Noova Logo

Data Deletion Policy

Last Updated: 2026-02-18

User Data Deletion Policy

Contact: support@ianoova.com

At NOOVA (including AI Noova and its associated platforms) we respect the right of users to privacy and the protection of their personal data. This Data Deletion Policy describes clearly and transparently how, when, and to what extent we delete the personal data of users who interact with our services through:

  • Integrations with Meta (Facebook, Instagram, and WhatsApp).
  • Integrations with Google (including Google Calendar and OAuth).
  • Websites, forms, and digital platforms are operated by NOOVA.

This policy is designed to comply with the requirements of platforms like Meta and Google, as well as general data protection principles (GDPR, LFPDPPP, and equivalent standards).

1. Channels to request data deletion

Users can request the deletion of their data through the following mechanisms:

1.1 Automatic deletion via integrated platforms

Meta (Facebook, Instagram, WhatsApp):
When a user requests data deletion from a Meta platform, Meta sends a digitally signed request to our servers via its Data Deletion Callback. NOOVA validates the request and automatically activates the deletion process.

Google (Google Calendar and OAuth):
When users submit a deletion request through NOOVA (account settings, public channels, or support), the workflow removes linked Google OAuth tokens and calendar metadata associated with the account. If Google access has already been revoked externally, cleanup is applied during the same workflow.

1.2 Direct user request

  • Through the authenticated Deletion Center in account settings.
  • Through a public data deletion page and status checker published on our websites.
  • By email to support@ianoova.com, indicating the account, platform, or channel used.

2. User Identification

To execute the deletion correctly and securely, NOOVA uses technical identifiers according to the platform:

  • Meta: App-Scoped User ID provided by Meta.
  • WhatsApp: Technical identifiers of the number and/or conversation, when applicable.
  • Google: Google OAuth account ID and associated metadata.
  • Websites: Internal identifiers, technical cookies, or emails provided by the user.

These identifiers are cross-referenced with our internal systems to locate and delete all related data, without exposing additional personal information.

3. Scope of deletion

Once the request is validated, the deletion process includes, as appropriate:

3.1 Deleted data

  • Conversations and messages: Chat histories, interaction logs, and vector representations (embeddings) associated with the user are deleted.
  • Access Credentials: The Access Tokens and Refresh Tokens for Google Calendar and any other OAuth integration are permanently deleted.
  • Calendar Information: Event identifiers and local copies of synchronized agenda data are deleted.
  • Identifiers: Meta user IDs (PSID) and Google IDs are unlinked from the internal NOOVA account.
  • Metadata: Those associated with user interactions.

3.2 Anonymized or unlinked data

Technical records necessary for internal auditing, always without personally identifiable data (PII).

4. Exceptions to deletion

Data deletion does not apply or may be limited in the following cases:

  • Information that NOOVA must retain due to legal, tax, or regulatory obligations.
  • Internal documentation, corporate material, or internal knowledge bases (corporate RAG) that do not contain personal user data.
  • Audit and security logs are always anonymized.

5. Deletion deadlines

NOOVA applies the following maximum deadlines:

  • Process start: Immediate, once the request is received and validated.
  • Complete deletion of active systems: Up to 30 calendar days.
  • Deletion of backups: Up to 90 calendar days.

These deadlines comply with the standards required by Meta, Google, and data protection regulations.

6. Transparency and tracking

For each deletion request:

  • A unique confirmation code (UUID) is generated.
  • A status URL is enabled where the user can check the progress of their request in a public frontend.
  • For authenticated NOOVA requests, a confirmation email with the status link is sent when an email address is available.
  • The status page does not show personal or sensitive information.

7. Internal request logging

Each deletion request is logged internally for control and auditing purposes, including:

  • Source platform (Meta, Google, Web, etc.).
  • Technical identifier of the user.
  • Confirmation code (UUID).
  • Process status (received / processing / done / error).
  • Creation and update dates and times.

These logs do not contain personally identifiable information.

8. Process security

NOOVA implements technical and organizational measures to protect deletion requests:

  • Cryptographic validation of requests (e.g., HMAC-SHA256 in Meta).
  • Secure communications via HTTPS.
  • Asynchronous and controlled processes for deletion.
  • Auditing without storage of personal data.

9. Public data deletion page

NOOVA maintains a public section where users can consult:

  • What data we collect.
  • How to request data deletion.
  • How to check deletion status using a confirmation code.
  • Applicable deadlines and exceptions.
  • Official contact channels.

10. Changes to this policy

NOOVA reserves the right to update this Data Deletion Policy to reflect legal, technical, or business changes. Any update will be published on our websites and will come into effect from its publication date.

Privacy Contact: 📧 support@ianoova.com

Technical Architecture Diagram

To ensure the transparency and security of the process, the following diagram details the automated technical flow that occurs from the moment Meta notifies the request until the final deletion of the data on our servers and backups:

Data deletion flow diagram
Figure 1: Architecture of the secure data deletion process.

© 2026 Noova AI. All rights reserved.