Privacy policy

Effective Date: April 21, 2026
Last Updated: May 10, 2026

Nightingale-Conant Corporation ("Nightingale-Conant," "we," "us," or "our") respects your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have. It applies to visitors and customers of www.nightingale.com and any related digital services we operate (collectively, the "Services").

By using the Services you agree to the practices described here. If you do not agree, please do not use the Services.

1. Who We Are

Nightingale-Conant Corporation is a direct-to-consumer publisher of personal-development audio programs, based in the United States.

Mailing address: 1449 S Michigan Ave, Suite 13181, Chicago, IL 60605, USA
Contact for privacy requests: https://www.nightingale.com/pages/contact

2. Personal Information We Collect

2.1 Information you provide directly

  • Account & order information: name, email address, billing and (if provided) mailing address, phone number, account password.
  • Payment information: processed by our payment processors (Shopify Payments, Shop Pay, PayPal, Venmo, and card networks). We do not store full payment-card numbers on our own servers.
  • Customer-service communications: information you submit through our contact form, emails, or messages to our support team.
  • Marketing preferences: your email subscription status and your preferences.

2.2 Information collected automatically

  • Device & connection data: IP address, browser type and language, operating system, device identifiers, approximate location derived from IP, and referring URLs.
  • Usage data: pages viewed, search queries, products viewed or purchased, clickstream, timestamps, and download activity.
  • Cookies and similar technologies: see Section 8.

2.3 Information from third parties

  • Payment processors confirm payment and provide fraud-prevention signals.
  • Analytics partners may provide aggregated or pseudonymous information about site usage.
  • Social platforms (if you choose to interact with our content there) may share limited profile information consistent with your privacy settings on those platforms.
  • Legacy customer records: in April 2026 we imported historical customer and order records from our prior e-commerce system (Magento) into our current platform for customer-service lookup and continuity of digital-download access. If you made purchases with Nightingale-Conant before April 2026, some of your information originated from that legacy system. See Section 12.

We do not knowingly collect "sensitive" personal information as defined under U.S. state privacy laws (for example, precise geolocation, government IDs, health data, or racial or ethnic origin).

3. How We Use Personal Information

We use the information described above for the following purposes:

  • Provide and deliver the Services — fulfill orders, deliver digital downloads via secure links, maintain your account, and provide customer support.
  • Process payments — through our payment processors, and to detect and prevent fraud, chargebacks, and abuse.
  • Communicate with you — send order confirmations, receipts, download links, service notices, and responses to inquiries.
  • Marketing — send promotional emails about new releases, offers, and programs, where permitted by law. You can opt out at any time (see Section 9).
  • Improve the Services — analyze usage, measure the performance of pages and campaigns, debug issues, and develop new features and content.
  • Personalize your experience — remember your preferences, recently viewed products, and cart contents.
  • Legal and compliance — comply with law, enforce our Terms of Service, respond to lawful requests, and protect our rights, property, and users.

4. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar laws, we rely on the following legal bases under the GDPR and UK GDPR:

  • Performance of a contract — to create your account, fulfill your order, and deliver purchased content.
  • Legitimate interests — to secure the Services, prevent fraud, conduct basic analytics, and market our own similar products to existing customers, balanced against your rights.
  • Consent — for optional cookies, email marketing where required by law, and any other processing that legally requires consent. You may withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other laws.

5. How We Share Personal Information

We do not sell personal information for money. We share personal information only as described below:

5.1 Service providers (processors)

We share personal information with vendors that help us operate the Services under written contracts that limit their use of the information to providing services to us. Principal categories include:

  • E-commerce platform: Shopify Inc., which hosts our storefront and handles order processing.
  • Payment processors: Shopify Payments, Shop Pay, PayPal, and Venmo.
  • Content delivery and security: Cloudflare, Inc., which provides DNS, caching, and security for our storefront and for our download-delivery service at downloads-api.nightingale.com.
  • Cloud storage for downloads: Amazon Web Services, Inc. (AWS S3), which stores audio files delivered via short-lived secure download links.
  • Email delivery: Shopify (Shopify-native order and account email), Resend, Inc. (transactional email and mission-statement follow-up emails), and HubSpot, Inc. (marketing automation and lead-nurture email).
  • Analytics: Shopify Analytics (included with the Shopify platform) and Google LLC (Google Analytics 4).
  • Productivity and customer-support tools: Google LLC (Google Workspace — Gmail, Drive, Calendar, Meet) used by our staff to communicate with customers and operate the business.

5.2 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to this Privacy Policy or a successor policy.

5.3 Legal requirements and protection

We may disclose personal information when we reasonably believe disclosure is required to comply with law, legal process, or a governmental request; to enforce our Terms of Service; to protect the rights, property, or safety of Nightingale-Conant, our users, or others; or in connection with investigations of suspected fraud or abuse.

