Privacy Policy | Nalu Web Design & Development

Privacy Policy


This Privacy Policy explains how Nalu, collects, uses, shares and protects personal information. Headquartered in Thunder Bay, Ontario, we provide web design, development and hosting solutions including dedicated servers and virtual private servers to our customers (“Services“). We have data center locations in Lansing, MI, Phoenix, AZ, Toronto, ON and Amsterdam, NL.

We respect the privacy of every individual who visits our websites (“Website”) and/or purchases our Services. This Privacy Policy is our commitment to transparency in communicating how we collect, use, and disclose the information that is collected from you, the visitor of our Website and/or purchaser of our Services, as well as the choices you have with respect to such information.



Nalu Web Design (“Nalu,” “we” or “us”) offers a website design and development service. Nalu also owns and operates several websites (please visit “Our Projects” page for examples) (individually, “Website” and collectively the “Websites”).

This Privacy Policy applies to how we collect, use, and disclose information from the following individuals:

  • Customers – individuals who register, on their own or on behalf of an entity, to use Services with the creation or administration of a Service account.
  • Event/Marketing Participants – individuals who provide their information to us when they register for our webinars, subscribe to marketing material, participate in surveys or contests, or attend our other events.
  • Website Visitors – individuals who visit our Website, including those who opt to provide contact information to receive communications from us or apply for a job with us. For purposes of this Privacy Policy, a Website Visitor does not include an individual who visits a website hosted by us but that is owned and operated by our Customer.
  • Interact or use our websites, including downloading materials from our resources page or requesting a demo,
  • Register and/or attend any of our events or the conferences we attend (collectively “Events”), and
  • If you use any of our products, services or applications (including any trial) (collectively the “Services”) in any manner

This Privacy Policy does not apply to our Customers’ websites that we host. Our customers are responsible for the information they or their end users store in our hosting environment as well as compliance with applicable laws, regulations, and our terms related to the collection and storage or personal information. When you visit a website hosted by our customers, you are subject to their own privacy policies and terms of use.

What information does Nalu collect?

Nalu Web Design gathers various types of information, including information that identifies or may identify you as an individual (“Personal Information”) as explained in more details below.

  • Customers – We ask for your information, which my include your name, email address, physical address, phone number, credit card information, and website domain to enable us to create an account for you and provide you our Services.. By providing us with this information, you represent that you own and consent to our use of such personal information. When you use our Services, we may automatically collect information about how and where the Services are used.
  • Event/Marketing Participants – We may ask for your name, email address, physical address, and phone number to enable you to participate in events, surveys, contents, or to subscribe to marketing materials. Such participation is voluntary and you may choose whether or not to participate and therefore disclose this personal information.
  • Website Visitors – We may collect your name, email address, physical address, and phone number if you provide it to us when visiting our Website. If you apply for a job with us, we will also ask for your resume and other information about your employment history. In addition, we collect information such as web server logs, internet protocol (IP) addresses, browser type, or other statistical information as part of aggregated data. We use Google Analytics to help us gather statistical information about the visitors to our Website and how they use the Website on an anonymous, aggregate basis. However, we will not associate this data with your personally identifiable data unless required to do so to cooperate with law enforcement activity or other governmental request or to comply with law. We may use this information to gain a better understanding of the users of our Website, to improve our Website, and to improve our Services. Depending on the type of browser and device that you use, you may have the ability to control the type of information that Google Analytics use. To understand how Google Analytics collects and processes data, please visit We use cookies, beacons, tags, and other tracking technologies to gather demographic information about you, identify your visits to our Website, other interactions with our Website, and personalize your search experience on our Website. We gather information such as internet protocol (IP) addresses, internet service provider (ISP), operating system, browser type, date/time stamp, and store it in log files. See our Cookie Policy, below, for more information.

