Privacy Policy
Last updated: March 2026
Protecting your personal data matters to us. This privacy policy describes what data NookMarket collects, how we use it, our legal basis for processing, and your rights. It also explains the measures we have put in place to safeguard your data, how we ensure compliance with the General Data Protection Regulation (GDPR), and how you can exercise your data-protection rights. Please read this policy carefully to understand our practices regarding your personal data.
Data controller
PickaLink Inc, a company registered in Mississippi, United States, is the data controller for personal data processed via this website. Registered address: 313 Telly Rd Ste 1014, Picayune, MS 39466, USA. EIN: 99-4009668. Company Number: 1450426. For privacy-related requests, contact privacy@nookmarket.ai.
Data we collect
We keep data collection to a minimum. (a) Server and log data — when you visit the website, our hosting provider (Vercel) automatically records technical information such as your IP address, device type, operating system, browser type and version, the referring URL, and the pages you view with timestamps. This is required for the technical operation, security, and performance of the site. (b) Affiliate click data — when you click an affiliate link, we append a random subID and record the timestamp. SubIDs are not personally identifiable and cannot be used to identify individual users; they exist solely for click attribution with our affiliate networks. (c) A single functional cookie — we set one cookie, NEXT_LOCALE, to remember your language preference. We do not operate user accounts, a contact form, or a newsletter, and we do not ask you to provide a name, email address, or other personal details to use the site.
Purpose of data processing
Each category of data is processed for a defined purpose. IP addresses and technical data are processed to operate the site securely, defend against malicious traffic and bots, and optimise performance across devices and browsers. Affiliate click data is processed to ensure proper click attribution and accurate commission calculation with our affiliate networks, which is how we fund this free service. The NEXT_LOCALE cookie is used only to remember the language you chose so the site loads in that language on your next visit. We do not build advertising or marketing profiles, and we do not sell, rent, or trade your data to any third party for their own purposes.
Legal basis
We process personal data on the following grounds under the GDPR: Legitimate interest (Art. 6(1)(f) GDPR) — for operating, securing, and maintaining the website, and for affiliate click attribution that funds the service. We carry out balancing tests to ensure our legitimate interests do not override your fundamental rights and freedoms. Strictly necessary / functional — the NEXT_LOCALE cookie is required to provide the language you selected and is therefore exempt from consent. We do not set advertising, analytics, or other non-essential cookies, so no cookie-consent banner is required.
Cookies
We use a single, strictly functional cookie. Name: NEXT_LOCALE. Set by: next-intl, the framework that powers the site. Purpose: it remembers the language you selected so the site loads in that language. Duration: approximately one year. We do not use analytics, advertising, or tracking cookies, and we do not load third-party tracking scripts. Because the only cookie is essential to providing the language you chose, we show a brief informational cookie notice rather than a consent banner. You can delete cookies at any time through your browser settings; the site will then simply fall back to language detection on your next visit.
Third-party processors
We rely on a small number of third parties: Vercel (United States) — hosts the website and processes IP addresses, request data, and server logs needed to deliver and secure the site. Certified under the EU-US Data Privacy Framework. Affiliate networks (Awin, Shoptastic, Pickalink) — receive click subIDs and timestamps for commission attribution; no personal data is shared with them. Logo providers — brand logos are requested server-side for display, with no user data shared. When you click an affiliate link you leave NookMarket and visit the merchant's own website, which is governed by that merchant's privacy policy and terms, not ours.
Data retention
We retain data only as long as necessary: server logs containing IP addresses and request data are kept according to our hosting provider's standard retention (Vercel, around 30 days). Affiliate click subIDs are retained for 90 days, matching the standard attribution window of our affiliate networks. The NEXT_LOCALE cookie persists for about one year, or until you clear it in your browser. We review retention periods periodically and delete data that is no longer necessary for its original purpose.
