Privacy policy

Effective Date: April 21, 2026
Last Updated: April 21, 2026

Nightingale-Conant Corporation ("Nightingale-Conant," "we," "us," or "our") respects your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have. It applies to visitors and customers of www1.nightingale.com and any related digital services we operate (collectively, the "Services").

By using the Services you agree to the practices described here. If you do not agree, please do not use the Services.

1. Who We Are

Nightingale-Conant Corporation is a direct-to-consumer publisher of personal-development audio programs, based in the United States.

Mailing address: 1449 S Michigan Ave, Suite 13181, Chicago, IL 60605, USA
Contact for privacy requests: https://www1.nightingale.com/pages/contact

2. Personal Information We Collect

2.1 Information you provide directly

  • Account & order information: name, email address, billing and (if provided) mailing address, phone number, account password.
  • Payment information: processed by our payment processors (Shopify Payments, Shop Pay, PayPal, Venmo, and card networks). We do not store full payment-card numbers on our own servers.
  • Customer-service communications: information you submit through our contact form, emails, or messages to our support team.
  • Marketing preferences: your email subscription status and your preferences.

2.2 Information collected automatically

  • Device & connection data: IP address, browser type and language, operating system, device identifiers, approximate location derived from IP, and referring URLs.
  • Usage data: pages viewed, search queries, products viewed or purchased, clickstream, timestamps, and download activity.
  • Cookies and similar technologies: see Section 8.

2.3 Information from third parties

  • Payment processors confirm payment and provide fraud-prevention signals.
  • Advertising and analytics partners may provide aggregated or pseudonymous information about your interactions with our ads or marketing emails.
  • Social platforms (if you choose to interact with our content there) may share limited profile information consistent with your privacy settings on those platforms.
  • Legacy customer records: in April 2026 we imported historical customer and order records from our prior e-commerce system (Magento) into our current platform solely for customer-service lookup. These records are read-only historical data. If you made purchases with Nightingale-Conant before April 2026, some of your information originated from that legacy system. See Section 12.

We do not knowingly collect "sensitive" personal information as defined under U.S. state privacy laws (for example, precise geolocation, government IDs, health data, or racial or ethnic origin).

3. How We Use Personal Information

We use the information described above for the following purposes:

  • Provide and deliver the Services — fulfill orders, deliver digital downloads via secure links, maintain your account, and provide customer support.
  • Process payments — through our payment processors, and to detect and prevent fraud, chargebacks, and abuse.
  • Communicate with you — send order confirmations, receipts, download links, service notices, and responses to inquiries.
  • Marketing — send promotional emails about new releases, offers, and programs, where permitted by law. You can opt out at any time (see Section 9).
  • Improve the Services — analyze usage, measure the performance of pages and campaigns, debug issues, and develop new features and content.
  • Personalize your experience — remember your preferences, recently viewed products, and cart contents.
  • Legal and compliance — comply with law, enforce our Terms of Service, respond to lawful requests, and protect our rights, property, and users.

4. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar laws, we rely on the following legal bases under the GDPR and UK GDPR:

  • Performance of a contract — to create your account, fulfill your order, and deliver purchased content.
  • Legitimate interests — to secure the Services, prevent fraud, conduct basic analytics, and market our own similar products to existing customers, balanced against your rights.
  • Consent — for optional cookies, email marketing where required by law, and any other processing that legally requires consent. You may withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other laws.

5. How We Share Personal Information

We do not sell personal information for money. We share personal information only as described below:

5.1 Service providers (processors)

We share personal information with vendors that help us operate the Services under written contracts that limit their use of the information to providing services to us. Principal categories include:

  • E-commerce platform: Shopify Inc., which hosts our storefront and handles order processing.
  • Payment processors: Shopify Payments, Shop Pay, PayPal, and Venmo.
  • Content delivery and security: Cloudflare, Inc., which provides DNS, caching, and security for our storefront and for our download-delivery service at downloads-api.nightingale.com.
  • Cloud storage for downloads: Amazon Web Services, Inc. (AWS S3), which stores audio files delivered via short-lived secure download links.
  • Email delivery: our transactional and marketing email provider(s).
  • Analytics: Shopify Analytics and Google Analytics (GA4).
  • Advertising measurement: Meta (Facebook) Pixel, used to measure the effectiveness of advertising on Meta platforms. You can control this through your cookie preferences (Section 8).
  • Customer support and productivity tools used by our staff to respond to inquiries.