Information You Provide to Us:

From Websites or Events: We may collect any Personal Information that you choose to send to us or provide to us, for example, on our “Request a Quote” (or similar) online form. If you contact us through the websites, we will keep a record of our correspondence. From the Services: We receive and store information you provide directly to us. For example, when setting up new users, we collect Personal Information, such as name and email address, to provide with the Services. The types of information we may collect directly from our customers and their users include: names, usernames, email addresses, postal addresses, phone numbers, job titles, as well as any other contact information you choose to provide or upload to our systems in connection with the Services. Information We Automatically Collect: When you use the Websites: When you visit the Websites, we collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website. When you use the Services: 

  • Usage information – we keep track of user activity in relation to the types of Services our customers and their users use, the configuration of their computers, and performance metrics related to their use of the Services with Google Analytics.
  • Log information – we log information about our customers and their users when you use one of the Services including Internet Protocol (“IP”) address.
  • Information collected by cookies and other similar technologies – we use various technologies to collect information which may include saving cookies to users’ computers.
  • Customer Feedback – While using the Services, you may be asked to provide feedback. Providing this feedback is entirely optional.

For further information, please read the section below headed “Cookies and other Tracking Technologies”.

How do we use the information?

We use the information we collect about you in the following ways:

  • To respond to any requests from you, including those regarding sales and support.
  • To contact you regarding any agreements or accepted terms that you may have with us for the Services.
  • To provide you with marketing emails, special offers, advertising campaigns, or newsletters.
  • To consider you for employment.
  • To understand how our Services and Website are used.
  • To provide you with information logs associated with the use of our Services.
  • To contact you regarding functionality changes to our Services or Website.
  • To improve our offerings, including developing new features and functionality for our Services and Website.
  • To collect payment and bill for our Services.
  • To help personalize searches.
  • To diagnose and troubleshoot problems.
  • To find and prevent fraud.
  • To register your domain and IP address through ARIN (American Registry for Internet Numbers). To carry out other purposes as disclosed to you through the Website, or found in terms or an agreement between you and us.
  • To process your information for other purposes for which we obtain your consent.

Websites or Events: We will use the information we collect via our websites:

  • To administer our website, events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
  • To improve our website to ensure that content is presented in the most effective manner for you and for your computer;
  • For trend monitoring, marketing and advertising;
  • For purposes made clear to you at the time you submit your information – for example, to fulfill your request for a quote, or to provide you with information you have requested about our Services; and
  • As part of our efforts to keep our website secure.

Our use of your Personal Information may be based on our legitimate interest to ensure network and information security, and for our direct marketing purposes, or you consenting to it. Services: We may use the information we collect from our customers and their users in connection with the Services we provide for a range of reasons, including to:

  • Set up a user account
  • Provide, operate and maintain the Services
  • Process and complete transactions, and send related information, including transaction confirmations and invoices
  • Manage our customers’ use of the Services, respond to enquiries and comments and provide customer service and support
  • Send customers technical alerts, updates, security notifications, and administrative communications
  • Investigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities
  • For any other purposes about which we notify customers and users

We use your Personal Information in this context based on the contract that we have in place with you or our legitimate interest for security purposes (e.g. the prevention and investigation of fraudulent activities). Personal Information will be deleted based on the terms of the contract. You can exercise your rights regarding your personal information by filling out this Web Form.

Third Party Sites and Services

The Website may contain links to other websites and services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites, applications or services, and we are not responsible for their actions. Other websites and services follow different rules regarding their collection, use and sharing of your personal information. We encourage you to read their privacy policies to learn more.

Exercising Your Rights. To exercise your rights above, please submit a request to us by emailing us at, or by calling us at 1-807-286-0447. Please describe your request with sufficient detail so we can properly respond to your request. As part of your request, please specify which right you are exercising and be prepared to provide the following information: name, email address, and the type of request you wish to make. We may ask for additional information to verify your identity. The information you provide in your request and any follow up information we ask for from you will be used solely to verify your request. After receiving your request, we may need to contact you for further information and will notify you if your request has been granted or declined, or if an exception applies to your request. Only you or an individual designated as your authorized agent to act on your behalf may make a request related to your personal information. We may not discriminate against you if you choose to exercise your rights.

Responding to Your Rights Request. We will try to respond to your request within 45 days. If we need more time, we will contact you with the reason we need more time and the extension period. We will deliver our written response by mail or electronically, at your option. In response to your request to know, we will only disclose the information we have collected in the 12 months prior to our receipt of your request. Our response will also explain the reasons we cannot comply with any request, if applicable. We will not charge a fee to process or respond to your request unless your request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate prior to completing your request.

