Privacy policy

PRIVACY POLICY

Last Updated: February 24, 2026

Effective Date: February 24, 2026

Flourish by NOVA (a trade name of Nova Element Corp, "we," "us," or "our") operates the website https://flourishbynova.com (the "Site"). This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit the Site, purchase our products, or otherwise interact with us.

We are committed to transparency regarding our data practices. This Policy applies to all visitors, customers, and users of our Site, regardless of location. Please read it carefully. If you do not agree with these practices, please discontinue use of our Site.

Business Contact Information:
Nova Element Corp (d/b/a Flourish by NOVA)
2870 Peachtree Road, #886
Atlanta, GA 30305
Email: hello@flourishbynova.com
Phone: 678-561-0496

 

1. Notice at Collection

This section serves as the Notice at Collection required under the California Consumer Privacy Act (CCPA/CPRA). At or before the point of collection, we inform you of the following:

• Categories of personal information collected and the purposes for which they are used (see Sections 2 and 3 below).
• Whether personal information is sold or shared (see Section 7 below).
•  Retention periods for each category (see Section 9 below).
• Your right to opt out of the sale or sharing of personal information: Do Not Sell or Share My Personal Information.
• Link to this Privacy Policy for a fuller description of our practices.

We will not collect additional categories of personal information or use previously collected personal information for a materially different purpose without providing you a new notice.

 

2. Personal Information We Collect

2a. Categories of Personal Information

We have collected the following categories of personal information from consumers within the last 12 months:

 

2b. Sources of Personal Information

We collect personal information from the following sources:

• Directly from you: When you place an order, create an account, subscribe to emails, fill out a survey or form (including via Typeform and/or ViralSweep), contact customer service, or participate in promotions.
• Automatically from your device: When you visit and navigate our Site, we and our service providers collect browsing data, device information, and usage analytics through cookies, pixels, and similar technologies.
• From third parties: Marketing partners, advertising networks, analytics providers, and social media platforms that provide us with information about your interactions with our ads or content.

 

3. How We Use Your Personal Information

We use the personal information we collect for the following business and commercial purposes:

• Fulfilling orders and transactions: Processing purchases, shipping products, managing subscriptions, handling returns and refunds.
• Customer service: Responding to inquiries, troubleshooting, and providing support.
• Marketing and advertising: Sending promotional emails (with your consent), displaying targeted ads, running campaigns on Meta and Google, and analyzing marketing effectiveness.
• Improving our Site and products: Conducting analytics, tracking Site performance, performing A/B testing, and identifying user experience improvements.
• Security and fraud prevention: Detecting and preventing fraudulent or unauthorized transactions.
• Legal compliance: Complying with applicable laws, regulations, and legal processes.
• Health-related product support: Understanding product effectiveness through voluntary user-submitted health information (e.g., weight management progress, digestive health feedback) to improve product formulation and customer education.
• Promotion administration: During active giveaway or sweepstakes campaigns administered through The NOVA(Verse) App, we share order confirmation data with our promotion administrator (ViralSweep/AppHub LLC) via the Shopify API to verify purchase-based bonus entries. This data sharing occurs server-side and does not involve the placement of additional cookies or tracking technologies by ViralSweep on this Site.

 

4. Disclosure and Sharing of Personal Information

4a. Categories Disclosed for a Business Purpose

In the preceding 12 months, we have disclosed the following categories of personal information to service providers and third parties for a business purpose:

 

4b. Service Providers and Third Parties

We engage the following categories of service providers and third parties, each bound by contractual obligations to protect your data:

 

Discontinued Providers: We previously used Recharge (subscription management) and Klaviyo (email marketing). Data previously shared with these providers is subject to their respective privacy policies and our contractual data processing agreements.

 

5. Sale and Sharing of Personal Information

5a. Definition

Under the CCPA, "selling" means disclosing personal information to a third party for monetary or other valuable consideration. "Sharing" means disclosing personal information for cross-context behavioral advertising. The use of cookies and tracking technologies for targeted advertising may constitute "sharing" under the CCPA.

5b. Categories Sold or Shared

In the preceding 12 months, we may have "shared" (as defined by the CCPA) the following categories of personal information for cross-context behavioral advertising:

• Internet/Electronic Network Activity Information (Category E)
• Inferences drawn from personal information (Category J)

These categories were shared with advertising partners (Meta, Google) for the purpose of measuring ad effectiveness and delivering targeted advertising.