5.2 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to this Privacy Policy or a successor policy.

5.3 Legal requirements and protection

We may disclose personal information when we reasonably believe disclosure is required to comply with law, legal process, or a governmental request; to enforce our Terms of Service; to protect the rights, property, or safety of Nightingale-Conant, our users, or others; or in connection with investigations of suspected fraud or abuse.

5.4 With your direction or consent

We share information with third parties when you direct us to do so (for example, when you choose to sign in using a third-party account) or with your consent.

6. "Sale" and "Sharing" of Personal Information

Under certain U.S. state privacy laws (including the California Consumer Privacy Act as amended by the CPRA), the use of cookies and tracking technologies for targeted or cross-context behavioral advertising may be treated as a "sale" or "sharing" of personal information, even if no money changes hands.

Nightingale-Conant uses advertising cookies and pixels (including the Meta Pixel) that can result in this type of "sharing." We do not knowingly sell or share the personal information of consumers under the age of 16.

You can exercise your right to opt out of sale/sharing:

  • By clicking "Do Not Sell or Share My Personal Information" (where available on our site) or by adjusting our cookie banner.
  • By sending a Global Privacy Control (GPC) signal from a supporting browser or extension — we honor GPC signals as opt-out requests for the browser that sends them.
  • By submitting a request through our contact form.

7. Your Privacy Rights

7.1 U.S. state privacy rights

Depending on where you live, you may have some or all of the following rights under U.S. state laws (including the CCPA/CPRA in California, and comprehensive privacy laws in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida, Delaware, Iowa, Minnesota, Maryland, Montana, New Hampshire, New Jersey, and Tennessee, among others):

  • Know / access — request what personal information we have about you and how we use it.
  • Correct — request correction of inaccurate personal information.
  • Delete — request deletion of personal information, subject to legal exceptions.
  • Portability — request a copy of your personal information in a portable format.
  • Opt out of sale or sharing — as described in Section 6.
  • Limit use of sensitive personal information — although we generally do not collect sensitive categories.
  • Non-discrimination — we will not discriminate against you for exercising these rights.
  • Appeal — where your state provides for it, you may appeal our decision on a rights request.

7.2 EEA, UK, and similar jurisdictions

If you are in the EEA, UK, Switzerland, or a jurisdiction with similar laws, you may have the right to: access your personal data; request rectification or erasure; restrict or object to processing; withdraw consent where processing is based on consent; data portability; and lodge a complaint with your local data protection authority.

7.3 How to exercise your rights

Submit a request through our contact form and describe the right you are exercising and the state or country you reside in. We will verify your identity, typically by confirming information you have previously provided (such as your email address and recent order). We respond within 45 days for CCPA/CPRA requests and 30 days for GDPR/UK GDPR requests, with extensions where permitted by law. You may use an authorized agent to submit a request; we will require proof of authorization.

8. Cookies and Tracking Technologies

We and our service providers use cookies, web beacons, pixels, and similar technologies to operate the Services, remember your preferences, measure performance, and — with your consent where required — deliver and measure advertising. Categories include:

  • Strictly necessary — required to run the site, log in, complete purchases, and secure the Services.
  • Functional — remember your preferences such as language or cart contents.
  • Analytics — understand how visitors use the site so we can improve it.
  • Advertising — measure the performance of advertising and, where permitted, deliver personalized advertising.

You can control non-essential cookies through our on-site cookie preferences (where available), your browser settings, and browser-level signals such as Global Privacy Control. Disabling cookies may affect Services functionality.

