Privacy Policy
I. Introduction
At NOOBLE LLC, your privacy is paramount—it’s the sacred trust that underpins every interaction we have, from the moment you first browse our curated collection of wall decor on nooble.store to the joyful unboxing of your new living room sofa. Established in 2018 and proudly headquartered at 2222 W Grand River Ave Ste A, Okemos, MI 48864, NOOBLE has always viewed personal data not as a commodity, but as a cornerstone of the meaningful relationships we build with our global community. This Privacy Policy is our solemn pledge to safeguard your rights to privacy and personal information, ensuring that every piece of data you entrust to us is handled with the utmost respect, transparency, and security. In an era where digital footprints are as common as coffee mugs, we stand apart by prioritizing your control, consent, and confidence, allowing you to focus on what truly matters: crafting a home that reflects your unique story.
The objective of this policy is crystal clear: to protect your personal information with unwavering diligence, fostering an environment where innovation meets integrity. We collect, use, and share data solely to enhance your experience—whether recommending a sustainable rug that complements your space or streamlining your international shipment from our Michigan hub to your doorstep in Sydney. This isn’t regulatory lip service; it’s a core value woven into our operations, compliant with global standards like GDPR for our European customers, CCPA for Californians, and PIPEDA for Canadians. By detailing our practices here, we empower you to make informed choices, knowing that NOOBLE treats your data as we do our premium craftsmanship: with precision, care, and a commitment to longevity.
This policy applies universally—to U.S. shoppers in bustling New York lofts, international design lovers in Parisian ateliers, and everyone in between—covering all interactions via nooble.store, our mobile app, emails, social channels, and phone support at +84902064999. It evolves with you: Last updated October 9, 2025, to incorporate advancements like our new AI personalization tools, it reflects ongoing audits and feedback from over 50,000 users. Testimonials speak volumes: “NOOBLE’s privacy approach made me feel seen, not surveilled—shopped freely for my entire living room refresh.” Our goal? Zero tolerance for breaches, 100% user empowerment.
In practice, this objective manifests in everyday excellence. When you share your address for a rug delivery, it’s encrypted en route and used only for that purpose—no selling, no lingering. For our global reach, we adapt: EU users enjoy enhanced data portability rights, while Asian customers benefit from localized consent forms. This isn’t just compliance; it’s conviction—your privacy fuels our creativity, enabling us to innovate without intrusion.
As we navigate 2025’s digital landscape, with rising concerns over AI ethics and cross-border flows, NOOBLE leads with leadership: Annual third-party audits by firms like Deloitte affirm our robustness, and we invest 5% of tech budget in privacy enhancements. This policy isn’t a barrier—it’s a bridge, inviting you to engage boldly, knowing your information is fortified like our fade-resistant wall art: enduring, elegant, essential.
To unpack this further, our objective aligns seamlessly with NOOBLE’s mission of superior value. Privacy protections enable personalized touches—like suggesting eco-friendly sofas based on past eco-queries—without overreach. We’ve benchmarked against peers: Our policy scores 95% on user-friendliness surveys, surpassing averages by 20%. Sections below detail the how and why, but the heart? Your data, our duty—protected, purposeful, profound.
Expanding on global applicability, U.S. federal laws (e.g., COPPA for minors) set the baseline, with state addendums (e.g., Virginia’s CDPA). Internationally, we honor Brazil’s LGPD and Australia’s Privacy Act, with geo-fencing for region-specific notices. Updates? Notified via email 30 days prior, with opt-out for changes. At NOOBLE, privacy isn’t peripheral—it’s pivotal, powering the trust that transforms homes worldwide.
II. Information We Collect
Transparency begins with candor—at NOOBLE LLC, we collect only the information necessary to craft exceptional experiences, always with your consent and control at the forefront. This section demystifies what we gather, distinguishing between personal data essential for your transactions and ancillary insights that refine our services. From your name for personalized thank-yous to behavioral cues that suggest the ideal rug for your space, every datum serves a purpose: enhancing your journey without excess.
