Privacy Policy

Notovo ("we", "us", "our") transforms audio, video, and text into transcripts, summaries, translations, quizzes, flashcards, mind maps, task lists, and AI chat experiences across web and mobile platforms. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you access or use the Notovo applications, websites, and related services (the "Service"). By using the Service, you agree to the practices described in this policy.

1. Overview

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you access or use the Service. By using the Service, you agree to the practices described in this policy.

We rely on Firebase Authentication, Firestore, Storage, Functions, App Check, Google Cloud Vertex AI (Gemini), and optional third-party integrations to deliver features.
You control the content you upload and generate. We never sell personal information or use customer data to train machine-learning models.
You can export or delete personal data at any time via in-app controls or by contacting [email protected].

2. Data Controller

Notovo is the data controller responsible for the processing of your personal information under this Privacy Policy. For questions or requests regarding your data, contact us at [email protected].

3. Information We Collect

3.1 Account and Identity Information

Email address, password hash or federated authentication token, verification status.
Optional profile details such as display name, avatar, and locale preferences.
Subscription tier, credit balance and allocation, billing identifiers provided by app stores or payment platforms.

3.2 Content, Files, and Workspace Data

Voice recordings, uploaded audio or video files, and related metadata (duration, file type, language).
Transcripts, notes, folders, tags, tasks, reminders, and AI-generated outputs (summaries, mind maps, quizzes, flashcards, study guides, insights, task lists).
AI chat prompts and responses, including conversations that reference your files or notes.
Manual edits, annotations, highlights, colour labels, and organisational actions you perform within the app.

3.3 AI Memory Data

When you instruct the AI assistant to remember information, we store the facts you provide as persistent memory entries associated with your account. This data is used solely to personalise your AI experience and is never shared with other users or used for model training.

Facts and preferences you explicitly ask the AI to remember.
Memory identifiers used to retrieve, list, or delete specific memories.

3.4 Daily Update Subscriptions

When you configure scheduled daily updates, we store:

The topic, delivery time, and timezone you specify.
Subscription status (active, paused) and delivery history metadata.

3.5 Integrations and Third-Party Authorisations

When you connect external services such as Notion we store the minimum data required to maintain the integration.

OAuth tokens, workspace or database identifiers, and integration status (stored encrypted in Firebase).
Sync metadata such as the notes exported, timestamps, and error codes to support resumable delivery.
Integration preferences you configure, including which content to sync.

3.6 Usage, Diagnostics, and Device Information

Device type, operating system, browser, language, timezone, and App Check attestation tokens.
Feature usage events (for example starting a recording, generating a summary, or using AI chat), AI usage statistics (token counts, model name, credit consumption), crash logs, and latency metrics.
Authentication events and security logs needed to protect accounts.

3.7 Payment and Transaction Information

When you purchase subscriptions or credits we receive plan details, transaction status, renewal dates, credit allocations, and anonymised identifiers from the app store or payment processor that handled the transaction. Sensitive payment credentials (such as card numbers or banking details) remain with the processor and are never stored by Notovo.

3.8 Support Communications

If you contact customer support, submit bug reports, or participate in surveys we collect the information you provide (including attachments) so that we can respond and improve the Service.

4. How We Use Personal Information

We use personal information to operate, secure, and enhance Notovo. For users located in the EEA, United Kingdom, or Switzerland, we also reference the corresponding GDPR/UK GDPR legal bases.

Deliver core functionality such as authentication, data sync, transcription, translation, AI chat, agentic note actions, and content generation (contract performance, legitimate interest in providing secure services).
Manage subscriptions, credits (including the three-bucket system), billing, and fraud prevention (contract performance, compliance obligations, legitimate interest).
Provide AI-generated insights and agentic actions via Google Cloud Vertex AI / Gemini (contract performance, legitimate interest, consent for voice input where required).
Store and recall AI memories you create to personalise your assistant experience (contract performance, consent).
Deliver scheduled daily update notifications on topics you subscribe to (contract performance, consent).
Operate optional integrations like Notion export (contract performance and your consent to connect third-party services).
Monitor reliability, debug issues, and improve the product (legitimate interest in operating and improving the Service).
Comply with legal obligations, enforce policies, and respond to lawful requests (legal obligation, legitimate interest).
Send security notices, policy updates, or essential service announcements (contract performance, legitimate interest; optional marketing relies on consent).

We do not sell personal information and we do not share it with third parties for advertising purposes. Automated decision making is limited to credit eligibility checks, rate limiting, and abuse prevention necessary to safeguard the Service.

5. AI Processing Practices

5.1 Providers

AI features are powered by Google Cloud Vertex AI (Gemini) and secure Firebase Cloud Functions. Audio and text submitted for AI processing are encrypted in transit, processed transiently, and returned to Notovo. Google is not permitted to use your prompts or outputs to train its foundation models.

5.2 Agentic Actions

The AI assistant can create, read, update, delete, organise, merge, and search notes; extract tasks; set and remove reminders; and manage memories on your behalf. These actions are performed only at your explicit instruction. The assistant processes your request, executes the corresponding action through secure server-side functions, and reports the result back to you.

5.3 Human Review

Notovo personnel do not manually review your recordings, transcripts, AI chat messages, or AI memories unless you explicitly request troubleshooting assistance or we must investigate abuse or security threats. Access is time-bound, least-privilege, and audit logged.