9. Marketing Communications

We may send you marketing emails about our products, authors, and offers. You can opt out at any time by clicking the "unsubscribe" link at the bottom of any marketing email or by contacting us through our contact form. Even if you opt out of marketing emails, we will still send you transactional messages such as order confirmations and download links, and administrative messages about your account.

We do not currently send SMS/text marketing messages. If this changes in the future, we will obtain your express written consent before doing so, as required under the Telephone Consumer Protection Act (TCPA) and related laws.

10. Data Retention

We retain personal information only as long as needed for the purposes described in this Privacy Policy and to comply with our legal obligations.

  • Account records — while your account is active and for a reasonable period thereafter so we can restore access and respond to inquiries.
  • Order and transaction records — typically at least seven (7) years, to comply with tax, accounting, and audit requirements.
  • Legacy Magento records — retained for historical customer-service lookup. See Section 12.
  • Marketing lists — until you unsubscribe, and for a short period afterward for suppression-list purposes.
  • Server logs and analytics — typically 13 months or less in identifiable form.
  • Support communications — while needed to resolve the matter and a reasonable period afterward.

11. Data Security

We use technical and organizational safeguards designed to protect personal information, including HTTPS/TLS encryption in transit, encryption at rest for payment-card data held by our processors and for downloadable media in AWS S3, role-based access controls for our staff, and routine review of our security practices. No system is perfectly secure, so we cannot guarantee absolute security.

12. Legacy Magento Order Records

In April 2026 we migrated approximately 63,892 historical orders (covering the period 2014–2026) and associated customer contact records from our prior Magento-based system into our current Shopify-based platform solely so our customer-service team can look up your purchase history. These records are read-only historical data: they are not fulfillable through the new store, do not grant download access, and cannot be reordered.

If you purchased from Nightingale-Conant before April 2026 and would like to review, correct, or delete your legacy record (subject to the retention obligations in Section 10), please submit a request through our contact form and indicate that your request relates to a legacy pre-2026 order.

13. Children's Privacy

The Services are intended for adults and are not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children under those ages. If you believe a child has provided personal information to us, please contact us and we will promptly delete it.

14. International Data Transfers

We are based in the United States. When you use the Services from outside the U.S., your personal information will be transferred to, processed in, and stored in the United States and other countries where we and our service providers operate. When we transfer personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum / International Data Transfer Agreement, as applicable).

15. EU/UK Representative

Nightingale-Conant Corporation is a U.S.-based company. Where required under Article 27 of the EU General Data Protection Regulation (GDPR) or the equivalent provision of the UK GDPR, we are in the process of formally appointing a representative in the European Union and the United Kingdom. Until that appointment is complete, EEA, UK, and Swiss residents who wish to raise a question or concern about how we process their personal data — or who wish to exercise a data-subject right under the GDPR or UK GDPR — may contact us directly:

  • Online: www1.nightingale.com/pages/contact (please include "GDPR Request" or "UK GDPR Request" in your message)
  • Post: Nightingale-Conant Corporation, Attn: Privacy, 1449 S Michigan Ave, Suite 13181, Chicago, IL 60605, USA

We will respond to all verifiable requests from EEA and UK residents within 30 days as required by the GDPR and UK GDPR. If you believe we have not adequately addressed your concern, you retain the right to lodge a complaint with your national or regional data protection supervisory authority (for example, the Irish Data Protection Commission for EU matters, or the UK Information Commissioner's Office for UK matters).

16. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. We do use automated tools (including those provided by our payment processors) for fraud-prevention and abuse detection, which are subject to human review.

17. Do Not Track

Our Services do not respond to browser Do Not Track (DNT) signals at this time because no common industry standard has been adopted. We do, however, honor Global Privacy Control (GPC) signals as described in Section 6.

18. Third-Party Links

The Services may contain links to third-party sites and services that are not operated by us. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing them with personal information.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where required by law, provide additional notice (such as a banner on the Services or an email to registered customers). Your continued use of the Services after an update takes effect means you accept the updated Privacy Policy.

20. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy or our privacy practices, please contact us:

Nightingale-Conant Corporation
1449 S Michigan Ave, Suite 13181
Chicago, IL 60605, USA
Contact form