Privacy Policy
This Privacy Policy describes how Nevola Group LLC ("Nevola", "we", "us") collects, uses, discloses, and protects personal information when you visit nevolagroup.com or interact with our advertising and marketing properties. Nevola is the controller of personal data processed under this policy.
Contents
1. Who we are
Nevola Group LLC is a Delaware limited liability company with its principal place of business at 7065 Westpointe Blvd, Suite 310, Orlando, FL 32835, United States. Nevola operates the Nevola Engine personalization platform and consumer content brands that run on it, including Lisa Aura.
Given our size and the scope of our processing, Nevola has not appointed a Data Protection Officer. For any privacy matter — including requests from data subjects in the EU, UK, Brazil, or California — write to contact@nevolagroup.com. We respond within statutory timelines.
2. Data we collect
We collect three categories of personal information.
Information you provide
- Contact details when you email us or request a sales conversation: name, email address, company, role, message content.
- Account or sandbox sign-up data for the Nevola Engine API, when applicable: business email, organization name, billing details.
Information collected automatically
- Device and connection data: IP address, user-agent, operating system, browser, language, referring URL, timestamps.
- Usage data: pages viewed, time on page, click events, navigation paths, screen size.
- Identifiers stored on your device through cookies and similar technologies — see our Cookie Policy for the full inventory.
Information from third parties
- Advertising performance and audience data returned by Meta Platforms, Inc. ("Meta") for campaigns we run on Facebook and Instagram, including aggregate reach, conversion, and audience-quality metrics.
- Lead form responses submitted through Meta Lead Ads or Meta Instant Forms when you complete an ad we run.
- Information from payment processors and identity verification providers when you transact with a Nevola brand.
3. How we use data
- To operate and improve nevolagroup.com and the Nevola Engine.
- To respond to enquiries and provide customer support.
- To measure, target, and improve marketing campaigns, including those served on Meta platforms.
- To build and refresh advertising audiences — both prospecting audiences and Custom Audiences derived from website visitors or hashed contact data.
- To detect, investigate, and prevent abuse, fraud, and security incidents.
- To meet legal, tax, and accounting obligations.
4. Legal bases (GDPR & UK GDPR)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Consent — for non-essential cookies, the Meta Pixel and Conversions API, Custom Audiences built from website activity, and any marketing communications.
- Legitimate interests — for security logging, fraud prevention, aggregate analytics, and direct B2B outreach where the balancing test permits.
- Contractual necessity — for account, sandbox, and billing operations.
- Legal obligation — for tax, accounting, and lawful requests from competent authorities.
You can withdraw consent at any time through the cookie banner or by writing to contact@nevolagroup.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
5. Meta advertising tools
Nevola advertises on Meta platforms (Facebook and Instagram) to promote both the Nevola Engine and consumer brands operated by Nevola. To plan, deliver, measure, and optimize those campaigns we use the following Meta tools, in line with the Meta Business Tools Terms and applicable Meta Advertising Standards.
Meta Pixel and Conversions API
On the websites of Nevola consumer brands (not on nevolagroup.com), we deploy the Meta Pixel, a fragment of code that loads in the visitor's browser and transmits event data — page views, content views, lead form submissions, purchases — to Meta. We may complement the Pixel with the Conversions API (CAPI), a server-to-server channel that sends the same event data from our servers to Meta. CAPI improves measurement when browser-side tracking is blocked or unavailable.
Event data shared with Meta includes IP address, user-agent, hashed email and phone (when available), Facebook click and browser identifiers (fbc, fbp), event name, event timestamp, and event source URL. Personal identifiers shared via CAPI are hashed using SHA-256 before transmission.
On nevolagroup.com itself we currently do not load the Meta Pixel or send CAPI events.
Custom Audiences
We build Meta Custom Audiences in two ways: from website activity captured by the Pixel and CAPI, and by uploading hashed customer lists (email or phone, SHA-256). Custom Audiences let us reach existing visitors or customers with a relevant message. We also use Custom Audiences as the basis for Lookalike Audiences, which Meta builds from anonymized similarity signals.
Lead Ads and Instant Forms
Some of our campaigns use Meta Lead Ads and Instant Forms. When you submit one of those forms, Meta delivers the responses to us. We process them only for the purpose disclosed in the form (typically commercial follow-up about Nevola or one of its brands) and retain them in line with the retention rules in section 8.