5.4 With your direction or consent

We share information with third parties when you direct us to do so (for example, when you choose to sign in using a third-party account) or with your consent.

6. "Sale" and "Sharing" of Personal Information

Under certain U.S. state privacy laws (including the California Consumer Privacy Act as amended by the CPRA), the use of cookies and tracking technologies for targeted or cross-context behavioral advertising may be treated as a "sale" or "sharing" of personal information, even if no money changes hands.

Nightingale-Conant uses cookies and similar technologies — primarily analytics cookies that measure site usage — that may, under certain U.S. state-law interpretations, result in this type of "sharing," even though no money changes hands. We do not currently operate third-party advertising pixels (such as the Meta Pixel or Google Ads pixels) on our site. We do not knowingly sell or share the personal information of consumers under the age of 16.

You can exercise your right to opt out of sale/sharing:

  • By clicking "Do Not Sell or Share My Personal Information" (where available on our site) or by adjusting our cookie banner.
  • By sending a Global Privacy Control (GPC) signal from a supporting browser or extension — we honor GPC signals as opt-out requests for the browser that sends them.
  • By submitting a request through our contact form.

7. Your Privacy Rights

7.1 U.S. state privacy rights

Depending on where you live, you may have some or all of the following rights under U.S. state laws (including the CCPA/CPRA in California, and comprehensive privacy laws in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida, Delaware, Iowa, Minnesota, Maryland, Montana, New Hampshire, New Jersey, and Tennessee, among others):

  • Know / access — request what personal information we have about you and how we use it.
  • Correct — request correction of inaccurate personal information.
  • Delete — request deletion of personal information, subject to legal exceptions.
  • Portability — request a copy of your personal information in a portable format.
  • Opt out of sale or sharing — as described in Section 6.
  • Limit use of sensitive personal information — although we generally do not collect sensitive categories.
  • Non-discrimination — we will not discriminate against you for exercising these rights.
  • Appeal — where your state provides for it, you may appeal our decision on a rights request.

7.2 EEA, UK, and similar jurisdictions

If you are in the EEA, UK, Switzerland, or a jurisdiction with similar laws, you may have the right to: access your personal data; request rectification or erasure; restrict or object to processing; withdraw consent where processing is based on consent; data portability; and lodge a complaint with your local data protection authority.

7.3 How to exercise your rights

Submit a request through our contact form and describe the right you are exercising and the state or country you reside in. We will verify your identity, typically by confirming information you have previously provided (such as your email address and recent order). We respond within 45 days for CCPA/CPRA requests and 30 days for GDPR/UK GDPR requests, with extensions where permitted by law. You may use an authorized agent to submit a request; we will require proof of authorization.

8. Cookies and Tracking Technologies

We and our service providers use cookies, web beacons, pixels, and similar technologies to operate the Services, remember your preferences, measure performance, and — with your consent where required — deliver and measure advertising. Categories include:

  • Strictly necessary — required to run the site, log in, complete purchases, and secure the Services.
  • Functional — remember your preferences such as language or cart contents.
  • Analytics — understand how visitors use the site so we can improve it.
  • Advertising — measure the performance of advertising and, where permitted, deliver personalized advertising. We do not currently operate advertising pixels.

You can control non-essential cookies through our on-site cookie preferences (where available), your browser settings, and browser-level signals such as Global Privacy Control. Disabling cookies may affect Services functionality.

9. Marketing Communications

We may send you marketing emails about our products, authors, and offers. You can opt out at any time by clicking the "unsubscribe" link at the bottom of any marketing email or by contacting us through our contact form. Even if you opt out of marketing emails, we will still send you transactional messages such as order confirmations and download links, and administrative messages about your account.

We do not currently send SMS/text marketing messages. If this changes in the future, we will obtain your express written consent before doing so, as required under the Telephone Consumer Protection Act (TCPA) and related laws.

10. Data Retention

We retain personal information only as long as needed for the purposes described in this Privacy Policy and to comply with our legal obligations.

  • Account records — while your account is active and for a reasonable period thereafter so we can restore access and respond to inquiries.
  • Order and transaction records — typically at least seven (7) years, to comply with tax, accounting, and audit requirements.
  • Legacy Magento records — retained for historical customer-service lookup and continued digital-download access where applicable. See Section 12.
  • Marketing lists — until you unsubscribe, and for a short period afterward for suppression-list purposes.
  • Server logs and analytics — typically 13 months or less in identifiable form.
  • Support communications — while needed to resolve the matter and a reasonable period afterward.

11. Data Security

We use technical and organizational safeguards designed to protect personal information, including HTTPS/TLS encryption in transit, encryption at rest for payment-card data held by our processors and for downloadable media in AWS S3, role-based access controls for our staff, and routine review of our security practices. No system is perfectly secure, so we cannot guarantee absolute security.

