Privacy Policy

NUTEA WELLNESS ("NUTEA," "we," "us," or "our") is a premium herbal tea brand based in Ghana. We create and sell botanical tea blends designed for daily wellness rituals. Orders are placed through our website and fulfilled via WhatsApp communication.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website or place an order. It complies with the Ghana Data Protection Act, 2012 (Act 843).

We collect only the minimum information necessary to fulfill your orders. No data is used for marketing, advertising, newsletters, or any form of unsolicited outreach.

• Payment data — we do not process or store credit card numbers, mobile money details, or banking information. Payments are arranged directly via WhatsApp.
• Browsing behaviour — we do not use frontend cookies, trackers, or analytics scripts on your browser. There is no cookie consent banner because there are no cookies to consent to.
• WhatsApp messages — the content of your WhatsApp conversations with us is never stored or logged.
• WhatsApp profile data — your WhatsApp display name and profile photo are not saved.

Your data is used exclusively for:

• Processing and fulfilling your orders
• Contacting you via WhatsApp about your order
• Maintaining internal order and transaction records for accounting and legal compliance

We will never send you marketing emails, newsletters, promotional WhatsApp messages, advertisements, or cold outreach of any kind. Your contact information is not used for solicitation.

Under the Ghana Data Protection Act, 2012 (Act 843), we process your personal data on the following lawful grounds:

• Performance of a contract — processing your data is necessary to fulfill the orders you place with us.
• Legitimate interest — maintaining order records for business operations and legal compliance.
• Consent — by voluntarily providing your information at checkout, you consent to its use for order fulfillment purposes.

All customer and order data is stored on Supabase, a SOC 2 Type II certified cloud platform. Our database is a PostgreSQL instance hosted in Supabase's European region (AWS eu-central-1).

• Data is encrypted in transit (TLS) and at rest (AES-256).
• Admin access to the database is restricted to authorized NUTEA team members with unique credentials.
• Internal analytics (backend-only) use hashed identifiers — phone numbers are never sent in plain text to third-party services.

We share the minimum necessary data with the following service providers:

• Supabase (SOC 2 compliant) — database hosting and file storage for product images.
• WhatsApp (Meta) — we contact you through WhatsApp for order fulfillment. Your phone number is used to initiate conversations. WhatsApp's own privacy policy governs how Meta handles data transmitted through its platform.
• PostHog — backend-only analytics using hashed phone numbers as identifiers. Raw phone numbers never leave our database. PostHog processes this data under its own privacy policy.

We do not sell, rent, or trade your personal data to any third party. We do not share your data with advertisers, data brokers, or analytics platforms beyond what is listed above.

We retain your personal data for as long as necessary to:

• Fulfill your orders and provide customer support
• Comply with legal obligations (e.g., tax and accounting requirements under Ghanaian law)
• Resolve disputes and enforce our terms

Order records are retained for a minimum period required by applicable law. When data is no longer needed, it is securely deleted from our systems.

Under Ghana's Data Protection Act, you have the following rights:

• Right to access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data where there is no compelling reason for us to continue processing it.
• Right to object — object to the processing of your personal data in certain circumstances.
• Right to restrict processing — request that we limit how we use your data.

To exercise any of your data protection rights, contact us through our primary verification channel:

• WhatsApp — send a message to our business WhatsApp number. Your request must come from the phone number associated with your order(s). This is how we verify your identity.

For requests where WhatsApp is not viable, contact us via email at privacy@nuteawellness.com. We may ask for additional information to verify your identity before processing the request.

We will respond to all valid requests within 30 days.

Your data is stored on Supabase servers located in the European Union (AWS eu-central-1, Frankfurt). Supabase maintains SOC 2 compliance and provides adequate safeguards for international data transfers. By using our services, you consent to the transfer of your data to and storage in this location.

In the event of a data breach involving your personal data, we will notify you and the Ghana Data Protection Commission (DPC) in accordance with Act 843 requirements. Notifications will be sent via WhatsApp to the phone number associated with your order(s).

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Material changes may be communicated to you via WhatsApp if they significantly affect how we handle your data.

For questions about this Privacy Policy or to lodge a complaint:

• WhatsApp: Message our business number
• Email: privacy@nuteawellness.com

You also have the right to lodge a complaint with the Ghana Data Protection Commission (DPC) at dataprotection.org.gh.