We do not sell personal information for monetary consideration. We do not sell or share the personal information of consumers we know to be under 16 years of age.

5c. Sensitive Personal Information

We collect certain sensitive personal information as described in Section 2a (Category K). We use sensitive personal information only for the following purposes permitted under the CCPA:

• Performing services or providing goods you have requested
• Ensuring security and integrity
• Short-term transient use
• Performing services on behalf of the business
• Verifying or maintaining the quality of our products
• Purposes for which you have given specific consent

We do not use or disclose sensitive personal information for the purpose of inferring characteristics about you. You have the right to limit the use or disclosure of your sensitive personal information (see Section 6).

 

6. Your Privacy Rights

6a. Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA/CPRA:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business or commercial purposes, and the categories of third parties with whom we have shared your information, covering the 12-month period preceding your request.
• Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: You have the right to direct us not to sell or share your personal information. See Section 7 below.
• Right to Limit Use of Sensitive Personal Information: You may direct us to limit our use and disclosure of your sensitive personal information to only those purposes permitted by law.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different level or quality of goods or services, or suggest that you will receive any of these as a consequence of exercising your rights.

6b. How to Submit a Request

You may submit a verifiable consumer request to know, delete, or correct your personal information through the following methods:

1. Online: Submit a request via our website at https://flourishbynova.com/pages/contact 
2. Email: Send your request to hello@flourishbynova.com

6c. Request Timelines

Upon receiving a verifiable consumer request:

• We will confirm receipt within 10 business days and inform you of how we intend to process your request.
• We will respond substantively within 45 calendar days of receiving the request
• If we require additional time, we may extend the response period by an additional 45 calendar days (90 days total), provided we notify you of the extension and the reason within the initial 45-day period. 
• For opt-out requests, we will stop selling or sharing your personal information within 15 business days and notify applicable third parties.

6d. Verification Process

To protect your privacy and security, we will verify your identity before fulfilling a request to know, delete, or correct personal information. Verification may include:

·       Matching at least two data points you provide with data points we maintain (for requests to know categories of information or to delete).

·       Matching at least three data points for requests to know specific pieces of personal information.

·       If we cannot verify your identity, we may deny the request but will explain the basis for denial.

·       You may designate an authorized agent to submit a request on your behalf. We may require the authorized agent to provide proof of signed, written permission and may require you to verify your identity directly with us.

6e. Multi-State Privacy Rights

If you reside in a state with a comprehensive privacy law (including but not limited to Virginia, Colorado, Connecticut, Indiana, Kentucky, Rhode Island, Texas, Oregon, Montana, and others), you may have similar rights under your state's law, including:

·       The right to access your personal data

·       The right to delete your personal data

·       The right to correct inaccurate personal data

·       The right to opt out of the sale of personal data, targeted advertising, or profiling

·       The right to data portability (receiving your data in a portable, readily usable format)

·       The right to appeal a denial of your request

To exercise any of these rights, use the contact methods in Section 6b. If we deny your request, you have the right to appeal. If the appeal is denied, you may contact your state's attorney general.

6f. California "Shine the Light" Rights

Under California Civil Code § 1798.83 (the "Shine the Light" law), California residents who have an established business relationship with us may request, once per calendar year, information about the categories of personal information we shared with third parties for their direct marketing purposes during the preceding calendar year, and the names and addresses of those third parties.

To make such a request, please email us at hello@flourishbynova.com with the subject line "Shine the Light Request." We will respond within 30 days.

As of the date of this Policy, we do not share personal information with third parties for their own direct marketing purposes. If our practices change, we will update this Policy and provide the required disclosure mechanism.

6g. Nevada Opt-Out Rights

Nevada residents may opt out of the "sale" of certain personal information (as defined under Nevada SB 220) to third parties who intend to license or sell that information. To submit such a request, please email us at hello@flourishbynova.com with the subject line "Nevada Opt-Out Request."

 

7. Do Not Sell or Share My Personal Information

You have the right to opt out of the sale or sharing of your personal information. You can exercise this right in the following ways:

1.     Click the "Do Not Sell or Share My Personal Information" link displayed in the footer of our website homepage and on any page that collects personal information.

