising, you have the right to direct us not to do so.
• Right to non-discrimination — We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, provide a different quality of service, or suggest that you may receive a different price or quality of service for exercising your rights.
• Right to opt out of analytics — You may opt out of third-party analytics tracking by adjusting your browser’s cookie settings or by using available opt-out tools provided by your analytics provider.

How to Submit a Request

To exercise any of the rights described above, please submit a verifiable consumer request by contacting us at custoservice@thenitelyfe.com or by writing to us at the address listed in Section 15. You may also designate an authorized agent to make a request on your behalf by providing written authorization.

Verification Process

Upon receiving your request, we will verify your identity by matching identifying information provided in your request against information we already maintain. We may ask you to provide additional information reasonably necessary to verify your identity. We will respond to a verifiable request within forty-five (45) days of receipt, or thirty (30) days where required by applicable state law. If we require additional time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.

10. Texas Data Privacy and Security Act (TDPSA) Notice

If you are a Texas resident, the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code §§ 541.001–541.205, effective July 1, 2024) provides you with specific rights regarding your Personal Information. In addition to the rights described in Section 9, Texas residents have the right to:

• Confirm whether we are processing your Personal Information and access that data.
• Correct inaccuracies in your Personal Information.
• Delete Personal Information you have provided to us.
• Obtain a portable copy of your Personal Information in a readily usable format.
• Opt out of the processing of your Personal Information for purposes of targeted advertising, the sale of Personal Information, or profiling in furtherance of decisions that produce legal or similarly significant effects.

Right to appeal: If we decline to take action on your request, we will inform you of the reasons for our decision and provide instructions for how you may appeal. You may appeal our decision by contacting us at custoservice@thenitelyfe.com with the subject line “TDPSA Appeal.” We will respond to your appeal within sixty (60) days. If you are not satisfied with our response, you may contact the Texas Attorney General at texasattorneygeneral.gov.

11. California Consumer Privacy Act (CCPA/CPRA) Notice

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”), provides you with additional rights regarding your Personal Information. This section supplements the rest of this Policy and applies solely to California residents.

Categories Collected, Sources & Purposes

The categories of Personal Information we have collected in the preceding twelve (12) months, and the sources and business purposes for each, are described in Sections 2 and 4 above.

Sale and Sharing of Personal Information

In the preceding twelve (12) months, we have not sold any Personal Information of California residents, nor have we shared Personal Information for cross-context behavioral advertising as defined by the CCPA. We do not have actual knowledge that we sell or share the Personal Information of consumers under sixteen (16) years of age.

Your CCPA Rights

In addition to the rights described in Section 9, California residents have the right to:

• Request disclosure of the specific pieces of Personal Information collected (up to twice per twelve-month period).
• Request information about our disclosure of Personal Information to third parties for direct marketing purposes (California Civil Code § 1798.83, the “Shine the Light” law). We do not disclose Personal Information for third-party direct marketing.
• Limit the use and disclosure of sensitive Personal Information to purposes necessary to perform the Services.

We will not retaliate against you for exercising any of your CCPA rights.

Financial Incentive Notice

We do not currently offer any financial incentives in exchange for the retention, sale, or sharing of your Personal Information.

12. Rights of Individuals in the European Economic Area and United Kingdom

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the General Data Protection Regulation (EU 2016/679) (“GDPR”) and the UK GDPR provide you with additional rights. In addition to the rights in Section 9, you have the right to:

• Restrict processing — Request restriction of processing of your Personal Information under certain circumstances (e.g., while we verify accuracy of the data or assess a legitimate-interest override).
• Object to processing — Object to processing of your Personal Information based on our legitimate interests; we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
• Lodge a complaint — Lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.

International Data Transfers

The Services are operated from the United States. If you access the Services from outside the United States, please be aware that your Personal Information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to the transfer of your information to the United States. Where required by applicable law, we implement appropriate safeguards for cross-border transfers, including Standard Contractual Clauses approved by the European Commission, to ensure that your data is protected to the standards required by the GDPR.

