Privacy Policy

Last updated on Jan 16, 2026

At Noventra AI, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you visit our website www.noventra-ai.com or engage with our services. It also outlines your rights under the General Data Protection Regulation (GDPR).

1. Data We Collect

We may collect the following categories of information:

  • Identification Data: name, email address, company details.

  • Business Information: responses you provide through forms (e.g., Typeform intake, audits).

  • Technical Data: limited technical information and aggregated usage statistics collected via privacy friendly analytics. No tracking or advertising cookies are used.

  • Payment Data: processed securely via Stripe (we do not store card details).

2. How We Use Your Data

We process your personal data for the following purposes:

  • Deliver and manage our services (audits, automation flows).

  • Process subscriptions, payments, and invoicing.

  • Communicate with you regarding updates, inquiries, or support.

  • Improve our website, services, and user experience.

  • Comply with legal and tax obligations.

  • Improve services, perform quality assurance, and optimize internal systems using aggregated or anonymized usage data.

2.1. API Service Disclosure

Noventra AI integrates with various third-party APIs to provide automation services. Our use and transfer of information received from these APIs will always adhere to the respective provider's terms:

  • Google APIs: Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • Other Services: For all other integrations (including but not limited to Microsoft 365, Slack, HubSpot, and Salesforce, Dropbox, Notion), we adhere to their specific developer terms and data usage policies.

We only request the minimum permissions (scopes) necessary to execute your specific workflows. We do not store your credentials directly; they are managed through secure OAuth tokens on our encrypted instance, and we do not share this data with third parties for marketing or advertising purposes.

Internal human access to Google Workspace user data is prohibited. No Noventra AI personnel access Gmail, Drive, Calendar, or other Workspace content. Limited metadata review may occur only for security investigation or with the user’s explicit consent during technical support.

2.2. Google Workspace Data Handling

When users connect Google Workspace services (including Gmail, Google Drive, Google Sheets, Google Calendar, or Google Forms), Noventra AI processes data solely to execute user configured automation workflows.

Email content, including subject lines, message bodies, attachments, and conversation threads, is processed ephemerally and is never stored by Noventra AI.

Email attachments are stored only within the user’s own Google Drive when explicitly requested by the workflow. Noventra AI retains only a reference to the Drive file and does not store attachment contents.

Noventra AI does not store, reuse, or repurpose Google user data for analytics, advertising, profiling, or machine learning model training.

Access to Google Workspace data is limited to the minimum scopes required for the user enabled workflows and occurs only while those workflows are active.

Users may revoke Google Workspace access at any time via their Google account security settings or by disconnecting credentials. Revocation immediately prevents further access.

3. Legal Basis for Processing

We rely on the following lawful bases under Article 6 GDPR:

  • Consent – when you subscribe to newsletters or marketing.

  • Contract – when processing your data to deliver services you request.

  • Legal Obligation – for tax and accounting compliance.

  • Legitimate Interests – for business operations and service improvement.

4. Data Sharing & Subprocessors

We may share your data with trusted third-party service providers who help us operate and deliver our services. These include:

  • Hosting and infrastructure providers – to ensure secure and reliable operation of our systems.

  • Business productivity and communication tools – for email, file storage, and collaboration.

  • Customer relationship management platforms – to manage client interactions.

  • Payment processors – to handle billing and subscriptions securely.

  • Automation and AI service providers – including large language model platforms, used to process instructions, generate content, and operate automated workflows.

  • Primary data processing occurs on servers located within the European Union. Some subprocessors may process data outside the EU as described below.

  • Automated processing may be used to assist in service delivery and operational workflows. No decisions producing legal or similarly significant effects are made solely through automated means.

These providers act as subprocessors and process data only under our instructions, subject to GDPR-compliant agreements. We do not sell or rent your personal data.

5. International Transfers

Some subprocessors may process data outside the EU/EEA (e.g., USA). In such cases, appropriate safeguards are applied, including Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

  • Client service data: retained for the duration of the contract plus up to 6 years to comply with legal, tax, and accounting obligations.

  • Google Workspace communication content is not retained by Noventra AI and is excluded from retention periods.

  • Marketing data: retained until you unsubscribe or withdraw consent.

Technical/cookie data: retained only for as long as necessary for aggregated analytics and system operation, in accordance with our Cookie Policy.

7. Your Rights (GDPR Articles 15–22)

You have the right to:

  • Access your personal data.

  • Request correction of inaccurate data.

  • Request deletion (“right to be forgotten”).

  • Restrict processing in certain circumstances.

  • Object to processing based on legitimate interests.

  • Request data portability.

  • Withdraw consent at any time.

  • Lodge a complaint with the Spanish Data Protection Authority (AEPD).

Requests can be made by contacting legal@noventra-ai.com.

We will respond to all verified requests within 30 days, in accordance with GDPR requirements.

8. Cookies

This Site uses only strictly necessary or privacy friendly analytics tools that do not involve tracking or advertising cookies. No non essential cookies are used at this time.

If non essential cookies or tracking technologies are introduced in the future, a cookie consent mechanism will be implemented in accordance with applicable law.

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption, restricted access, and regular system monitoring.

10. Children’s Data

Our services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be published on this page with a new “Last Updated” date. Significant changes may also be highlighted on the homepage.

12. U.S. Customers

For residents of the United States, additional privacy rights may apply under state laws such as the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act, and similar legislation. These rights may include:

  • The right to know what categories of personal data we collect.

  • The right to request access to or deletion of your personal data.

  • The right to opt out of any sale of personal data (Noventra AI does not sell personal data).

  • The right to non-discrimination for exercising these rights.

To exercise any of these rights, please contact us at legal@noventra-ai.com. We will verify and respond to your request in accordance with applicable U.S. law.

13. Data Controller

The data controller responsible for your personal data is:
Noventra AI
Owner: Oliver Smith
Email: legal@noventra-ai.com

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact:
Noventra AI – Legal Department
Email: legal@noventra-ai.com