2.     Submit a request via email at hello@flourishbynova.com.

3.     Enable a Universal Opt-Out Mechanism such as Global Privacy Control (GPC) in your browser. We honor GPC signals as a valid opt-out request under the CCPA/CPRA and applicable state laws including the Colorado Privacy Act and the Connecticut Data Privacy Act.

When we receive a valid opt-out request, we will cease selling or sharing your personal information within 15 business days and notify any third parties to whom we sold or shared your information during the prior 90 days. We will not ask you to re-authorize the sale or sharing of your personal information for at least 12 months after you opt out.

You do not need to create an account to exercise this right.

 

8. Do Not Track Disclosure

The California Online Privacy Protection Act (CalOPPA) requires us to disclose how we respond to "Do Not Track" (DNT) browser signals.

Our Response to DNT Signals: Our Site does not currently respond to DNT browser signals. This is because there is no uniform standard for recognizing or honoring DNT signals across the industry. However, we do honor Global Privacy Control (GPC) signals as described in Section 7, which serves as a recognized Universal Opt-Out Mechanism under the CCPA and other state laws.

Third-Party Tracking: Third parties, including Google Analytics, Meta Pixel, Hotjar, and Microsoft Clarity, may collect information about your online activities over time and across different websites when you use our Site. These third-party practices are governed by their own privacy policies. You can manage third-party tracking through your cookie preferences and browser settings.

 

9. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods by category:

 

After the applicable retention period, personal information is securely deleted or anonymized. If deletion is not immediately possible (e.g., information stored in backup archives), we will securely store the information and isolate it from further processing until deletion is possible.

 

10. Cookies and Tracking Technologies

10a. What Are Cookies

Cookies are small data files placed on your device when you visit a website. We use cookies and similar technologies (pixels, web beacons, local storage) to operate and improve our Site, remember your preferences, analyze traffic, and deliver personalized advertising.

10b. Types of Cookies We Use

Cookie Type	Purpose	Examples
Strictly Necessary	Essential for Site functionality (cart, checkout, session)	Shopify session cookies
Analytics/Performance	Measure Site usage and performance	Google Analytics (_ga, _gid), Hotjar (_hj*), Microsoft Clarity (_clck, _clsk)
Functional	Remember preferences and settings	Language, region
Advertising/Targeting	Deliver relevant ads, measure ad performance	Meta Pixel (_fbp, _fbc)

10c. Cookie Consent

Because we operate exclusively within the United States and do not sell or ship to regions covered by the EU General Data Protection Regulation (GDPR) or the ePrivacy Directive, our Site does not display a cookie consent banner requiring opt-in consent before cookies are placed.

Under applicable U.S. privacy laws — including the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA) — we are required to provide you with notice of our tracking practices and a meaningful opt-out mechanism, rather than prior opt-in consent. We satisfy this requirement through:

·       This Privacy Policy (which describes every tracking technology we use in the table above and in Section 4b);

·       The "Do Not Sell or Share My Personal Information" link in our Site footer, which allows you to opt out of the sale or sharing of personal information for targeted advertising (see Section 7); and

·       Our recognition of Global Privacy Control (GPC) signals as a valid opt-out request (see Section 7).

If we begin selling or shipping to regions that require opt-in cookie consent (e.g., the European Union or United Kingdom), we will implement a cookie consent banner at that time.

10d. Managing Cookies

Even without a cookie consent banner, you have the following options to control cookies:

·       Browser settings: Most browsers allow you to block or delete cookies through the settings menu. Instructions are typically found in the "Help," "Tools," or "Settings" sections of your browser.

·       Global Privacy Control (GPC): Enabling GPC in your browser will be treated as a valid opt-out of cookies used for selling or sharing personal information under the CCPA/CPRA and applicable state laws.

·       Opt-out links for specific providers:

         Google Analytics: https://tools.google.com/dlpage/gaoptout

         Meta: https://www.facebook.com/settings/?tab=ads

Disabling cookies may affect the functionality of certain features on our Site, including the shopping cart and checkout process.