How do we share and disclose information to third parties?

We share and disclose information (including Personal Information) about our customers in the following limited circumstances:

  • Within Our Organization – For internal business purposes in compliance with this Privacy Policy.
  • Third Party Providers – We may share your information with third party providers that provide services on our behalf. These companies may assist with marketing support, processing credit card payments, providing sales leads, evaluating job applications, and customer support. Third party providers may only process personal information pursuant to our instructions, and in compliance with this Privacy Policy and other applicable regulations.
  • Advertising – Based on cookies and other tracking devices, we may work with advertising companies to display ads that may be of interest to you.
  • Business Transactions – To provide information to a third party in the event of any disposition of all or any portion of our business (e.g. reorganization, sale, assignment, bankruptcy).
  • To Create De-identified Data – We may aggregate or otherwise de-identify your personal information so that it is no longer able to be associated with you (“De-identified Data”). We own such De-identified Data and may use and share this information with third parties.
  • As Required by Law or Similar Investigations – To comply with legal obligations (e.g. subpoena) or investigate potential legal violations. We may be required to share personal information in response to lawful requests from public authorities including to meet national security and/or law enforcement requirements.
  • Safety – We may disclose your information to protect and defend our safety and those of others in connection with investigating and preventing fraud or security issues.
  • Consent – We may share your information for other ways not described above with your consent.

Vendors, consultants and other service providers:

We may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers, CRM service providers, email service providers and others. If Nalu receives your Personal Information in Canada and subsequently transfers that information to a third party agent or service provider for processing, Nalu remains responsible for ensuring that such third party agent or service provider processes your Personal Information to the standard required by the applicable privacy laws, including the GDPR (see the sections below headed “Additional Information for Users in the European Economic Area (“EEA”) or in the United Kingdom (“UK”)” and “International Data Transfers”).

Event Sponsors:

When you attend an event organized by Nalu we ask your preferences on sharing your contact details with the event sponsor. Based on your choice, we may share your contact details (such as your name, email address, company name and phone number) with the event sponsor. If you’d like to opt-out of sharing your details with sponsors, you can always do so either at the time of registration, or by submitting a request.

Disclosures for National Security or Law Enforcement:

Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Cookies and Other Tracking Technologies

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first party cookies. Depending on which of our Websites you are visiting, we may also use third party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts, as well as to understand your browsing of the Website (for example, which page you visit or how long you stay on each page). More specifically, we use cookies and other tracking technologies for the following purposes:

  • Assisting you in navigation;
  • Assisting in registration to our events, login, and your ability to provide feedback;
  • Analyzing your use of our products, services or applications;
  • Assisting with our promotional and marketing efforts (including behavioral advertising).

Below is a detailed list of the cookies we use on our Websites. Our Websites are scanned with our cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:

  • Strictly Necessary Cookies
  • Performance Cookies
  • Functional Cookies
  • Targeting Cookies

Google Analytics:

On some of our Websites, we also may utilize Google Analytics, a web analysis service provided by Google, to better understand your use of the Website and Services. Google Analytics collects information such as how often users visit the Websites, what pages they visit and what other sites they used prior to visiting. Google uses the data collected to track and examine the use of the Websites, to prepare reports on its activities and share them with other Google services. Google may use the data collected on the Websites to contextualize and personalize the ads of its own advertising network. Google’s ability to use and share information collected by Google Analytics about your visits to the Websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Google offers an opt-out mechanism for the web available here. Please consult the applicable Website Cookie Notice for more information about the type of cookies and tracking technologies that we use on the Website and why, and how to accept and reject them.

Your Privacy Rights

What choices do I have? You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features. Cookies You can accept or reject cookies for our Websites through our Cookie Preference Center, accessible by clicking the “cookie settings” button in the applicable Website Cookie Notice. You can also do so by adjusting your web browser controls. Please consult the Website Cookie Notice for more information about our use of cookies on the Website and how to accept and reject them. Marketing Communications You can opt-out of receiving certain promotional or marketing communications from us at any time, by using the unsubscribe link in the emails communications we send, or fill out this Web Form. If you have any account for our Services, we will still send you non-promotional communications, like service related emails.

