Plain-language summary: Bleu Allusion collects only the information necessary to process your orders, run your account, and improve your experience. We do not sell your data. We use Shopify for e-commerce, Mailgun for transactional email, and DigitalOcean to host the Nunua Marketplace platform. You can request deletion of your data at any time by emailing [email protected].
Information We Collect
Information You Provide
When you create an account, place an order, or contact us, we may collect:
- Identity data — your name, email address, and password (stored as a secure bcrypt hash)
- Contact data — billing and shipping address, phone number
- Transaction data — order history, items purchased, payment method type (we do not store full card numbers)
- Profile data — your account preferences, wishlist, loyalty points, and style board selections
- Communications — messages you send us through the contact form or support tickets
- Vendor data — if you apply to sell on the Nunua Marketplace, your business name, EIN/tax ID, and banking details for payouts
Information Collected Automatically
When you visit our website, we may collect:
- Device data — browser type, operating system, IP address, device identifiers
- Usage data — pages visited, links clicked, session duration, referrer URL
- Cookie data — see Section 4 for details
Information From Third Parties
We may receive information about you from Shopify (when you complete a purchase on our storefront), from social media platforms if you use social login features, and from fraud detection services.
How We Use Your Information
We use the information we collect to:
- Process and fulfill your orders, including sending order confirmations and shipping updates
- Create and manage your platform account
- Send transactional emails — order receipts, password resets, invitation links
- Send marketing communications, if you have opted in (you can opt out at any time)
- Detect and prevent fraud, unauthorized access, and other illegal activities
- Improve our website, products, and services through analytics
- Comply with legal obligations, resolve disputes, and enforce our agreements
- Process vendor applications and manage vendor accounts on the Nunua Marketplace
Sharing Your Information
We do not sell your personal information. We share data only with:
- Service providers — Shopify (e-commerce), Mailgun (email delivery), DigitalOcean (cloud hosting), Stripe (payment processing), Pesapal (M-Pesa / East African payments). Each is contractually bound to use your data only to perform services for us.
- Marketplace vendors — when you place an order with a Nunua vendor, we share your name, delivery address, and order details with that vendor solely to fulfill your order.
- Legal requirements — we may disclose information when required by law, court order, or government authority, or to protect the rights, property, or safety of Bleu Allusion, our users, or others.
- Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
Cookies & Tracking
We use cookies and similar technologies to operate our platform. These include:
- Essential cookies — required for the site to function (session management, cart state, authentication). These cannot be disabled.
- Analytics cookies — help us understand how visitors use the site. We use anonymized data only.
- Preference cookies — remember your settings, such as dark/light theme preference.
We do not use third-party advertising cookies or sell data to ad networks. You can control non-essential cookies through your browser settings. Note that disabling cookies may affect site functionality.
Data Security
We take reasonable technical and organizational measures to protect your personal information, including:
- All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
- Passwords are hashed using bcrypt — we cannot retrieve your password in plain text
- Admin portal access requires multi-factor authentication (TOTP) for all administrator accounts
- Our servers are hosted on DigitalOcean with firewall rules, automated security updates, and encrypted storage
- Payment card data is handled exclusively by Shopify Payments and Stripe — we never receive or store full card numbers
No method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
Data Retention
We retain your personal information for as long as your account is active or as needed to provide services to you. Specifically:
- Account data — retained until you request deletion or your account is inactive for 36 months
- Order records — retained for 7 years for tax and legal compliance
- Support tickets — retained for 2 years after resolution
- Marketing preferences — retained until you unsubscribe or request deletion
- Audit logs — retained for 12 months for security purposes
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal information we hold about you
- Correction — request correction of inaccurate or incomplete information
- Deletion — request deletion of your personal information ("right to be forgotten")
- Portability — request your data in a machine-readable format
- Objection — object to processing of your data for marketing purposes
- Restriction — request restriction of processing in certain circumstances
To exercise any of these rights, email [email protected] with your request. We will respond within 30 days.
Children's Privacy
Our platform is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will delete that information promptly.
International Data Transfers
Bleu Allusion operates from the United States and serves customers globally, with particular focus on the United States and East Africa. Your information may be transferred to and processed in countries other than your own, including the United States and Kenya.
For transfers from the European Economic Area or United Kingdom, we rely on Standard Contractual Clauses approved by the European Commission, or other appropriate transfer mechanisms, to ensure your data receives adequate protection.
Third-Party Services
Our platform integrates with the following third-party services, each with their own privacy policies:
- Shopify — e-commerce platform (shopify.com/legal/privacy)
- Stripe — payment processing (stripe.com/privacy)
- Mailgun — transactional email (mailgun.com/legal/privacy-policy)
- DigitalOcean — cloud hosting (digitalocean.com/legal/privacy-policy)
- Pesapal — East African payments (pesapal.com/privacypolicy)
Links to our website from third-party sites, and links from our website to third-party sites, are not covered by this Privacy Policy.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and by posting a prominent notice on our website at least 14 days before the change takes effect.
The "Last Updated" date at the top of this page indicates when this policy was last revised. Your continued use of the platform after the effective date constitutes acceptance of the revised policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:
Bleu Allusion Group LLC
Privacy Team
Email: [email protected]
General: [email protected]
We aim to respond to all privacy-related requests within 30 days.