Privacy Policy

Last updated on Dec 29, 2025

At Noventra AI, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you visit our website www.noventra-ai.com or engage with our services. It also outlines your rights under the General Data Protection Regulation (GDPR).

1. Data We Collect

We may collect the following categories of information:

  • Identification Data: name, email address, company details.

  • Business Information: responses you provide through forms (e.g., Typeform intake, audits).

  • Technical Data: limited technical information and aggregated usage statistics collected via privacy friendly analytics. No tracking or advertising cookies are used.

  • Payment Data: processed securely via Stripe (we do not store card details).

2. How We Use Your Data

We process your personal data for the following purposes:

  • Deliver and manage our services (audits, automation flows).

  • Process subscriptions, payments, and invoicing.

  • Communicate with you regarding updates, inquiries, or support.

  • Improve our website, services, and user experience.

  • Comply with legal and tax obligations.

  • Improve services, perform quality assurance, and optimize internal systems using aggregated or anonymized usage data.

3. Legal Basis for Processing

We rely on the following lawful bases under Article 6 GDPR:

  • Consent – when you subscribe to newsletters or marketing.

  • Contract – when processing your data to deliver services you request.

  • Legal Obligation – for tax and accounting compliance.

  • Legitimate Interests – for business operations and service improvement.

4. Data Sharing & Subprocessors

We may share your data with trusted third-party service providers who help us operate and deliver our services. These include:

  • Hosting and infrastructure providers – to ensure secure and reliable operation of our systems.

  • Business productivity and communication tools – for email, file storage, and collaboration.

  • Customer relationship management platforms – to manage client interactions.

  • Payment processors – to handle billing and subscriptions securely.

  • Automation and AI service providers – including large language model platforms, used to process instructions, generate content, and operate automated workflows.

  • Primary data processing occurs on servers located within the European Union. Some subprocessors may process data outside the EU as described below.

  • Automated processing may be used to assist in service delivery and operational workflows. No decisions producing legal or similarly significant effects are made solely through automated means.

These providers act as subprocessors and process data only under our instructions, subject to GDPR-compliant agreements. We do not sell or rent your personal data.

5. International Transfers

Some subprocessors may process data outside the EU/EEA (e.g., USA). In such cases, appropriate safeguards are applied, including Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

  • Client service data: retained for the duration of the contract plus up to 6 years to comply with legal, tax, and accounting obligations.

  • Marketing data: retained until you unsubscribe or withdraw consent.

Technical/cookie data: retained only for as long as necessary for aggregated analytics and system operation, in accordance with our Cookie Policy.

7. Your Rights (GDPR Articles 15–22)

You have the right to:

  • Access your personal data.

  • Request correction of inaccurate data.

  • Request deletion (“right to be forgotten”).

  • Restrict processing in certain circumstances.

  • Object to processing based on legitimate interests.

  • Request data portability.

  • Withdraw consent at any time.

  • Lodge a complaint with the Spanish Data Protection Authority (AEPD).

Requests can be made by contacting legal@noventra-ai.com.

We will respond to all verified requests within 30 days, in accordance with GDPR requirements.

8. Cookies

This Site uses only strictly necessary or privacy friendly analytics tools that do not involve tracking or advertising cookies. No non essential cookies are used at this time.

If non essential cookies or tracking technologies are introduced in the future, a cookie consent mechanism will be implemented in accordance with applicable law.

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption, restricted access, and regular system monitoring.

10. Children’s Data

Our services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be published on this page with a new “Last Updated” date. Significant changes may also be highlighted on the homepage.

12. U.S. Customers

For residents of the United States, additional privacy rights may apply under state laws such as the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act, and similar legislation. These rights may include:

  • The right to know what categories of personal data we collect.

  • The right to request access to or deletion of your personal data.

  • The right to opt out of any sale of personal data (Noventra AI does not sell personal data).

  • The right to non-discrimination for exercising these rights.

To exercise any of these rights, please contact us at legal@noventra-ai.com. We will verify and respond to your request in accordance with applicable U.S. law.

13. Data Controller

The data controller responsible for your personal data is:
Noventra AI
Owner: Oliver Smith
Email: legal@noventra-ai.com

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact:
Noventra AI – Legal Department
Email: legal@noventra-ai.com