You may unsubscribe from receiving promotional or marketing emails from us at any time by using the “unsubscribe” link in the email received, or by emailing us at You can also control your cookie settings to affect some of the information we collect, as further outlined in the Section “Information We Collect”.

With respect to your account information or other personal information, you may update, correct or delete information that you provided to us by logging into your account or contacting us at You are not required to provide all personal information identified in this Policy to use our Website or receive or Services, but certain functionality will not be available if you do not provide personal information. For example, if you do not provide personal information, we may not be able to respond to your request, perform a transaction with you, consider you for employment, or provide you with marketing that we believe you would find valuable.

How Can I Exercise My Data Subject Rights?

If you would like to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), you can fill out our contact Form. Our privacy team will examine your request and respond to you as quickly as possible. Please note that we may still use any aggregated and de-identified Personal Information that does not identify any individual, and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. California residents have specific rights under the California Consumer Privacy Act (‘CCPA’). For more information and to exercise your rights, please see the section headed “The California Consumer Privacy Act” below. If you are a resident of the European Economic Area or the United Kingdom, please see the section below headed “Additional Information for users in the European Economic Area and in the United Kingdom” for further information about your privacy rights.

When we no longer have a legitimate business need (e.g. termination of a Customer agreement) to process your personal information, we will either delete or anonymize it. We take all reasonable steps to protect information received from you from loss, misuse or unauthorized access, disclosure, alteration, and/or destruction. We maintain technical, physical, and administrative safeguards to secure your information, and we use industry standard encryption for your data that is transferred over the internet. Despite its use of encryption, we cannot guarantee any method of transmission of information over the internet is 100% secure. If you have any questions about the security of your personal information, please contact us as detailed at the end of this Policy.

International Data Transfers

We are a Canadian company and store your information in our data centers in Canada, the United States or, in limited cases, in the Netherlands. We may transfer your personal information to countries other than the country in which you live. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country.

Information for users in the European Economic Area (“EEA”) or in the United Kingdom (“UK”)

Nalu may transfer Personal Information from the EEA or the UK to Canada, including Personal Information we receive from individuals residing in the EEA or the UK who visit our Websites and/or who may use our Services or otherwise interact with us. Please note that for individuals located in the EEA or the UK, the term Personal Information used in this notice is equivalent to the term “personal data” under applicable European and UK data protection laws. When Nalu engages in such transfers of personal information, it relies on i) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR), or ii) Standard Contractual Clauses issued by the European Commission. The European Commission has determined that the Standard Contractual Clauses provide sufficient safeguards to protect the personal data transferred outside the EU or EEA. Nalu also continually monitors the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR.

Following the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework in Case C-311/18, Nalu will no longer rely on the EU-US Privacy Shield as a mechanism of international data transfer until further notice. Nalu will however remain committed to maintaining its self-certification under the EU-US Privacy Shield Principles and respect its principles, as an additional measure of protection of its users’ privacy, until further notice.

Following the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) of 8 september 2020, Nalu will no longer rely on the Swiss-U.S. Privacy Shield as a mechanism of international data transfer until further notice. Nalu will however remain committed to maintaining its self-certification under the Swiss Privacy Shield Principles and respect its principles, as an additional measure of protection of its users’ privacy, until further notice.

The California Consumer Privacy Act

Under the California Consumer Privacy Act (‘CCPA’), California residents have certain rights regarding the personal information that businesses have about them. This includes the rights to request access or deletion of your personal information, as well as the right to direct a business to stop selling your personal information.

Personal Information We Collect

We collect identifiers (such as name, address, email, phone number, job title, and transactional information), commercial information (such as a record of the services purchased), and Internet or other electronic network activity information (such as usage information, IP address, cookie information, and customer feedback).

Why We Collect Your Personal Information

We use identifiers to provide the services requested, such as to fulfill a request for a quote, or provide you with information about our services. We use identifiers and commercial information for general website administration, which includes record keeping, troubleshooting, data analysis, testing, and survey purposes. We use identifiers, commercial information, and Internet or other electronic network activity for trend monitoring, marketing, and advertising, as well as to ensure website security.

