Noova Logo

Privacy Policy

Last Updated: 06/09/2025

Comprehensive Privacy Notice

Data Controller: Fernando José López Fernández (Simplified Trust Regime - RESICO), operating commercially as “Noova”.

Address: 9 Sur 910, Colonia Centro Histórico, Puebla, Puebla, C.P. 72000, Mexico.

Privacy Contact: support@ianoova.com | Tel. (222) 112-7249

1. Data We Process

At Noova, we collect and process only the personal data necessary for the proper provision of our services:

  • Identification and Contact (B2B/B2C): Full name, email address, phone number, company/position (if applicable), country/city, RFC (Tax ID), and tax information for billing.
  • Service Usage: Processed messages, user identifiers (IDs), tags, funnels, activity times, conversation metrics, and technical access logs (IP address, device type, date, and time).
  • Third-Party Integrations: Information from connected channels such as Meta (Facebook/Instagram/WhatsApp), CRMs, or payment gateways. Note: For payments, we only process tokens or transaction statuses; Noova never stores full credit card numbers (PAN).
  • Support: Help tickets, call recordings, or chats generated with our customer service team to follow up on requests.

Sensitive Data: Noova does not request sensitive personal data. If a user voluntarily shares such data within a chat, it will be processed only as part of the service flow. We strongly recommend not using our bots to transmit sensitive information (such as health or biometric data).

2. Purposes of Processing

We use your information for the following purposes:

A) Primary Purposes (Necessary for the service):

  • To provide the chat platform, automation, and AI tools.
  • To integrate and operate your connected channels (Instagram, Facebook, WhatsApp) and other authorized connectors.
  • To provide technical support, ensure service continuity, and perform security monitoring.
  • For billing, collection, and compliance with tax obligations under Mexican law.
  • For fraud prevention and operational risk management.

B) Secondary Purposes (Optional):

  • Advanced analytics and product improvement (usage metrics, A/B testing).
  • Marketing, newsletters, satisfaction surveys, and publication of success stories (the latter, only with your express authorization).

Right to Object: You can object to the use of your data for secondary purposes at any time by sending an email to support@ianoova.com with the subject “Objection to secondary purposes.” Refusing these purposes will not be a reason for us to deny you the main services.

3. Legal Basis and Consent

  • LFPDPPP (Mexico): The processing is based on the contractual legal relationship, compliance with legal obligations, and, for secondary purposes, on your consent (tacit or express).
  • GDPR (European Union - If applicable):
    • Art. 6.1(b): Performance of a contract.
    • Art. 6.1(c): Compliance with legal obligations.
    • Art. 6.1(f): Legitimate interest (security, fraud prevention).
    • Art. 6.1(a): Consent (for marketing and optional purposes).

4. Data Processors and Transfers

We share data with third-party providers ("Data Processors") who act on behalf of Noova under instructions and confidentiality agreements, for functions such as:

  • Hosting and cloud storage (e.g., AWS, Google Cloud).
  • Messaging infrastructure (Meta Platforms, WhatsApp API providers).
  • Technical support, analytics, and payment processing tools.

International data transfers may occur (for example, to servers in the US). Such transfers are carried out under appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms). Noova does not sell or trade your personal data to third parties.

5. Data Retention

We retain your personal data only for the time necessary to fulfill the described purposes and as long as you maintain an active account.

  • After your account is closed, the data may be kept blocked for a period of 12 to 24 months to comply with legal and tax obligations.
  • After this period, the data will be securely deleted or anonymized.
  • Information on external platforms (WhatsApp/Meta) is governed by their own retention policies.

6. ARCO and GDPR Rights

As the data subject, you have the right to:

  • Access your data.
  • Rectify them if they are inaccurate.
  • Cancel (delete) them when they are no longer necessary.
  • Object to processing for specific purposes.
  • Revoke your consent.

Procedure to exercise your rights:
Send an email to support@ianoova.com attaching:

  1. Full name and contact information.
  2. Copy of a valid official ID (or power of attorney).
  3. Clear description of the right you wish to exercise and the data involved.

Response times (Mexico): We will respond within a maximum of 20 business days. If applicable, the action will be carried out within the following 15 business days.

Users in the EU (GDPR): You also have the rights to data portability, restriction of processing, and to file complaints with your local supervisory authority.

7. Facebook and Instagram Permissions

To integrate your Meta channels with Noova, our application requests the following specific permissions. These accesses are used exclusively for the technical operation of the service:

  • pages_show_list: To show you which Facebook pages you manage and can connect.
  • business_management: To manage the technical connection with your Business Manager.
  • pages_messaging: Allows the bot to send and receive messages on your Facebook pages.
  • instagram_basic: Obtains basic information (name, photo) of the connected Instagram account.
  • instagram_manage_messages: Allows the automation of direct messages (DM) on Instagram.
  • pages_manage_metadata: Reads technical configurations necessary for integration.

The use of this data is strictly limited to providing the chatbot and automation functionality, in compliance with Meta's Developer Policies.

8. Cookies and Tracking Technologies

We use our own and third-party cookies to ensure the site's functionality, remember your preferences, and generate usage statistics. You can disable them from your browser, although this may affect certain platform functions.

9. Security

We implement administrative, physical, and technical security measures (such as SSL encryption in transit and at rest) to protect your data against damage, loss, alteration, or unauthorized access. However, remember that no internet transmission is 100% secure.

10. Minors

Our services are exclusively for individuals over 18 years of age. We do not intentionally collect data from minors. If we detect that a minor has provided us with information, we will proceed to delete it immediately.

11. Changes to the Privacy Notice

We reserve the right to update this notice at any time. Modifications will be notified through our website or by email. If Noova changes its legal structure (e.g., to a S.A.P.I. de C.V.), the new entity will assume the obligations of this document.

12. Contact

For questions about privacy, contact our Personal Data Officer:

  • Data Controller: Fernando José López Fernández (“Noova”)
  • Email: support@ianoova.com
  • Address: 9 Sur 910, Centro Histórico, Puebla, Pue. C.P. 72000.

© 2026 Noova AI. All rights reserved.