Joint controller arrangement
For some Meta tools — notably the collection of event data through the Pixel and CAPI for Custom Audiences and ads measurement — Nevola and Meta act as joint controllers under Article 26 of the GDPR. The essential terms of that arrangement are set out in Meta's Controller Addendum. In summary: Meta is primarily responsible for fulfilling data subject requests for the data covered by the joint controllership; Nevola is responsible for providing this notice and obtaining valid consent where required.
6. Sharing & processors
We do not sell personal information. We share it with the following categories of recipients, under written contracts that require confidentiality and adequate safeguards:
- Advertising platforms — Meta Platforms, Inc., for the purposes described in section 5.
- Hosting and infrastructure — providers that operate the servers and CDN on which our sites and services run.
- Analytics — limited, privacy-respecting analytics providers used to measure aggregate site usage.
- Payment processing — when you transact with a Nevola brand, payment networks and processors handle the card data directly.
- Professional advisors — lawyers, accountants, and auditors, bound by professional secrecy.
- Authorities — when disclosure is required by valid legal process.
We do not disclose personal information for any other party's independent marketing purposes.
7. Cookies & tracking
nevolagroup.com uses a small set of cookies. Non-essential cookies — including any future analytics or advertising cookies — are blocked until you give consent through the cookie banner shown on first visit. The full cookie inventory, purposes, providers, and durations are listed in our Cookie Policy.
8. Retention
- Meta Pixel event data — retained by Meta for up to 180 days for ads optimization, then aggregated or deleted in line with Meta's data policy.
- Server logs and security logs — 12 months by default, up to 24 months when needed for security investigations.
- Lead form responses and sales correspondence — up to 24 months after the last meaningful interaction, unless a longer period is required by law or a customer relationship is active.
- Account and billing records — for the duration of the contract plus the statutory retention period for tax and accounting (typically 5–7 years in the United States).
- Aggregate, non-identifying analytics — retained without time limit.
9. International transfers
Nevola is established in the United States. Personal information we process is stored on servers in the United States and the European Union. When personal data is transferred from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses and, where relevant, the UK International Data Transfer Addendum.
10. Your rights
Subject to local law, you have the following rights over your personal information:
- Access — obtain a copy of the data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion, subject to legal retention obligations.
- Restriction — limit how we process your data in specific situations.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests, including profiling for direct marketing.
- Withdrawal of consent — at any time, without affecting processing carried out before withdrawal.
- Complaint — lodge a complaint with your supervisory authority (e.g. your national Data Protection Authority in the EU, the ICO in the UK, or the ANPD in Brazil).
California residents (CCPA / CPRA). You have the right to know, delete, and correct personal information we hold, the right to opt out of "sharing" for cross-context behavioral advertising, and the right not to be discriminated against for exercising those rights. We do not sell personal information for money.
Brazil (LGPD). Holders of personal data in Brazil have the rights described in Articles 17–22 of the LGPD, including confirmation, access, correction, anonymization, portability, deletion, and information about with whom data is shared.
To exercise any right, write to contact@nevolagroup.com. We may need to verify your identity before responding.
11. Advertising opt-outs
You can limit how Meta uses data we share with it through the following controls — all of them are operated by Meta or industry bodies, not by Nevola:
- Meta Ad Preferences — adjust who can advertise to you on Meta platforms.
- Activity off Meta technologies — disconnect or clear off-Meta activity tied to your account.
- Instagram ad preferences.
- Digital Advertising Alliance opt-out (US).
- European Interactive Digital Advertising Alliance (EU/UK).
- Global Privacy Control (GPC) — we honour the GPC signal where applicable as an opt-out of "sharing" under California law.
12. Security
We apply technical and organizational measures designed for the risk of the processing: encryption in transit (TLS 1.2+), access controls, principle of least privilege, secret rotation, separation of production from non-production environments, and monitoring. No system is perfectly secure; we work to minimize risk and address issues quickly when they arise.
13. Children
Nevola does not knowingly process personal information of children under 16 (or the equivalent age of digital consent in your jurisdiction). Our website and products are directed at businesses and adult subscribers. If you believe a child has provided us with personal data, write to contact@nevolagroup.com and we will delete it.
14. Changes
We may update this Privacy Policy when our practices change or when required by law. The "Last updated" date at the top of the page reflects the latest revision. Material changes are announced on this page at least 30 days before they take effect; we recommend reviewing the policy periodically.
15. Contact
For any question about this Privacy Policy or about how Nevola processes your personal data, write to:
Nevola Group LLC
7065 Westpointe Blvd, Suite 310
Orlando, FL 32835 · USA
contact@nevolagroup.com