13. Children’s Privacy

The Services are not intended for or directed to individuals under the age of eighteen (18). We do not knowingly collect, solicit, or maintain Personal Information from anyone under 18 years of age, and no part of the Services is designed to attract anyone under 18. In accordance with the Children’s Online Privacy Protection Act (“COPPA”), if we learn that we have collected Personal Information from a child under the age of 13 without verified parental consent, we will delete that information as expeditiously as possible. If you believe that a child under 13 has provided us with Personal Information, please contact us immediately at custoservice@thenitelyfe.com.

14. Data Breach Notification

In the event of a security breach that results in unauthorized access to, or acquisition of, unencrypted or unredacted Personal Information that compromises the security, confidentiality, or integrity of your Personal Information maintained by us, we will:

• Promptly investigate the nature and scope of the breach.
• Take appropriate steps to contain and remediate the breach.
• Notify affected individuals without unreasonable delay and no later than sixty (60) days after discovery, or within the shorter timeframe required by applicable state or federal law (e.g., Texas requires notification “as expediently as possible and without unreasonable delay,” not later than 60 days; California requires notification “in the most expedient time possible and without unreasonable delay”).
• Notify the Texas Attorney General if the breach affects at least 250 Texas residents, as required by Texas Business & Commerce Code § 521.053.
• Notify applicable supervisory authorities within 72 hours of becoming aware of a breach involving the Personal Information of EEA or UK residents, where required by the GDPR.

Notification will include, to the extent known: the nature of the breach, the categories of data affected, the approximate number of individuals affected, a description of the measures taken or proposed to address the breach, and contact information for obtaining additional information.

15. Third-Party Links & Services

The Services may contain hyperlinks to websites, applications, or services operated by third parties (“Third-Party Services”). These links are provided for your convenience and informational purposes only. We do not operate, control, or endorse any Third-Party Services, and this Policy does not apply to information collected by Third-Party Services. We encourage you to review the privacy policies of any Third-Party Service before providing your Personal Information. We bear no responsibility or liability for the content, privacy policies, or practices of any Third-Party Service. Your interactions with Third-Party Services are governed solely by the terms and policies of those third parties.

16. Automated Decision-Making & Profiling

We do not currently engage in automated decision-making that produces legal or similarly significant effects on you without human intervention. We may use automated tools for fraud prevention and security purposes, which may result in temporary restrictions on access to certain features. If you believe you have been incorrectly affected, please contact us and we will manually review the matter.

17. Changes to This Privacy Policy

We reserve the right to update or modify this Policy at any time and for any reason. When we make material changes, we will (a) update the “Last updated” date at the top of this page, and (b) provide prominent notice through the Services (e.g., a banner or notification) or by sending you an email, if applicable, prior to the changes becoming effective. Your continued use of the Services after the effective date of any revised Policy constitutes your acceptance of the revised terms. If you do not agree to the revised Policy, you must discontinue use of the Services.

We encourage you to periodically review this page for the latest information on our privacy practices.

18. Governing Law & Dispute Resolution

This Policy and any disputes arising out of or relating to it shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of laws principles. To the fullest extent permitted by applicable law, any dispute, claim, or controversy arising out of or relating to this Policy or the breach, termination, enforcement, interpretation, or validity thereof shall be resolved exclusively in the state or federal courts located in Dallas County, Texas, and you consent to the personal jurisdiction and venue of such courts. Nothing in this section shall limit your right to bring enforcement actions under applicable data protection laws in your jurisdiction of residence.

19. Severability

If any provision of this Policy is held to be invalid, unlawful, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, or if modification is not possible, it shall be severed from this Policy. The invalidity or unenforceability of any provision shall not affect the validity or enforceability of the remaining provisions, which shall continue in full force and effect.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We will endeavor to respond to all legitimate inquiries within a reasonable timeframe and no later than the period required by applicable law.

For TDPSA, CCPA, or GDPR-specific requests, please include the applicable statute reference (e.g., “TDPSA Request,” “CCPA Request,” or “GDPR Request”) in the subject line of your email so we may route your inquiry appropriately.