Privacy policy

Last updated: 2 February 2026

Introduction

This Privacy Policy describes how Noat Sweden AB ("NOAT", "we", "us", or "our") collects, uses, and discloses personal information when you visit, use our services, or make a purchase from our international online store (the "Site"), or otherwise communicate with us regarding the Site (collectively, the "Services").

For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose personal information we process.

Please read this Privacy Policy carefully.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, operational requirements, or applicable legal or regulatory obligations. When we do, we will update the "Last updated" date at the top of this Privacy Policy and take any additional steps required by applicable law.

How We Collect and Use Personal Information

To provide the Services, we collect personal information from a variety of sources. The information we collect depends on how you interact with the Site and the Services.

In addition to the specific uses described below, we may use personal information to:

  • Communicate with you
  • Provide, operate, and improve the Services
  • Comply with legal obligations
  • Enforce our terms and policies
  • Protect the security and integrity of the Services, our users, and our business

What Personal Information We Collect

When we refer to "personal information", we mean information that identifies, relates to, describes, or can reasonably be associated with an identified or identifiable individual.

Information You Provide Directly

You may provide us with personal information when you interact with the Services, including:

  • Contact details such as your name, shipping address, billing address, phone number, and email address
  • Order information such as products purchased, payment confirmation, transaction history, and delivery details
  • Account information such as login credentials and information used to secure your account
  • Customer support information such as the content of communications you send to us

You may choose not to provide certain information, but this may limit your ability to use some features of the Services.

Information Collected Automatically

When you use the Site, we automatically collect certain information about your device and interaction with the Services ("Usage Data"), including:

  • Device type, browser type, and operating system
  • IP address and approximate location derived from IP
  • Pages viewed, actions taken, and referral information
  • Interaction with emails or advertisements

We collect this information using cookies, pixels, SDKs, and similar technologies ("Cookies").

Information from Third Parties

We may receive personal information from third parties, including:

  • E-commerce platform providers such as Shopify
  • Payment processors, who collect payment information directly to process transactions
  • Analytics, advertising, and marketing partners who help us understand usage and deliver relevant advertising

Any information received from third parties is handled in accordance with this Privacy Policy.

Under the EU General Data Protection Regulation ("GDPR"), we rely on the following legal bases to process personal information:

Providing Products and Services

We process personal information to perform our contract with you, including to:

  • Process payments
  • Fulfill and ship orders
  • Manage accounts
  • Handle returns and customer service inquiries

Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

Marketing and Advertising

We may use personal information to send marketing communications and display advertisements on our Site and third-party platforms. This may include tailoring content based on interactions with the Services.

Where required by law, we will obtain your consent. Otherwise, we rely on our legitimate interest in promoting our products.

Legal basis:

  • Legitimate interests (Article 6(1)(f) GDPR)
  • Consent, where applicable (Article 6(1)(a) GDPR)

You may opt out of marketing communications at any time.

Security and Fraud Prevention

We process personal information to detect, prevent, and investigate fraudulent or malicious activity and to protect the Services.

Legal basis: Legitimate interests (Article 6(1)(f) GDPR)

Service Improvement and Analytics

We use personal information to analyze how the Services are used and to improve functionality, performance, and user experience.

Legal basis: Legitimate interests (Article 6(1)(f) GDPR), subject to cookie consent requirements where applicable

Cookies and Tracking Technologies

We use Cookies to operate and improve the Services, perform analytics, and support marketing activities.

Where required by applicable law, we use a cookie consent tool to allow you to manage your preferences. You can also manage Cookies through your browser settings, but blocking Cookies may affect functionality.

For information about Shopify-related Cookies, see Shopify’s cookie policy.

Profiling and Automated Decision Making

We may engage in limited profiling for marketing and analytics purposes, such as segmenting customers based on purchase behavior or interactions with the Site.

We do not use automated decision making that produces legal or similarly significant effects on you.

How We Disclose Personal Information

We may disclose personal information in the following circumstances:

  • Service providers that support our operations, such as payment processing, fulfillment, analytics, customer support, and cloud hosting
  • Marketing and advertising partners to deliver and measure advertising campaigns
  • Affiliates within our corporate group
  • Legal and regulatory authorities, where required to comply with applicable law
  • Business transactions, such as a merger, restructuring, or sale of assets

We do not sell personal information in the ordinary commercial sense.

International Transfers

Your personal information may be transferred to and processed in countries outside your country of residence, including countries outside the European Economic Area.

Where we transfer personal information internationally, we rely on appropriate safeguards such as:

  • European Commission Standard Contractual Clauses
  • UK International Data Transfer Agreements, where applicable
  • Transfers to countries deemed adequate by the European Commission

Children’s Data

The Services are intended for adults and are not directed to children. We do not knowingly collect personal information from children as defined under applicable data protection laws.

If you believe a child has provided us with their personal information, please contact us and we will take appropriate steps to delete it.

Data Retention

We retain personal information only for as long as necessary to:

  • Provide the Services
  • Maintain accounts
  • Comply with legal and tax obligations
  • Resolve disputes
  • Enforce our agreements

Retention periods vary depending on the type of data and purpose of processing.

Your Rights

Depending on your location, you may have the right to:

  • Access personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Object to or restrict processing
  • Request data portability
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

You may exercise your rights by contacting us using the details below. We may need to verify your identity before responding.

Contact

If you have questions about this Privacy Policy or our data practices, or wish to exercise your rights, please contact us at:

Email: hello@noat.com
Data Controller: Noat Sweden AB
Registered Address: Sweden

For EU data protection purposes, Noat Sweden AB is the data controller of your personal information.