3. How We Use Your Information
We use collected information for the following purposes:
- Service Delivery: Provide, maintain, and improve our AI chatbot services
- AI Training: Train and improve our AI models using aggregated, anonymized data
- Account Management: Process payments, manage subscriptions, provide support
- Communication: Send service updates, security alerts, marketing materials (with consent)
- Analytics: Analyze usage patterns, measure performance, generate insights
- Security: Detect fraud, prevent abuse, protect system integrity
- Legal Compliance: Comply with legal obligations and enforce our Terms
- Business Operations: Internal record-keeping, quality assurance, research and development
4. Data Sharing and Disclosure
We do NOT sell your personal information. We may share data in the following circumstances:
4.1 Service Providers
We share data with third-party vendors who assist in providing our Services, including:
- Cloud hosting providers (AWS, Google Cloud, Azure)
- Payment processors (Stripe, PayPal)
- Analytics services (Google Analytics)
- Customer support tools
- Email service providers
These providers are contractually obligated to protect your data and use it only for specified purposes.
4.2 Legal Requirements
We may disclose information when required by law, court order, or government request, or to:
- Comply with legal obligations
- Protect our rights, property, and safety
- Prevent fraud or security threats
- Enforce our Terms of Service
4.3 Business Transfers
In the event of a merger, acquisition, bankruptcy, or asset sale, your information may be transferred to the acquiring entity. We will notify you of such transfers.
4.4 With Your Consent
We may share information when you explicitly authorize us to do so.
5. Data Security Measures
We implement industry-standard security measures to protect your information:
- Encryption: AES-256 encryption for data at rest; TLS 1.2+ for data in transit
- Access Controls: Role-based access, multi-factor authentication, least privilege principle
- Infrastructure Security: Secure data centers, firewalls, intrusion detection systems
- Regular Audits: Security audits, penetration testing, vulnerability assessments
- Employee Training: Regular security and privacy training for all personnel
- Incident Response: Documented procedures for data breach notification and response
However, no system is completely secure. We cannot guarantee absolute security of your data. You use our Services at your own risk.
6. Data Retention
We retain your data as follows:
- Account Data: Retained while your account is active and for 90 days after termination
- Conversation Data: Retained for the duration specified in your plan (typically 30-365 days)
- Billing Records: Retained for 7 years for tax and accounting purposes
- Analytics Data: Aggregated, anonymized data may be retained indefinitely
- Legal Requirements: We retain data longer when required by law
You may request earlier deletion, subject to legal and contractual obligations.
7. Your Privacy Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your data (subject to legal obligations)
- Portability: Receive your data in a structured, machine-readable format
- Opt-Out: Unsubscribe from marketing communications
- Object: Object to certain processing activities
- Restrict Processing: Request limitation of data processing
- Withdraw Consent: Withdraw previously given consent
To exercise these rights, contact us at info@novalistic.ai. We will respond within 30 days.
8. Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Essential Cookies: Required for website functionality (cannot be disabled)
- Performance Cookies: Analytics and performance monitoring
- Functional Cookies: Remember preferences and settings
- Marketing Cookies: Track effectiveness of advertising campaigns
You can control cookies through your browser settings. Disabling cookies may limit functionality.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Compliance with GDPR, CCPA, and other privacy regulations
- Adequate security measures regardless of location
10. Children's Privacy
Our Services are not intended for individuals under 16 years of age. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately. Parents or guardians who believe we have collected their child's information should contact us immediately.
11. Third-Party Links and Services
Our Services may contain links to third-party websites and integrations. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any information.
12. Compliance and Certifications
We comply with major privacy regulations and standards:
- GDPR: European Union General Data Protection Regulation
- CCPA: California Consumer Privacy Act
- SOC 2 Type II: Certified for security, availability, and confidentiality
- HIPAA: Compliance available for healthcare customers (contact us for BAA)
13. Data Breach Notification
In the event of a data breach that compromises your personal information, we will notify you within 72 hours of discovery, as required by applicable laws. Notifications will include:
- Nature of the breach
- Data affected
- Steps we are taking
- Recommended actions for you
14. Your Responsibilities
You are responsible for:
- Maintaining confidentiality of your account credentials
- Ensuring data you provide is accurate and lawful
- Complying with privacy laws applicable to your end-users
- Obtaining necessary consents from your customers
- Properly configuring privacy settings in your account
15. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Material changes will be communicated via:
- Email notification to registered users
- Prominent notice on our website
- In-app notification
The "Last updated" date at the top indicates when changes were made. Continued use after changes constitutes acceptance of the updated Policy.
16. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE ARE NOT LIABLE FOR ANY UNAUTHORIZED ACCESS, DATA BREACHES, OR LOSS OF DATA RESULTING FROM CIRCUMSTANCES BEYOND OUR REASONABLE CONTROL. YOU ACKNOWLEDGE THAT DATA TRANSMISSION OVER THE INTERNET IS INHERENTLY INSECURE.