Privacy Policy

Updated: February 21, 2026

This Privacy Policy explains how Nirvanalotus collects, uses, and shares your personal data.

You can learn about our privacy practices by accessing the headings below. If you have any questions, please contact us.

Privacy Principles

Privacy is a fundamental human right.

At NirvanaLotus, we firmly believe in and respect basic privacy rights. We maintain that the protection of personal data should not be an optional service, but a universal global standard. Regardless of where you live, we protect your privacy with the same uncompromisingly high standards.

What is Personal Data?

隐私权是用户的基本权利

Nirvana Lotus,我们坚信并尊重基本隐私权。我们认为,保护个人信息不应是一项可选服务,而是一项普适的全球准则。无论您身处何处,我们均以同样的最高标准保护您的隐私。

  • Definition of Personal Data
    • We categorize any data relating to an identified or identifiable individual, or data that we have linked to an individual, as “Personal Data.” This includes:
      • Direct Identifiers: Information that explicitly identifies you, such as your name, email address, and phone number.
      • Indirect Identifiers: Data that does not directly name you but can be used to identify you through reasonable inference, such as device serial numbers, order numbers, and IP addresses.
  • Non-Personal Data
    • For the purposes of this policy, “aggregated data” that has been de-identified and cannot be traced back to a specific individual is considered non-personal data.
  • Boundaries of Responsibility
    • This policy applies exclusively to how the NirvanaLotus official website and direct services (including online consultations and email interactions) handle your personal data. Our services may contain links to third parties; we strongly recommend reviewing their privacy policies before interacting with them, as their definitions and processing methods may differ from ours.
  • Our Core Commitment
    • The sole purpose of our data collection is to optimize your shopping experience and ensure transaction security. We never utilize a user’s personal beliefs, preferences, or browsing habits for any form of “black-box” profiling or hidden behavioral analysis.

Personal Data Collected by NirvanaLotus

Collected as needed, with full transparency.

We adhere to the principle of “Data Minimization,” collecting only the personal data strictly necessary to provide you with high-quality services. The specific content collected depends on how you interact with NirvanaLotus.

When you browse our website, create an account, purchase products, contact our support team, or participate in online surveys, we may collect the following categories of information:

  • Account Information: Your account and related details, including email address, registration status, and account activity.
  • Contact Information: Name, email address, physical shipping address, phone number, or other contact methods.
  • Payment Information: Data regarding your billing address and payment methods, such as necessary settlement information for credit cards, debit cards, or other third-party payments (e.g., PayPal/Stripe).
  • Transaction Information: Data regarding products purchased on the platform or transactions facilitated through the platform, including order details, purchase dates, and after-sales records.
  • Device Information: Data that can identify the accessing device (such as browser type and device model) or data regarding connection quality.
  • Usage Data: Anonymized data regarding your activities on this site, including browsing history, search history, product interaction behavior, performance, and diagnostic data.
  • Security & Anti-Fraud Information: Data used to help identify and prevent fraudulent activity, such as trust scores for orders or monitoring for unusual login behavior.
  • Location Information: Approximate location information obtained to provide region-specific services (such as calculating shipping costs, currency matching, etc.).
  • Other Information You Provide: For example, the content of your communications with customer support or detailed interaction information when contacting us through social media channels.

You may choose not to provide the personal data we request. However, in many cases, if you choose not to provide it, we will be unable to complete product delivery, provide after-sales support, or respond to your specific requests in a timely manner.

Data Processing Purposes & Retention Mechanisms

Clear purposes, limited retention.

We process your data only when there is a legal basis to do so. Our processing purposes cover transaction fulfillment, communication security, and legal compliance. Data retention is strictly limited to the minimum period necessary to achieve these purposes.

Purposes and Methods of Data Processing

  • Transaction Processing & Service Support: Collecting your name, purchase details, and payment information to complete order delivery, process returns/exchanges, and provide necessary after-sales technical support.
  • Communication & Feedback: Used to respond to your inquiries and send order status updates. We may use your contact information to send important notices (such as changes to terms and policies); because this information is vital to transaction fulfillment, you generally cannot opt out.
  • Security & Anti-Fraud: Aimed at protecting the safety of users, employees, and this platform, preventing financial loss, and preempting fraudulent behavior, including risk screening for abnormal orders.
  • Personalized Experience: Provided you have opted into personalized settings, we will use collected information to recommend products that better match your preferences or provide customized communication content.
  • Legal Compliance: Used to fulfill tax filing obligations or comply with regulatory requirements in the relevant jurisdiction.