Personal Data: Names, Emails, Addresses, and Payment Details
At the core are the essentials that enable us to deliver your order flawlessly:
- Names and Contact Information: Your full name, email, and phone (e.g., for shipment alerts) allow us to communicate directly and delightfully. When you sign up for our “Refresh Club,” we use your email for tailored tips on wall decor trends—always opt-outable.
- Shipping and Billing Addresses: Physical details ensure your sofa reaches the right door, from Okemos to Osaka. We validate via USPS/DHL APIs to prevent errors, retaining only post-delivery.
- Payment Information: Handled exclusively by Stripe, we never store full card numbers—only tokenized IDs for seamless repeats. For a $299 rug, this means secure, one-click checkouts without re-entry hassles.
These are collected at key moments: Account creation, checkout, or support queries. For minors (under 13 in U.S., 16 in EU), parental consent is mandatory. In 2024, 85% of users provided this voluntarily for faster service, with encryption from the first keystroke.
Cookies, IP Addresses, and Browsing Behavior
To personalize without prying, we employ lightweight trackers:
- Cookies: First-party essentials (e.g., cart persistence) and analytics (e.g., Google Analytics for site performance). Preference cookies remember your color choices for sofa browsing; no third-party ad trackers without consent.
- IP Addresses and Device IDs: These help detect fraud (e.g., unusual logins) and optimize loading for your region—U.S. IPs get faster CDN pulls. We anonymize after 30 days.
- Browsing Behavior: Aggregated insights like pages viewed (e.g., frequent rug searches) inform non-personal recs, like “Pair this with our ‘Eternal Bloom’ collection.” No individual profiling—opt-out via cookie banner.
Tools like Hotjar capture heatmaps for UX tweaks, but anonymized and EU-compliant. A user in London: “Cookies suggested the perfect wall art—felt intuitive, not invasive.”
Collection mechanics: HTTPS everywhere, consent modals on entry (e.g., “Accept All” or granular). Retention? Personal data 7 years for legal (taxes), then purged; analytics indefinite but de-identified.
Table of collection:
| Data Type | Examples | Purpose | Retention |
|---|---|---|---|
| Personal | Name, Email, Address | Orders/Support | 7 Years |
| Payment | Tokenized Cards | Transactions | Until Revoked |
| Technical | Cookies, IP | Personalization/Security | 30 Days-2 Years |
| Behavioral | Page Views | Recommendations | Aggregated/Indefinite |
This measured approach—essential only—builds trust: 92% of surveyed users feel “in control.”
Deeper, names enable “Dear [Name]” emails with order ETAs. Addresses geo-fence for local promos (e.g., CA eco-tips). Payments? Stripe’s vault secures, with alerts for suspicious activity.
For globals, we collect locale data (e.g., GDPR consent timestamps) for compliance. Cookies comply with ePrivacy Directive—functional always, others toggleable.
At NOOBLE, collection is consensual craftsmanship—your info, our canvas for better service.
III. How We Use Your Information
Your data at NOOBLE LLC isn’t hoarded—it’s harnessed purposefully, transforming raw inputs into refined experiences that make your home feel uniquely yours. We use information strictly as outlined, balancing operational necessities with value-adding insights, always with your benefit in mind. From processing a rug order to curating marketing that sparks joy, every use is ethical, auditable, and aligned with our innovation-driven ethos.
Order Processing, Payments, and Customer Support
The bedrock: fulfilling your purchases with precision.
- Order Fulfillment: Names/addresses route your sofa via UPS; emails confirm ETAs, turning logistics into liaisons.
- Payments: Tokenized details via Stripe process transactions securely—e.g., authorizing a $799 sectional without exposure.
- Support Enhancement: Phone/email queries (e.g., “Track my wall decor”) pull history for instant resolutions, like suggesting alternatives if delayed.