How We Collect Your Personal Information

We collect identifiers and commercial information directly from you. We collect Internet or other electronic network activity from your usage of the Nalu website and its services.

With Whom We Share and Sell Your Personal Information

Nalu shares personal information as necessary for certain “business purposes,” as defined by the CCPA (Cal. Civ. Code 1798.140(d)). This includes sharing identifiers, commercial information, and internet or other electronic network activity with providers of payment processing, customer relationship management, consulting, email, product feedback, and helpdesk services. While Nalu does not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits. This includes sharing identifiers, commercial information, and internet or other electronic network activity with advertising networks, website analytics companies, and event sponsors.

The Right to Opt-out of Sale

While Nalu does not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits. We support the CCPA and wish to provide you with control over how your personal information is collected and shared. You have the right to direct Nalu to not sell your personal information. Please note that we may still use aggregated and de-identified personal information that does not identify you or any individual; we may also retain information as needed in order to comply with legal obligations, enforce agreements, and resolve disputes.

Right to Request Disclosure

You have the right to request disclosure about what categories of personal information Nalu has sold or disclosed for a business purpose about you and the categories of third parties to whom the personal information was sold or disclosed. Additionally, you have the right to request disclosure of specific pieces of information. Below is a full list of the information that you can include in your request.

  • The categories of personal information that Nalu has collected about you
  • The categories of sources from which Nalu collected the personal information
  • The business or commercial purpose for collecting or selling the personal information
  • The categories of third parties with whom Nalu shares personal information
  • The specific pieces of personal information Nalu has collected about you
  • The categories of personal information that Nalu disclosed about you for a business purpose
  • The categories of personal information that Nalu has sold about you, as well as the categories of third parties to whom Nalu sold the information

If you would like to exercise your right to request disclosure, please fill out our contact form. Our privacy team will examine your request and respond to you as quickly as possible.

Right to Request Deletion

You have the right to request that Nalu delete any personal information about you that Nalu has collected from you. Please note that there are exceptions where Nalu does not have to fulfill a request to delete information, such as when the deletion of information would create problems with the completion of a transaction or compliance with a legal obligation. If you would like to exercise your right to delete, please fill out our contact form. Our privacy team will examine your request and respond to you as quickly as possible.

The Right to Non-Discrimination

Nalu will not discriminate against you (e.g., through denying goods or services, or providing a different level or quality of goods or services) for exercising any of the rights afforded to you.

Contact Information

In compliance with the CCPA, we commit to resolve complaints about your privacy and our collection or use of your Personal Information. California residents with inquiries or complaints regarding this Privacy Notice should first contact Nalu at:

California and Delaware “Do Not Track” Disclosures

California and Delaware law require Nalu to indicate whether it honors “Do Not Track” settings in your browser concerning targeted advertising. Nalu adheres to the standards set out in this Privacy Notice and does not monitor or respond to Do Not Track browser requests.


Our Website and Services are not directed at children and our Services are designed for businesses. We do not knowingly collect personal information from or about children under 13 years of age, and purchase of our Services by children under 13 years of age is forbidden. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at

Linked Websites

For your convenience, hyperlinks may be posted on the Websites that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect information in addition to that which we collect on the Websites. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy notice of each Linked Site that you visit to understand how the information that is collected about you is used and protected.

Changes to the Privacy Notice

We reserve the right to modify this Privacy Policy at any time, however, should we change the Privacy Policy in a material way, a notice will be posted on our Website along with the updated Privacy Policy. If you disagree with the changes, you may terminate your Services and stop using our Website.

Nalu Statement on Data Retention

The following data is retained for the period in which the customer maintains a contractual relationship with Nalu:

  • Identity and usage information specified within our privacy policy.

Upon termination of a contract, the following data is removed immediately:

  • Mapped compliance controls found within compliance artifacts uploaded via Nalu’s Unique Parser.

Other customer data may be deleted within one month after the contract ends, as per our Data Deletion Policy.
Nalu will store logging information for a period of one year.

Contact Us

For Customers: Please contact the Nalu entity identified in your order form. 

Data Protection Officer Email Address:

If you have questions, requests or concerns regarding your privacy and rights, please let us know how we can help. Exercise Your Rights