Privacy Policy
Novira-AI - AI Marketing Campaign Automation Platform
Last Updated: September 21, 2025
This Privacy Policy is effective as of the date above and applies to all users of Novira-AI services.
Table of Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Your Information
- 4. Cookies and Tracking Technologies
- 5. Third-Party Services and Processors
- 6. Data Retention
- 7. Data Security
- 8. Your Rights Under GDPR (EU Users)
- 9. Your Rights Under PDPL (Saudi Arabian Users)
- 10. International Data Transfers
- 11. Children's Privacy
- 12. Changes to This Policy
- 13. Contact Information
1. Introduction
Welcome to Novira-AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI Marketing Campaign Automation Platform ("Service").
By using Novira-AI, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.
We comply with the European Union's General Data Protection Regulation (GDPR) and the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL) to ensure the highest standards of data protection for all our users.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Name, email address, company name, phone number, billing address
- Profile Information: Business type, industry, marketing preferences, language preferences
- Payment Information: Processed securely through LemonSqueezy (we do not store credit card details)
- Campaign Content: Marketing materials, text, images, videos, audience lists
- Communication Data: Support tickets, feedback, survey responses
2.2 Information Collected Automatically
- Usage Data: Features used, campaigns created, frequency of use, performance metrics
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, pages viewed, clicks, referral sources
- Analytics Data: Campaign performance, engagement rates, conversion metrics
2.3 Information from Third-Party Platforms
- Social Media Data: Account information, followers, engagement metrics from connected platforms (Facebook, Instagram, LinkedIn, X/Twitter)
- Advertising Data: Campaign performance data from Google Ads and Meta Ads
- Messaging Platform Data: WhatsApp Business API metrics and delivery reports
3. How We Use Your Information
We use the collected information for the following purposes:
3.1 Service Provision
- Creating and managing your account
- Executing AI-powered marketing campaigns
- Generating content using AI agents
- Publishing content to connected platforms
- Providing analytics and reporting
- Processing payments and managing subscriptions
3.2 Service Improvement
- Analyzing usage patterns to improve features
- Training and improving our AI models
- Developing new features and services
- Conducting research and analysis
3.3 Communication
- Sending service-related notifications
- Responding to support requests
- Sending marketing communications (with consent)
- Providing platform updates and announcements
3.4 Legal and Security
- Complying with legal obligations
- Protecting against fraud and abuse
- Enforcing our terms of service
- Maintaining platform security
5. Third-Party Services and Processors
We work with trusted third-party services to provide our platform. These processors are contractually required to protect your data and use it only for the purposes we specify.
5.1 Key Service Providers
- LemonSqueezy: Payment processing and subscription management
- SendGrid: Email delivery and transactional emails
- Meta Platforms: Facebook and Instagram API integration
- Google: Google Ads API integration
- LinkedIn: LinkedIn API integration
- X (Twitter): X/Twitter API integration
- WhatsApp Business: WhatsApp Cloud API integration
- Cloud Infrastructure: Secure data storage and processing
5.2 Data Sharing Principles
- We only share data necessary for service provision
- All processors must comply with GDPR and PDPL requirements
- We maintain data processing agreements with all processors
- We never sell your personal data to third parties
6. Data Retention
6.1 Retention Periods
- Account Data: Retained while account is active and for 30 days after deletion request
- Campaign Data: Retained for 12 months after campaign completion for analytics
- Payment Records: Retained for 7 years for tax and legal compliance
- Support Communications: Retained for 2 years for quality and training purposes
- Analytics Data: Aggregated and anonymized after 24 months
6.2 Data Deletion
Upon account deletion request:
- Personal data is deleted within 30 days
- Backup systems are purged within 90 days
- Some data may be retained for legal compliance
- Anonymized data may be retained for analytics
7. Data Security
We implement comprehensive security measures to protect your data:
7.1 Technical Measures
- End-to-end encryption for data in transit (TLS 1.3)
- Encryption at rest for stored data (AES-256)
- Regular security audits and vulnerability assessments
- Web Application Firewall (WAF) protection
- DDoS protection and rate limiting
7.2 Organizational Measures
- Access controls and authentication requirements
- Regular employee security training
- Incident response procedures
- Data breach notification protocols
- Regular security reviews and updates
7.3 Data Breach Response
In the event of a data breach, we will:
- Notify affected users within 72 hours (as required by GDPR)
- Provide details about the breach and potential impact
- Offer guidance on protective measures
- Notify relevant regulatory authorities
8. Your Rights Under GDPR (EU Users)
If you are located in the European Union, you have the following rights under GDPR:
8.1 Your Rights
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to certain types of processing
- Rights Related to Automated Decision-Making: Not be subject to solely automated decisions
8.2 Exercising Your Rights
To exercise any of these rights:
- Contact us at privacy@novira-ai.com
- We will respond within 30 days
- We may request identity verification
- No fee unless requests are excessive or repetitive
8.3 Legal Basis for Processing
We process your data based on:
- Contract: Necessary to provide our services
- Consent: For marketing communications and optional features
- Legitimate Interest: For service improvement and security
- Legal Obligation: To comply with laws and regulations
9. Your Rights Under PDPL (Saudi Arabian Users)
If you are located in the Kingdom of Saudi Arabia, you have the following rights under the Personal Data Protection Law (PDPL):
9.1 Your Rights
- Right to Knowledge: Be informed about data collection and processing
- Right to Access: Access your personal data we hold
- Right to Correction: Correct or complete your personal data
- Right to Deletion: Request deletion under certain circumstances
- Right to Restriction: Restrict processing of your data
- Right to Portability: Transfer your data to another controller
- Right to Objection: Object to processing for direct marketing
- Right to Withdraw Consent: Withdraw consent at any time
9.2 Special Provisions
- Data localization requirements are observed where applicable
- Cross-border transfer safeguards are in place
- Sensitive personal data receives enhanced protection
- Compliance with Saudi Data & AI Authority (SDAIA) regulations
9.3 Complaints
You have the right to lodge a complaint with the Saudi Data & AI Authority (SDAIA) if you believe your rights have been violated.
10. International Data Transfers
10.1 Transfer Safeguards
When we transfer data internationally, we ensure protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Appropriate safeguards as required by GDPR and PDPL
- Encryption and security measures during transfer
10.2 Transfer Locations
Your data may be processed in:
- United States (for certain cloud services)
- European Union (for data centers)
- Countries where our service providers operate
All transfers comply with applicable data protection laws and include appropriate safeguards.
11. Children's Privacy
Novira-AI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information as soon as possible.
If you believe we have collected information from a child, please contact us immediately at privacy@novira-ai.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
12.1 Notification of Changes
- Material changes will be notified via email
- A notice will be displayed on our platform
- The "Last Updated" date will be revised
- Changes become effective 30 days after notification
12.2 Continued Use
Continued use of our Service after changes indicates acceptance of the updated policy. If you disagree with changes, you may close your account.
13. Contact Information
For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Officer
Email: privacy@novira-ai.com
Support: support@novira-ai.com
Website: https://novira-ai.com
Company Information
Company: Novira-AI
Service: AI Marketing Campaign Automation Platform
Response Time: Within 48 hours