Legal Basis for Data Processing

  • Contractual Fulfillment: Necessary to complete your orders and service agreements.
  • Your Consent: Applied in specific scenarios where you have provided explicit authorization (e.g., subscribing to marketing content).
  • Legal Obligations: To comply with mandatory legal requirements such as accounting and taxation.
  • Legitimate Interests: Used to improve our service quality and security, provided it does not infringe upon your interests, rights, or expectations.

Note on Automated Decision-Making

We commit that we will not use algorithms or automated profiling methods to make any decisions that would have a legal or significant impact on you without human intervention and review.

Data Retention Period and Disposal

  • Retention Assessment: We carefully evaluate the necessity of retaining data. If the data is no longer required by law or for business operations, we strive to retain it for the shortest period permitted by law.
  • Storage Limitations: Once the retention period expires, your personal data will be permanently deleted or deeply anonymized so that it can no longer be re-associated with your personal identity.
  • Special Retention: We may retain necessary copies of data beyond the aforementioned periods only when involved in specific legal obligations such as litigation, tax audits, or crime prevention.

Data Sharing and & Third-Party Ecosystem

Limited sharing, strictly controlled.

NirvanaLotus does not sell or share your personal data for third-party marketing purposes. We only engage in necessary data interactions with trusted partners to fulfill orders, provide services, or comply with legal requirements.

Service Providers

To deliver products and provide service support, we engage third-party service providers to perform specific tasks on our behalf:

  • Payment Processing: Such as Stripe and PayPal, used to securely encrypt and process your transaction information.
  • Logistics & Delivery: Such as DHL, FedEx, and UPS, used to ship products to your address.
  • Data Storage: Trusted cloud service providers used to ensure your account security.

Business Partners

We occasionally collaborate with third parties to provide specific services. In such collaborations, we require our partners to implement privacy protection measures equivalent to our own to safeguard your personal data.

Sharing Based on Your Instructions

We may share information with others at your direction or with your explicit consent. For example, when you choose to log in via a social media account or link a third-party loyalty program.

Law, Safety, and Public Interest

  • Legal Compliance: We may disclose information if we determine that disclosure is necessary or appropriate for purposes of national security, law enforcement, or other issues of public importance.
  • Operational Protection: We may also disclose your information if we determine that disclosure is reasonably necessary to enforce our Terms of Service or protect our operations or user safety.
  • Corporate Changes: In the event of a reorganization, merger, or sale, we may transfer data to the relevant third party.

No-Sale Statement

NirvanaLotus never sells your personal data. Whether in Nevada, California (CCPA), or any other jurisdiction worldwide, we do not engage in any activity that meets the legal definition of “selling” or “sharing” data for commercial gain. We do not sell or share your personal data for third-party marketing purposes; we only interact with trusted partners when necessary to fulfill orders, provide services, or comply with the law.

International Data Flow & Legal Boundaries

Your data may cross borders, but security remains uncompromised.

As a global independent platform, NirvanaLotus connects you with curated products from around the world. To achieve this, your personal data may be transferred to or processed by entities in different countries or regions.

Global Processing and Storage

  • Your personal data is typically stored on our global core servers. Regardless of where your data is located, NirvanaLotus applies the same rigorous security measures.
  • We comply with all applicable laws in various jurisdictions regarding the cross-border transfer of personal data to ensure your information receives consistent legal protection worldwide.

Legal Basis for Cross-Border Transfer

  • Standard Contractual Clauses (SCCs): For personal data transfers involving the European Economic Area (EEA), the UK, and Switzerland, we implement internationally recognized “Standard Contractual Clauses” to ensure the security of data in transit.
  • Regional Compliance: For example, we strictly adhere to the Personal Information Protection Law (PIPL) for users in Mainland China and follow CCPA requirements for users in California.

Third-Party Service Providers

  • For the processing purposes described in this policy (such as international logistics and global payment settlement), we may transfer necessary data to third-party partners located outside your country of residence. These partners are required to sign strict data processing agreements to ensure that data remains secure and controlled after being transferred abroad.

Global Compliance Certification

  • Our privacy practices are designed to align with major global cross-border privacy frameworks (such as the spirit of the Global CBPR framework). We are committed to ensuring that our global business operations meet high security standards for data flow through continuous internal compliance reviews.

