This Privacy Policy describes how Novu Oy ("we," "us," or "our") collects, uses, and shares information about you when you use our mobile application (the "Application"). By using the Application, you agree to the collection and use of information in accordance with this policy.

We are committed to protecting your privacy and ensuring the security of your personal information. This policy explains what information we collect, how we use it, and your rights regarding your personal data.

Data Controller

Novu Oy, registered in Finland, is the data controller responsible for processing your personal data in accordance with applicable data protection laws.

Information We Collect

We collect various types of information to provide and improve our services:

Personal Data

We collect personal information that you voluntarily provide to us, including:

• Name, email address, and contact information

• Account credentials and profile information

• Health and wellness data you choose to share

• Communication preferences and feedback

Derivative Data

We automatically collect certain information when you use our Application, including device information, usage patterns, and performance data.

Financial Data

If you make purchases through our Application, we collect payment information necessary to process transactions securely.

Push Notifications

We may send push notifications to your device to provide updates, reminders, and important information about our services.

Mobile Device Access

Our Application may request access to certain features of your mobile device, such as camera, microphone, or location services, to provide enhanced functionality.

Mobile Device Data

We collect information about your mobile device, including device type, operating system, unique device identifiers, and mobile network information.

Geo-Location Information

We may collect and use location information to provide location-based services and improve our Application's functionality.

AI Processing and Data Usage

Our Application uses artificial intelligence to provide personalized coaching services. This section explains how we process your data for AI purposes:

We may transmit certain data to third-party AI service providers to enhance our coaching capabilities. This includes anonymized health data, user preferences, and interaction patterns that help improve the quality of our AI-powered recommendations.

We use your data only for legitimate business purposes, including service improvement, personalization, and user experience enhancement. We do not sell your personal data to third parties.

We retain AI processing data for a limited period necessary to provide our services. Data is automatically deleted after 30 days unless required for operational purposes or legal compliance.

You have the right to opt-out of AI processing of your personal data at any time. Contact us to exercise this right or modify your data processing preferences.

You maintain control over your data and can request access, correction, or deletion of your personal information processed by our AI systems.

We implement appropriate security measures to protect your data during AI processing, including encryption and access controls.

If your data is transferred internationally for AI processing, we ensure appropriate safeguards are in place to protect your privacy rights.

AI Limitations and Disclaimers

Our AI-powered features are designed to provide helpful guidance and support, but they are not a substitute for professional medical, psychological, or legal advice.

AI responses are generated based on available data and may not always be accurate or appropriate for your specific situation.

We continuously work to improve our AI systems, but we cannot guarantee perfect accuracy or reliability of AI-generated content.

Tracking Technologies

We use various tracking technologies to improve our services and understand user behavior:

We use cookies and similar technologies to remember your preferences, analyze usage patterns, and provide personalized experiences.

We may use web beacons and tracking pixels to monitor email delivery and user engagement with our communications.

We work with third-party analytics providers to understand how users interact with our Application and improve our services.

Use of Information

We use the information we collect for various purposes, including:

• Providing and maintaining our Application
• Personalizing your experience and delivering relevant content
• Processing transactions and managing your account
• Communicating with you about updates and new features
• Improving our services through data analysis
• Ensuring security and preventing fraud
• Complying with legal obligations

Data Protection and Your Rights

We are committed to protecting your personal data and ensuring your privacy rights are respected. This section outlines your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you voluntarily provide information and consent to its processing
• Contract Performance: To fulfill our obligations under our terms of service and provide the Application
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

Your Data Subject Rights

Under applicable data protection laws, you have the following rights:

• Right of Access: Request copies of your personal data and information about how it's processed
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of processing under certain circumstances
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@withnovu.com. We will respond to your request within one month of receipt.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account data: Retained while your account is active and for 3 years after account closure
• Transaction data: Retained for 7 years for accounting and tax compliance purposes
• Marketing data: Retained until you unsubscribe or withdraw consent
• AI processing data: Deleted within 30 days of processing unless required for operational purposes

Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with applicable data protection laws. The relevant supervisory authority for Novu Oy is the Finnish Data Protection Authority (Tietosuojavaltuutettu).

Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. These third parties are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Contact Information