Privacy Policy

What Information We Collect

When you interact with Nosh Kosh, we collect personal information in two ways: information you give us directly, and information collected automatically by our online store and third-party tools.

Information you provide directly:

  • Contact information (e.g. full name, email address, phone number)
  • Shipping & billing address (e.g. street address, city, province, postal code)
  • Payment information processed securely by Shopify Payments. Nosh Kosh does not store full card numbers.
  • Order history (e.g. products ordered, quantities, order values, dates)
  • Marketing preferences (.e.g email subscription status, communication preferences)
  • Communications (e.g. message content, correspondence history)

Information collected automatically:

  • IP address (for fraud detection, regional compliance, security)
  • Browser and device type (for store performance optimisation)
  • Pages visited and time on site (for understanding customer behaviour and improving UX)
  • Referring URL (for understanding how customers find us)
  • Cart and browsing activity (for abandoned cart recovery and personalisation)
  • Cookies and similar technologies (for session management, analytics and marketing)

Allergen and dietary information: If you contact us with information about food allergies or dietary requirements, we treat this as sensitive personal information and use it only to assist with your specific enquiry. We do not store or use this information for any other purpose.

How We Use Your Information

We use your personal information only for the purposes for which it was collected or for directly related purposes you would reasonably expect. We do not use your information for undisclosed purposes.

  • Processing and fulfilling your order
  • Communicating about your order (confirmation, shipping, updates)
  • Processing payments and detecting fraud
  • Providing customer support
  • Sending marketing emails, promotions or newsletters
  • Improving our website and product range
  • Complying with legal obligations (e.g., SFCA import records, tax records)
  • Responding to regulatory enquiries or law enforcement requests

We will not use your personal information for a new purpose without first obtaining your consent, unless the new purpose is permitted under legal obligations without consent.

Who We Share Your Information With

We do not sell, rent or trade your personal information. We share your information only with third party service providers who are necessary to operate our business, under contractual obligations to protect your data. We only share the information that is needed for the purpose of the third party.

  • Shopify Inc. (for e-commerce platform and store infrastructure)
  • Payment processors through Shopify Payments / Stripe (for secure payment processing)
  • Shipping carriers through Canada Post, courier services (for order fulfilment and delivery)
  • Email marketing platform through Shopify (for sending transactional and marketing emails with consent)
  • Google Analytics (for website performance and visitor behaviour analysis)
  • Legal and regulatory authorities as necessary (for compliance with applicable laws, court orders or government requests)

Where we engage third party processors, we take reasonable steps to ensure they provide a comparable level of privacy protection. However, we cannot guarantee the privacy practices of third parties who operate independently.

Cookies & Similar Technologies

Our online store through Shopify uses cookies and similar tracking technologies to operate properly, analyse traffic and personalise your experience and support marketing activities where you have consented.

  • Essential/ functional (for shopping cart, session management, security and checkout
  • Analytics (for understanding visitor behaviour, traffic sources and page performance
  • Marketing/ advertising (for retargeting and ad personalisation)
  • Preference (for remembering your region, language or currency setting)

For more information, see https://www.shopify.com/legal/cookies. You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our store, including the ability to add items to your cart or complete a purchase.

Marketing Communications

Communication we send, including promotional emails, newsletters, and SMS messages, is governed by Canada's Anti-Spam Legislation (CASL).

Express consent

We send marketing communications only to individuals who have expressly opted in to receive them, either by checking a clearly labelled opt-in box at checkout or by subscribing to our newsletter sign-up form.

Implied consent

Under CASL, we may send you commercial messages for a period of up to 2 years following a purchase, based on our existing business relationship, without requiring express opt-in. This is CASL's implied consent provision. You may opt out at any time during this period.

Unsubscribing

Every marketing email we send includes a clear and functional unsubscribe mechanism. You can opt out of marketing communications at any time by clicking the unsubscribe link in any email, or by contacting us directly at hello@noshkosh.com. Unsubscribe requests are processed within 10 business days.

Please note: Opting out of marketing communications does not affect transactional messages such as order confirmations, shipping notifications or responses to your enquiries.

How Long We Keep Your Information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected or required by law. The following general retention guidelines apply.

  • Order and transaction records - 7 years
  • Import and food safety records - 2 years minimum
  • Customer account information - duration of account, plus 2 years after last activity
  • Marketing consent records - 3 years from date of consent
  • Support and communication records - 3 years
  • Analytics and browsing data - up to 26 months

When personal information is no longer required, we securely destroy, delete or anonymise it in accordance with legal requirements. We do not simply discard personal information without ensuring it cannot be reconstructed or accessed.

How We Protect Your Information

We take the security of your personal information seriously. Our online Shopify store operates over HTTPS (SSL/TLS encryption) by default, which means all data transmitted between your browser and our store is encrypted in transit.

Payment data is processed by Shopify Payments. Nosh Kosh does not store, process or have access to full payment card numbers at any point.

Data breach notification

Regulatory breach notification rules require us to notify the Office of the Privacy Commissioner of Canada (OPC) and affected individuals if we experience a data breach that creates a real risk of significant harm. In the event of such a breach, we will act promptly, notify relevant parties as required by law and take steps to contain and remediate the breach.

No method is infallible: While we implement industry-standard safeguards, no electronic transmission or storage system is perfectly secure. We encourage you to use a strong, unique password for any account you create with us and to contact us immediately if you suspect unauthorised access.

We are happy to help if you have a question or concern about your data, privacy or anything covered in this policy

This policy was last updated on 27th April 2026
Nosh Kosh reserves the right to amend this privacy policy at any time, with changes being posted on this page with an updated effective date. Material changes will be communicated via a notice on our website and where appropriate, by email.