Privacy Policy
1. Introduction
Novaia, Inc. (“Novaia,” “we,” “us,” or “our”) respects your privacy. This Policy explains what data we collect, how we use it, where it’s stored, and your rights. By using the Site or Darwyn, you agree to this Policy.
2. Information We Collect
| Category | Examples | Purpose | Storage/Recipient |
|---|---|---|---|
| Account Data | Name, email, password hash, subscription status | Account management, authentication, billing | Novaia servers (password hashed) |
| Payment Data | Card details, billing address | Process subscriptions | Stored and managed by payment processors (Stripe, PayPal) |
| Synced Study Data | Calendar events, tasks, flashcards, Pomodoro sessions, block lists, chat sessions | Provide cross-device functionality | Novaia servers & your browser |
| Local-Only Data | API keys, unsynced notes | Enable AI features privately | Your browser (IndexedDB/Chrome storage); never sent to Novaia servers |
| Analytics & Event Data | IP address, device/browser type, page views, click actions | Service improvement, detect abuse, usage statistics | Google Analytics (GA4), Meta Pixel, Microsoft Clarity; anonymized |
| Technical Logs | Error logs, performance metrics | Debugging and operations | Novaia servers |
We do not sell, rent, or trade your personal data.
3. How We Use Your Data
- Provide & Improve the Service.
- Process Purchases and manage subscriptions.
- Communicate: send receipts, updates, and occasional announcements.
- Analytics: understand usage, optimize performance, and detect fraud or abuse.
- Comply with Laws and protect rights.
4. Legal Bases (if you’re in the EU/UK)
We rely on contract performance, your consent, legitimate interests, or legal obligations to process your data.
5. Data Sharing & Third-Party Processors
We share data only with:
- Service Providers under strict confidentiality agreements:
- Payment Processors: Stripe, PayPal
- Hosting & Infrastructure: AWS, Azure, GCP, Laravel backend
- Analytics: Google Analytics (GA4), Meta Pixel, Microsoft Clarity/Application Insights
- Legal Authorities when required by law or to protect rights.
- Your Consent for any other sharing.
We do not share your study or personal data with advertisers. You may opt out of analytics as follows:
- Google Analytics: install the GA Opt-out Add-on.
- Meta Pixel: adjust ad preferences in your Facebook/Instagram settings.
- Microsoft Clarity: use a tracker-blocking extension.
6. Cookies & Tracking Technologies
We and our analytics partners use cookies, beacons, and similar tools to recognize your browser and collect metrics. You can disable cookies via your browser settings, but some Site features (billing, account management) may not function correctly.
7. Data Security
- In Transit: All Site and sync traffic uses HTTPS/TLS.
- Local Storage: API keys and chat logs remain on your device only. Keep your device secure.
No system is perfectly secure; we cannot guarantee absolute protection.
8. Data Retention & Deletion
We retain personal data only as long as necessary for our Service and legal obligations.
You may request deletion of your data at any time by emailing privacy@novaia.io.
Upon verification, we will permanently erase your data from active systems and backups.
Local browser data must be cleared by uninstalling the Extension or using its “Clear Data” option.
9. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access or obtain a copy of your personal data.
- Correct inaccuracies.
- Delete your data.
- Withdraw consent or object to processing.
- Port your data to another service.
Submit requests to privacy@novaia.io; we typically respond within 30 days.
10. Children’s Privacy (COPPA)
We do not knowingly collect personal data from children under 13 without verifiable parental consent. Parents may review, correct, or delete their child’s data by contacting privacy@novaia.io. We will promptly comply.
11. Student Records (FERPA)
- When used by educational institutions, we act as a “school official” under FERPA:
- Use student data only for authorized educational purposes.
- Maintain reasonable security measures.
- Do not use student data for marketing.
- Allow parents/eligible students to access, correct, or delete records upon request.
12. International Transfers
By using the Service from outside the U.S., you consent to the transfer of your data to the U.S., where our servers reside.
13. Changes to This Policy
We may update this Privacy Policy occasionally. Material changes will be posted on the Site and emailed to you when practical. Your continued use constitutes acceptance.
14. Contact Information
Email: privacy@novaia.io