Your rights
Under the GDPR you have the following rights regarding your personal data: Right of access (Art. 15) — you may request a copy of all personal data we process about you, along with information about the processing purposes, recipients, and retention periods. Right to rectification (Art. 16) — you may request correction of inaccurate or incomplete personal data. Right to erasure (Art. 17) — you may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing was unlawful. Right to restriction (Art. 18) — you may request restriction of processing, for example while a rectification request is being verified. Right to data portability (Art. 20) — you may receive your data in a structured, commonly used, machine-readable format. Right to object (Art. 21) — you may object to processing based on legitimate interest. To exercise any of these rights, send an email to privacy@nookmarket.ai with the subject line "GDPR Request". We will verify your identity and respond within 30 calendar days.
Right to lodge a complaint
If you are in the EU or EEA, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence, place of work, or the location of the alleged infringement. A directory of national supervisory authorities is available at edpb.europa.eu. PickaLink Inc has no establishment in the EU, so no single lead supervisory authority applies.
International transfers
Our hosting provider, Vercel, is based in the United States, so technical and log data may be processed there. This transfer is safeguarded by the EU-US Data Privacy Framework (DPF), recognised by the European Commission's adequacy decision of 10 July 2023, with Standard Contractual Clauses (SCCs) as a fallback mechanism should the DPF be invalidated or suspended. We do not transfer personal data to any country lacking either an adequacy decision or appropriate safeguards.
Children's privacy
NookMarket is not directed at children under the age of 16, and we do not knowingly collect personal data from minors. Our website offers comparisons between brand alternatives and is intended for adult consumers who wish to make informed purchasing decisions. If you are a parent or legal guardian and become aware that your child has provided us with personal data without your consent, please contact us immediately at privacy@nookmarket.ai. Upon confirmation, we will take prompt steps to delete the child's data from our systems. We do not employ age-verification technology because our website does not feature content that would necessitate such checks. If we discover that we have inadvertently collected personal data from individuals under 16, that data will be deleted promptly and without undue delay. This commitment applies equally regardless of the country from which the minor accessed our service.
Automated decision-making
NookMarket uses algorithmic similarity scoring to suggest alternative brands for specific products to users. This system analyses product categories, price tiers, and industry classifications to determine relevant alternatives. It is important to clarify that this processing does not constitute automated decision-making or profiling within the meaning of Art. 22 GDPR. Our similarity-scoring system operates entirely on brand attributes and category metadata — never on personal profiles, behavioural characteristics, or individual browsing histories. We do not build user profiles for targeted advertising and do not make automated decisions that produce legal effects or similarly significant effects concerning you. The brand alternatives you see on our website are the same for every user and are driven by objective product-category data, not by personalised tracking. We do not buy, sell, or share personal profiles for advertising purposes. Our business model is funded through affiliate commission tracking, not through behavioural advertising or the monetisation of personal data.
Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or new legal requirements. When we make material changes, we will update the "Last updated" date at the top of this policy and, where appropriate, display a notice on the website. We encourage you to review this policy periodically. Continued use of the website after changes are posted constitutes acknowledgement of the updated policy.
California residents (CCPA)
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Right to know — you may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it. Right to delete — you may request that we delete personal information we have collected from you, subject to certain exceptions permitted by law. Right to opt out of sale — NookMarket does not sell personal information as defined by the CCPA. We do not exchange personal data for monetary or other valuable consideration. If our practices change in the future, we will provide a "Do Not Sell My Personal Information" link. Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied service for making a privacy request. To exercise your CCPA rights, email us at privacy@nookmarket.ai with the subject line "CCPA Request". We will verify your identity and respond within 45 days, as required by the CCPA.
Contact
For any questions, concerns, or requests relating to this privacy policy or the processing of your personal data, contact us at privacy@nookmarket.ai — the only channel we operate for privacy matters. We aim to respond within 30 calendar days, as required by the GDPR; if your request is complex we may extend this by up to a further 60 days and will tell you why. For GDPR rights requests, please use the subject line "GDPR Request". Our website is available at https://nookmarket.ai, and our registered office is at 313 Telly Rd Ste 1014, Picayune, MS 39466, USA.