Privacy Policy

Novba ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we share it, and what rights you have. It applies to novba.com and all Novba products and services.

We collect information in three ways:

A. Information you provide

• Account: Name, email address, password (stored in hashed form), and optional profile photo.
• Business information: Business name, address, tax ID, and logo.
• Financial data: Invoice details, client information, expense records, and related documents you create or upload.
• Payment: Billing is processed by Stripe. Novba does not store your full card number; Stripe handles payment card data in accordance with their own policies.

B. Information collected automatically

• Usage data: Pages visited, features used, and session duration.
• Device information: Browser type, operating system, and IP address.
• Cookies and similar technologies: As described in the Cookies section below.

C. Information from third parties

• OAuth providers (e.g., Google, GitHub): Name, email, and profile photo when you sign in with these services.
• Stripe: Payment confirmation and subscription status to manage your billing.

We use your information to:

• Provide, maintain, and improve the Novba service;
• Process payments and manage your subscription;
• Send transactional emails (e.g., invoices, receipts, verification);
• Send product updates and relevant communications (you may unsubscribe from marketing);
• Train and improve our AI pricing models using only anonymized or aggregated data;
• Prevent fraud and enhance security;
• Comply with legal obligations.

We do not sell your personal data—ever. We share data only in these circumstances:

• Stripe — for payment processing;
• Email service providers — for transactional emails only;
• Infrastructure providers — for hosting and databases, under strict data processing agreements;
• Law enforcement — when legally required.

We do not share your data with advertising networks or data brokers.

We use cookies and similar technologies for:

• Essential cookies: Authentication and session management so the service works correctly.
• Analytics cookies: Understanding how the product is used (you can disable these in your browser or our settings where offered).

We do not use third-party advertising cookies. You can manage or delete cookies through your browser settings.

• Active accounts: We retain your data for the duration of your account.
• Cancelled accounts: Data is retained for 30 days after cancellation to allow export, then deleted.
• Backups: Deleted data may persist in backups for up to 90 days before being purged.
• Legal hold: We may retain certain data longer when required by law (e.g., litigation, regulatory requests).

We protect your data using:

• 256-bit SSL encryption for data in transit;
• Encryption of data at rest;
• Regular security assessments;
• Access controls so only authorized employees can access data as needed;
• Notification to affected users in the event of a data breach, where required by law.

You have the right to:

• Access: Request a copy of your personal data;
• Correction: Update inaccurate data in your account;
• Deletion: Delete your account and associated data;
• Export: Download your data in standard formats;
• Opt-out: Unsubscribe from marketing emails.

If you are in the European Economic Area, you also have additional rights under the GDPR, including data portability and the right to object to certain processing. If you are a California resident, you have rights under the CCPA, including the right to know, delete, and opt out of the sale of your data—we do not sell personal data.

To exercise any of these rights, contact us at legal@novba.com.

Novba is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it as quickly as possible. If you believe we have collected a child's information, please contact us at legal@novba.com.

Your data is stored and processed in the United States. If you access Novba from outside the United States, you consent to this transfer. For users in the European Union and other jurisdictions that require additional safeguards, we use Standard Contractual Clauses (or equivalent mechanisms) where applicable to protect your data when it is transferred.

Our platform may contain links to external websites or services. Novba is not responsible for the privacy practices of third parties. We encourage you to read their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice in the product at least 30 days before the change takes effect. Your continued use of Novba after the effective date constitutes acceptance of the updated policy.

For privacy-related questions or to submit a data request, contact us at legal@novba.com.