5.4 Automated Decisions

Automated systems calculate credit usage, enforce rate limits, and detect anomalies to prevent fraud. These safeguards do not produce legal or similarly significant effects. Contact us if you wish to contest a decision.

6. When We Share Personal Information

6.1 Service Providers

We rely on trusted vendors that assist in delivering the Service. Each partner is bound by contract to protect personal information and only process it according to our instructions.

Google Firebase for authentication, databases, storage, hosting, messaging, and security services.
Google Cloud Vertex AI (Gemini) for text, translation, and multimodal AI processing.
Notion (optional) when you authorise workspace synchronisation.
App stores and authorized payment processors that manage purchases and refunds on our behalf.
Email delivery services for transactional notifications (account verification, payment confirmations, reminders, daily updates).
Customer support, analytics, error reporting, and communication tools that help us respond to requests and monitor reliability.

6.2 Legal and Safety

We may disclose information when required by law, subpoena, or court order; to enforce agreements; to protect the rights, property, or safety of Notovo, our users, or the public; or to prevent fraud, security, or technical issues.

6.3 Business Transfers

If Notovo is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will continue to protect the data and notify you before a materially different privacy policy applies.

7. Cookies and Tracking Technologies

The Notovo web application may use cookies, local storage, and similar technologies for:

Authentication and session management — to keep you signed in securely.
Preferences — to remember your language, theme, and display settings.
Analytics — to understand how the Service is used and identify areas for improvement.

We do not use third-party advertising cookies or tracking pixels. You can manage cookie preferences through your browser settings. Disabling cookies may limit certain functionality of the web app.

8. International Data Transfers

Personal information may be processed in the country where you live, in the United States, or in other countries where our service providers operate. When data is transferred internationally we rely on safeguards such as Standard Contractual Clauses (SCCs), robust contractual commitments, and technical measures that protect data in transit and at rest.

9. Data Retention

We retain personal information only for as long as necessary to provide the Service, fulfil legal obligations, resolve disputes, and enforce agreements.

Account data: retained while the account is active and for up to 90 days after deletion unless a longer period is required by law.
Files, transcripts, notes, and AI outputs: retained until you delete them, your account is closed, or workspace retention rules purge them.
AI memories: retained until you delete them individually or close your account.
Daily update subscriptions: retained until you cancel them or close your account.
Integration tokens: deleted immediately when you disconnect the integration or a token expires.
Usage analytics and audit logs: stored for up to 24 months to support security, capacity planning, and compliance.
Billing records: retained for the period mandated by tax and accounting regulations (typically seven years).
Email verification codes: automatically purged after expiration (typically within 24 hours).

10. Security

We apply administrative, technical, and physical safeguards to protect personal information, including:

TLS encryption for data in transit and encryption at rest for stored data.
Firebase App Check to verify legitimate app instances.
Role-based access controls and least-privilege principles for internal access.
Secure development practices, code review, and dependency management.
Logging, monitoring, rate limiting, and anomaly detection.
Regular backups and disaster recovery procedures.

No system is perfect, so we encourage you to use strong passwords, enable device security features, and inform us immediately if you suspect unauthorised activity.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and relevant supervisory authorities as required by applicable law. Notification will include the nature of the breach, the data affected, steps we are taking, and recommendations for protecting yourself. We aim to provide notification within 72 hours of becoming aware of a qualifying breach.

12. Your Privacy Rights

12.1 Self-Service Controls

Within the applications you can:

View and edit your profile details.
Manage files, notes, folders, and AI-generated content.
View, manage, and delete AI memories.
Manage daily update subscriptions (create, pause, resume, cancel).
Disconnect third-party integrations.
Export transcripts and download AI outputs.
Delete individual content items or your entire account.

12.2 Individuals in the EEA, UK, and Switzerland

Under GDPR and UK GDPR, you have the right to request access, rectification, erasure, restriction, or portability of personal information, and to object to processing based on legitimate interests. When processing relies on consent you may withdraw it at any time without affecting prior lawful processing. You also have the right to lodge a complaint with your local data protection authority.

12.3 California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents can: request disclosure of the categories of personal information collected; request deletion (subject to statutory exceptions); request correction of inaccurate information; and opt out of the sale or sharing of personal information. Notovo does not sell or share personal information for cross-context behavioural advertising.

12.4 Other Jurisdictions

If you reside in a jurisdiction with data protection laws (such as Brazil's LGPD, Canada's PIPEDA, or Australia's Privacy Act), you may have additional rights. Contact us to exercise any applicable rights.

12.5 Exercising Your Rights

Contact [email protected] to exercise your rights. We will verify your identity before completing requests and respond within applicable timelines (typically 30 days, or as required by local law). We will not discriminate against you for exercising your privacy rights.

13. Children's Privacy

The Service is not directed to individuals under 13 years of age (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we discover such information, we will delete it promptly and close the account. Parents or guardians who believe their child has provided personal information should contact us immediately at [email protected].

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, or legal requirements. We will post the revised policy with the updated "Last updated" date. For material changes, we will provide at least fourteen (14) days' advance notice via email or in-app notification before the changes take effect. Continued use of the Service after changes take effect signifies acceptance of the updated policy. If you do not agree, you must stop using the Service.

15. Contact Us

If you have questions, privacy-related requests, or wish to exercise your data rights, contact us using the details below.

Email: [email protected]
Support: https://notovoai.com/support
Subject line: Privacy Inquiry