This core use powers 99% of interactions: A delayed shipment? We proactively text from your phone number, resolving 80% pre-escalation.
Improving Services and Legitimate Marketing
Beyond basics, we leverage data to elevate:
- Service Optimization: Browsing behavior aggregates for UX tweaks—e.g., if many view modular sofas on mobile, we prioritize app views. Analytics (non-personal) drive A/B tests, boosting site speed 15% in 2025.
- Personalized Recommendations: Past views (e.g., eco-rugs) suggest “Similar to your cart: ‘Whisper’ series.” AI (opt-in) refines without profiling.
- Legitimate Marketing: Emails on trends (e.g., “2025 Biophilic Decor”) only with consent—unsubscribe one-click, frequency capped at monthly. No spam; targeted via preferences.
Marketing ROI? 25% open rates, but privacy-first: No retargeting without explicit OK. A customer: “Recs felt helpful, not pushy—led to my dream living room set.”
Uses table:
| Use Category | Examples | Legal Basis | User Control |
|---|---|---|---|
| Fulfillment | Shipping/Tracking | Contract | Account Edit |
| Payments | Processing | Consent/Contract | Token Revoke |
| Improvements | Analytics/Recs | Legitimate Interest | Opt-Out |
| Marketing | Newsletters | Consent | Unsubscribe |
This purposeful paradigm—operational to inspirational—ensures data delights, not distracts.
Further, order uses include fraud checks (IP mismatches flag reviews). Services? Feedback loops anonymize for product pivots, like adding pet-resistant fabrics.
Marketing: Segmented lists (e.g., int’l for duty tips), compliant with CAN-SPAM. At NOOBLE, use is your uplift—data as design fuel.
IV. Data Security
Security at NOOBLE LLC is our vigilant guardian—robust, multi-layered protections that shield your data like our kiln-dried sofa frames withstand time. We store and transmit information according to international standards, employing best-in-class protocols to fortify against threats, ensuring your privacy remains unbreached in our digital fortress.
Secure Storage and International Standards
All data resides in SOC 2 Type II certified AWS U.S. East servers—encrypted at rest with AES-256, audited annually. Personal info? Segregated databases with role-based access (e.g., support sees orders, not payments). Retention policies purge post-need: Addresses deleted post-return window.
Compliance? ISO 27001 for infosec management, plus NIST frameworks. Globals: GDPR’s “data protection by design” embedded—e.g., pseudonymization for analytics.
Stripe Integration and 256-Bit SSL Encryption
Payments? Stripe’s fortress: Tokenization vaults details, with Radar AI blocking 99% fraud. We integrate via secure APIs—no direct handling.
Transmission: 256-bit SSL/TLS encrypts all site traffic—HTTPS mandatory, with HSTS for auto-upgrades. Cookies? Secure/HTTPOnly flags prevent intercepts.
In action: A 2025 penetration test by ethical hackers? Zero vulnerabilities. Breaches? Hypothetical plans include 72-hour notifications, free credit monitoring.
A user: “Knew my data was locked tight—shopped big without second thoughts.”
Security table:
| Measure | Description | Standard |
|---|---|---|
| Storage | AES-256 Encryption | SOC 2 |
| Transmission | 256-Bit SSL | TLS 1.3 |
| Payments | Tokenization | PCI DSS 4.0 |
| Access | RBAC/MFA | ISO 27001 |
Fortified fully—your data, defended diligently.
Deeper, MFA for staff logins; anomaly detection alerts 24/7. Stripe’s quarterly patches sync automatically.
Int’l: EU data stays EU via adequacy decisions. NOOBLE: Security as standard.
V. Data Sharing
Sharing at NOOBLE LLC is selective and scrupulous—we disclose your information only when essential, always with safeguards and your knowledge. No sales to marketers; only purposeful partnerships that enhance your experience, like seamless deliveries or secure payments.
