Privacy Policy
Last Updated: December 28, 2025
At NooSpan, operated by NooSpan Inc. ("NooSpan", "Company", "we", "us", or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered platform ("Service").
1. Our Privacy Commitment
We believe your data belongs to you. Our core privacy principles are:
- ✅ Your data is encrypted — at rest and in transit
- ✅ We never read your data — your conversations remain private
- ✅ We never use your data for AI training — your content is yours alone
- ✅ We never sell your data — your information is not for sale
- ✅ We only access data when required by law — and only with proper legal process
2. Information We Collect
2.1 Information You Provide
Account Information:
- Email address (for authentication)
- Name (optional, for personalization)
- Profile image (optional, from OAuth provider)
Content You Create:
- Conversations and messages
- Uploaded documents and files
- Notes, highlights, and annotations
- Container/conversation titles
Payment Information:
- Processed securely by Stripe
- We do not store credit card numbers
- We receive only billing metadata (subscription status, plan type)
2.2 Information Collected Automatically
Usage Data:
- Feature usage patterns (anonymized)
- Token consumption metrics
- Error logs for debugging
Technical Data:
- IP address (for security)
- Browser type and version
- Device type
- Timestamps
2.3 Information from Third Parties
OAuth Providers (GitHub, Google, etc.):
- Email address
- Display name
- Profile picture URL
We only request the minimum permissions necessary for authentication.
3. How We Use Your Information
We use your information solely to:
| Purpose | Data Used |
|---|---|
| Provide the Service | Account info, content |
| Process payments | Stripe billing data |
| Send important notifications | Email address |
| Improve reliability | Anonymized usage data |
| Ensure security | IP address, logs |
| Comply with legal obligations | As required |
We do NOT use your data to:
- Train AI models
- Build user profiles for advertising
- Sell to third parties
- Target you with ads
4. Data Security
4.1 Encryption
At Rest:
- All user content (messages, files, notes) is encrypted using AES-256 encryption
- Encryption keys are managed securely and rotated regularly
- Database-level encryption is enabled
In Transit:
- All connections use TLS 1.3 encryption
- HTTPS is enforced for all communications
- API calls to AI providers are encrypted
4.2 Infrastructure Security
- Data hosted on secure cloud infrastructure
- Regular security audits and penetration testing
- Access controls and authentication for all systems
- Automated threat detection and monitoring
4.3 Access Controls
- Employee access to user data is strictly prohibited
- Technical access is limited to essential personnel only
- All access is logged and audited
- Multi-factor authentication required for admin systems
5. Data Retention
5.1 Active Accounts
- Your data is retained as long as your account is active
- You can delete your content at any time
- Deleted content is permanently removed within 30 days
5.2 Account Deletion
When you delete your account:
- All personal data is permanently deleted
- All content (conversations, files, notes) is removed
- Anonymized usage statistics may be retained
- Deletion is irreversible
5.3 Legal Retention
We may retain certain data if required by law, such as:
- Financial records (for tax compliance)
- Security logs (for fraud prevention)
- Data subject to legal holds
6. Data Sharing
6.1 We Share Data With:
AI Service Providers:
- Your messages are sent to AI providers (OpenAI, Anthropic, etc.) for processing
- These transmissions are encrypted
- AI providers are contractually bound to not retain or train on your data
Payment Processor (Stripe):
- Billing information for subscription management
- Stripe's privacy policy applies to payment data
Infrastructure Providers:
- Cloud hosting (data processing)
- All bound by data processing agreements
6.2 We Never Share Data With:
- Advertisers
- Data brokers
- Marketing companies
- Any party for AI training purposes
6.3 Legal Disclosure
We may disclose information only when:
- Required by valid legal process (subpoena, court order)
- Necessary to protect safety or prevent fraud
- Required to enforce our Terms of Service
We will notify you of legal requests unless prohibited by law.
7. Your Rights
7.1 Access and Portability
You have the right to:
- Access all data we hold about you
- Export your data in a portable format
- Request a copy of your information
7.2 Correction
You can:
- Update your account information
- Correct inaccurate data
- Edit or delete your content
7.3 Deletion
You can:
- Delete individual conversations or files
- Delete your entire account
- Request complete data erasure
7.4 Restriction
You can:
- Limit how we process your data
- Opt out of non-essential communications
- Disable certain features
7.5 GDPR Rights (EU Users)
If you are in the European Union, you have additional rights under GDPR:
- Right to be forgotten
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
7.6 CCPA Rights (California Users)
If you are a California resident, you have rights under CCPA:
- Right to know what data is collected
- Right to delete your data
- Right to opt-out of data sales (we don't sell data)
- Right to non-discrimination
8. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.
9. International Data Transfers
Your data may be processed in countries outside your residence. We ensure appropriate safeguards through:
- Standard contractual clauses
- Data processing agreements
- Compliance with applicable transfer regulations
10. Cookies and Tracking
10.1 Essential Cookies
We use strictly necessary cookies for:
- Authentication and session management
- Security and fraud prevention
- User preferences
10.2 No Tracking Cookies
We do NOT use:
- Advertising cookies
- Third-party tracking pixels
- Analytics that identify individuals
- Cross-site tracking
11. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies before providing any information.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via:
- Email notification
- In-app notification
- Updated "Last Updated" date
Your continued use after changes constitutes acceptance.
13. Contact Us
For privacy-related questions or to exercise your rights:
NooSpan Inc.
- Email: support@noospan.com
For EU users, you may also contact your local data protection authority.
14. Summary
| What We Do | What We Don't Do |
|---|---|
| ✅ Encrypt all your data | ❌ Read your conversations |
| ✅ Process data to provide service | ❌ Use data for AI training |
| ✅ Secure your information | ❌ Sell your data |
| ✅ Respect your deletion requests | ❌ Share with advertisers |
| ✅ Comply with legal requirements | ❌ Track you across sites |
Your privacy matters. If you have any questions, don't hesitate to reach out.