Your Rights Checklist

You have absolute control over your data.

At NirvanaLotus, we ensure that when you exercise your privacy rights, you receive the same high level of service quality as any other user. We do not engage in any form of discriminatory treatment.

Your Core Rights

  • Access & Portability: You may request a copy of the personal data we hold about you at any time.
  • Correction & Rectification: If your data is inaccurate or incomplete, you have the right to request an update.
  • Right to Erasure (The Right to be Forgotten): You may request the deletion of your personal information.
  • Withdrawal of Consent: If you have previously authorized us to process your data (such as subscribing to marketing emails), you may withdraw that consent at any time.

How to Exercise Your Rights

You can submit a privacy request by emailing us at legal@nirvanalotus.com. To protect your account security, we may require you to log in and verify your identity before processing requests involving sensitive personal data.

Special Circumstances Where Requests May Not Be Approved

  • Legal Obligations: For example, if you request the deletion of transaction records that we are legally required to retain for tax audits (typically for 7 years).
  • Anti-Fraud & Security: If your account is under investigation for security risks, we may delay or deny a deletion request to protect the platform and others.
  • Conflict of Interest: If the request jeopardizes the privacy of others, is extremely impractical, or constitutes a repetitive request without justification.

Region-Specific Support

If you reside in California (CCPA) or the European Union (GDPR) and are unable to submit a request through regular channels, please contact our compliance team directly. We will provide support based on the specific legal statutes of your region.

Regulatory Complaints

If you are unsatisfied with our response, you also have the right to lodge a complaint with the appropriate data protection regulatory authority in your country or region.

Children’s Data

Safeguarding the digital privacy of the next generation.

At NirvanaLotus, we define a “child” as an individual under the age of 13 (or the equivalent age as defined by the laws in your specific jurisdiction).

Service Restrictions

Our website and product offerings are primarily intended for adults. We do not knowingly solicit or collect personal data from individuals we know to be children.

Parental Authority and Consent

  • If a child needs to use our services or interact with our platform under parental guidance, prior review and explicit consent from a parent or guardian must be obtained.
  • We encourage parents and guardians to monitor their children’s online activities to ensure their privacy remains protected.

Management and Deletion Mechanisms

  • Proactive Erasure: If we become aware that we have collected personal data from a child without proper parental authorization, we will employ technical measures to permanently delete such data from our servers as quickly as possible.
  • Parental Requests: If you, as a parent or guardian, discover that your child has provided information to us without your consent, please contact us immediately at legal@nirvanalotus.com. Upon verification, we will prioritize the de-registration and destruction of the relevant data.

Contact & Policy Updates

Listening to your voice.

If you have any questions regarding our Privacy Policy or personal data processing practices, or if you wish to file a privacy-related complaint, our dedicated team is here to support you and ensure a timely response.

Privacy Inquiries and Support

If you have any questions about this policy or NirvanaLotus’s data protection practices (including instances where third-party service providers act on our behalf), please feel free to contact us at legal@nirvanalotus.com. You may also inquire about how to submit a privacy complaint, and we will do our best to assist you.

Commitment to Response Speed

We take your privacy concerns seriously. Our compliance team reviews every inquiry to determine the best way to address your specific issue.

  • Response Timeframe: In most cases, substantive privacy inquiries or requests will receive a response within 7 business days.
  • Complex Situations: For more complex requests, we may notify you if additional information or a longer processing time is required, maintaining full transparency regarding our progress.

Continuous Improvement Mechanism

Your feedback is a vital reference for enhancing our services.

  • Process Optimization: If a complaint indicates room for improvement in our privacy handling, we will take steps to implement systemic updates at the next reasonable opportunity.
  • Problem Resolution: If a privacy issue has had a tangible impact on you or other users, we will take proactive measures to work with you toward a resolution.

Right to Lodge a Complaint

If you are unsatisfied with our response, you may lodge a complaint with the relevant regulatory authority in your country or region at any time. If you consult us regarding this, we will provide information on applicable complaint channels based on your specific circumstances.

Policy Change Notifications

This Privacy Policy is updated periodically to reflect changes in the legal environment or our business operations.

  • Direct Contact: If we have valid contact information for you, we will also notify you of significant changes directly via email or other methods.
  • Proactive Notification: When material changes are made to this policy, we will post a notice in a prominent location on this website at least 7 days in advance.