 

11. Data Security

We implement commercially reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

·       Encryption of data in transit (SSL/TLS) and at rest

·       Secure payment processing through PCI DSS-compliant processors (Shopify Payments)

·       Access controls and authentication for administrative systems

·       Regular security assessments of our service providers

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

 

12. Data Breach Notification Procedures

In the event of a data breach involving your personal information, we will comply with all applicable federal and state breach notification laws, including the Georgia Personal Identity Protection Act (O.C.G.A. § 10-1-912) and applicable California law.

Our breach notification procedures include:

·       Notification timing: We will notify affected individuals in the most expedient time possible and without unreasonable delay after discovery of the breach, as required by Georgia law.[19]

·       Notification content: Notifications will include a description of the breach, the types of information involved, steps we have taken in response, and recommended actions for affected individuals.

·       Notification methods: We will notify affected individuals by email, written letter, or, where permitted, substitute notice (website posting and major media notification).

·       Regulatory notification: Where required by law, we will notify the applicable state attorney general or other regulatory body.

 

13. Automated Decision-Making Technology (ADMT)

Effective January 1, 2026, the CCPA regulations require additional disclosures regarding the use of Automated Decision-Making Technology (ADMT) for "significant decisions".

Current Use: We use automated tools for the following purposes:

·       Advertising optimization: Meta Pixel and Google Analytics use algorithmic processing to determine ad targeting and delivery. These tools use personal information to determine which ads you see but do not make decisions that produce legal or similarly significant effects concerning you.

·       Email segmentation: Omnisend uses automated rules to segment audiences for marketing emails based on purchase history and engagement data.

Significant Decisions: We do not currently use ADMT to make "significant decisions" as defined by the CCPA regulations (i.e., decisions regarding access to or the provision of healthcare, financial services, housing, insurance, education, employment, or similarly consequential determinations).

If our use of ADMT changes to include significant decisions, we will update this Policy and provide you with:

·       A pre-use notice before ADMT is applied to your data

·       The right to opt out of ADMT-based significant decisions

·       The right to access information about how ADMT was used in any decision about you

 

14. Risk Assessments

Under the CCPA 2026 amendments, businesses engaging in certain high-risk processing must conduct privacy risk assessments. High-risk processing includes selling or sharing personal information, processing sensitive personal information, and using automated processing to profile consumers.

We conduct risk assessments when our processing activities present significant risks to consumer privacy. These assessments evaluate whether the risks to consumer privacy outweigh the benefits of the processing activity and are maintained internally as required by the CCPA regulations.

 

15. Children's Privacy

Our Site and products are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have inadvertently collected information from a minor, please contact us at hello@flourishbynova.com.

 

16. Third-Party Links

Our Site may contain links to third-party websites, including social media platforms, payment processors, and partner sites. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policy of every website you visit. This Privacy Policy applies only to our Site.

Giveaway Entrants from The NOVA(Verse) App: If you are participating in a giveaway or sweepstakes through The NOVA(Verse) App and you visit this Site to earn bonus entries by making a purchase, your activity on this Site is governed by this Privacy Policy. The cookies and tracking technologies described in Section 10 apply to your visit in the same manner as any other visitor. Your entry data and purchase verification are processed as described in Sections 3 and 4b above.

 

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will update the "Last Updated" date at the top of this page and, where required by law, provide you with additional notice (such as via email or a prominent notice on our Site).

We review this Privacy Policy at least once every 12 months to ensure compliance with the CCPA and other applicable laws.

We encourage you to review this Policy periodically. Your continued use of our Site after any changes indicates your acceptance of the updated Policy.

 

18. Accessibility

We are committed to ensuring that this Privacy Policy is accessible to individuals with disabilities, consistent with ADA requirements and WCAG 2.1 Level AA standards. If you experience difficulty accessing any portion of this Privacy Policy or need it in an alternative format, please contact us at hello@flourishbynova.com and we will work with you to provide the information in an accessible format.

19. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Nova Element Corp (d/b/a Flourish by NOVA)
2870 Peachtree Road, #886
Atlanta, GA 30305
Email: hello@flourishbynova.com
Phone: 678-561-0496

For California-specific privacy requests, please see Section 6b.
For opt-out requests, please see Section 7.
For Shine the Light requests, please see Section 6f.
For Nevada opt-out requests, please see Section 6g.