12. Legacy Magento Order Records

In April 2026 we migrated approximately 63,892 historical orders (covering the period 2014–2026) and associated customer contact records from our prior Magento-based system into our current Shopify-based platform so our customer-service team can look up your purchase history and so legacy customers can continue to access digital downloads for products that remain in our current catalog. These records are read-only historical orders — they are not fulfillable through the new store and cannot be reordered or modified.

Where a legacy order's product has been migrated into our current Shopify catalog, the digital download for that product remains accessible on the customer's My Downloads page on the same secure-download terms as native Shopify orders. Legacy products that have not been migrated into our current catalog are not available for download.

If you purchased from Nightingale-Conant before April 2026 and would like to review, correct, or delete your legacy record (subject to the retention obligations in Section 10), please submit a request through our contact form and indicate that your request relates to a legacy pre-2026 order.

13. Children's Privacy

The Services are intended for adults and are not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children under those ages. If you believe a child has provided personal information to us, please contact us and we will promptly delete it.

14. International Data Transfers

We are based in the United States. When you use the Services from outside the U.S., your personal information will be transferred to, processed in, and stored in the United States and other countries where we and our service providers operate. When we transfer personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum / International Data Transfer Agreement, as applicable).

15. EU/UK Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

  • United Kingdom (UK)
  • European Union (EU)

Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter, or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/13163108490.

You may also contact us directly by:

  • Online: www.nightingale.com/pages/contact (please include "GDPR Request" or "UK GDPR Request" in your message)
  • Post: Nightingale-Conant Corporation, Attn: Privacy, 1449 S Michigan Ave, Suite 13181, Chicago, IL 60605, USA

We will respond to all verifiable requests from EEA and UK residents within 30 days as required by the GDPR and UK GDPR. If you believe we have not adequately addressed your concern, you retain the right to lodge a complaint with your national or regional data protection supervisory authority (for example, the Irish Data Protection Commission for EU matters, or the UK Information Commissioner's Office for UK matters).

16. Copyright Notices and DMCA Designated Agent

Nightingale-Conant respects intellectual property rights and complies with the U.S. Digital Millennium Copyright Act ("DMCA"). If you believe that material accessible on or from the Services infringes a copyright you own or control, you may send a written notice of infringement to our designated agent.

Our DMCA designated agent is registered with the U.S. Copyright Office (Registration No. DMCA-1072538) and is publicly listed in the Copyright Office's DMCA Designated Agent Directory. Notices of claimed copyright infringement should be directed to:

DMCA Designated Agent
Nightingale-Conant Corporation
1449 S Michigan Ave, Suite 13181
Chicago, IL 60605, USA
Email: weblegal@nightingale.com
Phone: (224) 463-1660

To be effective under 17 U.S.C. § 512(c)(3), your written notice must include substantially all of the following:

  1. A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;
  2. Identification of the copyrighted work claimed to have been infringed (or, if multiple works are involved, a representative list);
  3. Identification of the material that is claimed to be infringing or to be the subject of infringing activity, with information reasonably sufficient to permit us to locate the material (such as a direct URL);
  4. Information reasonably sufficient to permit us to contact you (such as your name, address, telephone number, and email address);
  5. A statement that you have a good-faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and
  6. A statement, made under penalty of perjury, that the information in the notice is accurate and that you are the copyright owner or are authorized to act on behalf of the owner.

Please be aware that, under 17 U.S.C. § 512(f), any person who knowingly materially misrepresents that material or activity is infringing may be liable for damages.

Counter-notification. If material you posted has been removed in response to a DMCA notice and you believe the removal resulted from a mistake or misidentification, you may submit a counter-notification to our designated agent containing the elements required by 17 U.S.C. § 512(g)(3).

Repeat-infringer policy. Consistent with 17 U.S.C. § 512(i), it is our policy to terminate, in appropriate circumstances, the accounts of users who are repeat infringers.

17. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. We do use automated tools (including those provided by our payment processors) for fraud-prevention and abuse detection, which are subject to human review.

18. Do Not Track

Our Services do not respond to browser Do Not Track (DNT) signals at this time because no common industry standard has been adopted. We do, however, honor Global Privacy Control (GPC) signals as described in Section 6.

19. Third-Party Links

The Services may contain links to third-party sites and services that are not operated by us. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing them with personal information.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where required by law, provide additional notice (such as a banner on the Services or an email to registered customers). Your continued use of the Services after an update takes effect means you accept the updated Privacy Policy.

21. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy or our privacy practices, please contact us:

Nightingale-Conant Corporation
1449 S Michigan Ave, Suite 13181
Chicago, IL 60605, USA
Contact form