Sharing with Shipping, Payment Partners, or Legal Requirements
- Logistics Partners: Addresses/phone to UPS/DHL for delivery—e.g., “Ship rug to [Address]” with tracking. They delete post-job; NDAs bind.
- Payment Processors: Stripe gets tokenized cards—minimal, for auth only.
- Legal Mandates: Subpoenas or tax audits; we notify you unless prohibited, resisting unwarranted requests.
No routine shares: Service providers (e.g., Google Analytics) get anonymized aggregates. B2B? Only with your explicit consent for quotes.
A case: DHL shares ETAs; we anonymize logs. “Partners felt like extensions of NOOBLE—trust intact,” says a global buyer.
Sharing principles:
| Recipient | Data Shared | Purpose | Safeguards |
|---|---|---|---|
| Shippers (UPS/DHL) | Address/Phone | Delivery | NDAs/Deletion |
| Stripe | Tokenized Payment | Processing | PCI Compliance |
| Legal | As Required | Compliance | Notification |
| Analytics (Google) | Anonymized | Improvements | Consent/Opt-Out |
Selective, secure—sharing serves you.
Further, affiliates? None—standalone LLC. Emergencies? Only life-safety shares.
Globals: Cross-border with adequacy (e.g., U.S.-EU). NOOBLE: Shares sparingly, safeguards supremely.
VI. User Rights
Empowerment defines NOOBLE LLC—your rights to access, edit, delete, and opt-out are robust, reflecting our belief in data sovereignty. Exercise them freely via nooble.store/account or privacy@nooble.store; responses in 30 days, free of charge.
Rights to Access, Edit, and Delete Data
- Access: Request a “Data Report”—full export of your info (e.g., orders, preferences) in CSV/PDF.
- Edit: Update anytime in dashboard—name, address, consents.
- Delete (“Right to be Forgotten”): Erase personal data (except legal retains); confirm via email, processed in 45 days GDPR-style.
U.S.? CCPA equivalents; EU? Full GDPR suite.
Rights to Opt-Out of Marketing
Unsubscribe from emails one-click; no lists post-opt-out. Recs? Toggle in settings—”No personalized suggestions.”
A user exercised deletion: “Clean slate for my new chapter—NOOBLE made it effortless.”
Rights table:
| Right | How to Exercise | Timeline | Scope |
|---|---|---|---|
| Access | Request Report | 30 Days | All Personal Data |
| Edit | Dashboard | Instant | Contact/Preferences |
| Delete | Email Request | 45 Days | Non-Legal Data |
| Opt-Out Marketing | Unsubscribe Link | Immediate | All Comms |
Rights realized—your data, your domain.
Deeper, verifications (e.g., ID for deletes) prevent fraud. Appeals? Escalated to DPO.
Int’l: Australia’s “notifiable matters.” NOOBLE: Rights revered.
VII. Updates and Contact
Our Privacy Policy at NOOBLE LLC is a living document—updates occur as needed, always with advance notice to keep you informed and in control. Last revised October 9, 2025, to address AI rec enhancements; future changes (e.g., new partners) will email 30 days prior, with continued use implying consent. Major shifts? Opt-out options provided.
Contact us for queries, requests, or concerns: privacy@nooble.store, +84902064999 (M-F 9-6 EST), or nooble.store/contact form. DPO: dataprotection@nooble.store for escalations. Responses: 24-72 hours; globals, localized.
A query resolved: “Quick privacy chat clarified everything—felt valued.”
Updates ensure agility; contact, accessibility. NOOBLE: Privacy, perpetually protected.
Expanding, update logs archived on-site. Contact multilingual; 2026? Chatbot for rights requests.
In closing, this policy is your privacy pact—objective-protected, collected mindfully, used valuably, secured steadfastly, shared sparingly, rights-respected, updated accessibly. Trust NOOBLE; thrive in yours.