Privacy Policy
Last updated: February 21, 2026
1. Introduction
Novara.chat ("Service") is owned and operated by AIBoost365 ("we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including when accessed via the iOS App Store or Shopify App Store.
By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you register, we collect:
- Email address (required)
- Full name (optional)
- Profile picture (optional)
- Business information for invoicing (optional)
2.2 Payment Information
Payment processing is handled by Stripe (web) or Apple In-App Purchase (iOS app). We do not store your credit card details. We receive and store:
- Billing address (Stripe payments only)
- Payment confirmation details
- Subscription status and history
For subscriptions purchased through the iOS app, billing is managed entirely by Apple. To manage or cancel an iOS subscription, go to iOS Settings → your Apple ID → Subscriptions. Subscription status is shared with us via RevenueCat (see Subprocessors) to maintain access to your account features.
2.3 Training Content
Content you upload to train your chatbot:
- Website URLs and their scraped content
- Uploaded documents (PDF, TXT, etc.)
- Custom text content
2.4 Conversation Data
We store chat conversations between your chatbot and website visitors:
- Chat messages (user and assistant)
- Session metadata (timestamps, visitor ID)
- Analytics data (message counts, response times)
2.5 Booking Data
For users of our booking system feature:
- Customer names, emails, and phone numbers
- Appointment details and history
- Personnel and service information
2.6 Usage Data
We automatically collect:
- Pages visited and features used
- Device type and browser information
- IP address (anonymized for analytics)
- Error logs and performance data
2.7 Push Notification Tokens (iOS App)
When you grant notification permission in the Novara iOS app, your device's Apple Push Notification Service (APNS) token is collected and stored securely on our servers. This token is used solely to deliver notifications about new customer conversations to your device.
- The token is linked to your account and deleted when you sign out of the app or delete your account
- You can revoke notification permission at any time via iOS Settings → Notifications → Novara
- We do not use push tokens for advertising or tracking
2.8 Biometric Authentication (iOS App)
The Novara iOS app offers Face ID / Touch ID for convenient sign-in. When you enable biometric sign-in:
- Your biometric data (face or fingerprint) never leaves your device and is never transmitted to our servers. Authentication is performed entirely by iOS using Apple's Secure Enclave.
- We store an encrypted Supabase session token in your device's secure local storage (iOS Keychain via Capacitor Preferences). This token is used only to restore your session after a successful biometric check.
- You can disable biometric sign-in at any time via iOS Settings → Face ID & Passcode or by signing out of the app.
3. Purpose of Data Collection
We use collected information to:
- Provide the Service: Create chatbots, process conversations, manage bookings
- Process payments: Handle subscriptions and billing
- Communicate: Send service updates, booking confirmations, and support responses
- Improve: Analyze usage patterns to enhance features and fix bugs
- Secure: Detect and prevent fraud, abuse, and technical issues
- Legal compliance: Meet regulatory and legal obligations
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Training content | Until deleted by user or 30 days after account closure |
| Chat conversations | Until deleted by user or 30 days after account closure |
| Booking data | Until deleted by user or 30 days after account closure |
| Payment/invoice records | 7 years (legal requirement) |
| Usage analytics | 24 months (anonymized) |
| Push notification tokens | Until sign-out from iOS app or account deletion |
| Biometric session tokens (iOS Keychain) | Stored locally on your device only; deleted on sign-out or app removal |
5. Subprocessors
We share data with the following service providers who process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database & Authentication | All account and application data | US (AWS) |
| Stripe | Payment Processing | Billing information, payment details | US |
| OpenAI | AI Model for Chatbot Responses | Training content, chat messages | US |
| Vercel | Hosting & CDN | Application logs, request data | Global (Edge) |
| Resend | Email Delivery | Email addresses, notification content | US |
| Apple Inc. | iOS App Distribution, Push Notifications (APNS), In-App Purchases | APNS device token, purchase receipts | US |
| RevenueCat | iOS In-App Purchase Management | User ID, purchase history, subscription status | US |
Each subprocessor operates under their own privacy policy and data processing agreements with appropriate security measures.
6. Data Sharing
We may share your information:
- With subprocessors: As listed above, to provide the Service
- Legal requirements: When required by law, subpoena, or court order
- Business transfers: In connection with a merger, acquisition, or sale of assets (with notice)
- With your consent: For any other purpose with your explicit permission
We do not sell your personal information to third parties.
7. Your Rights
You have the right to:
- Access: Download a copy of your data via Account Settings → Export My Data
- Correction: Update your profile and account information
- Deletion: Delete your account via Account Settings → Delete Account
- Portability: Export your data in JSON format
- Opt-out: Unsubscribe from marketing emails (transactional emails cannot be disabled)
- Withdraw consent: Where processing is based on consent
To exercise these rights, use the self-service options in your Account Settings or contact us at support@novara.chat.
8. Account Deletion
You can delete your account at any time through Account Settings → Delete Account. When you delete your account:
- Your profile and personal information are permanently deleted
- All chatbots, training data, and conversations are deleted
- All booking systems and appointment data are deleted
- Your subscription is cancelled
- Invoice records are anonymized but retained for 7 years (legal requirement)
Deletion is processed immediately. Some cached data may take up to 30 days to be purged from backup systems.
9. Data Security
We implement industry-standard security measures:
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Secure authentication with password hashing
- Row-level security policies in our database
- Regular security audits and updates
For more details, see our Security page.
10. Cookies
We use the following cookies:
- Essential cookies: Authentication and session management (required)
- Analytics cookies: Understanding Service usage (can be disabled in browser)
We do not use advertising or tracking cookies. You can control cookie preferences through your browser settings.
11. International Data Transfers
Your information may be transferred to and processed in the United States and other countries. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.
12. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.
13. California Privacy Rights (CCPA)
California residents have additional rights under the CCPA:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
14. iOS App — Additional Information
Sign in with Apple
When you sign in using "Sign in with Apple", Apple may provide us with a verified email address or an Apple-generated relay address. We use this solely to create and identify your account. We do not share it with third parties. Apple's privacy practices for Sign in with Apple are governed by Apple's Privacy Policy.
In-App Purchases and Subscriptions
Subscriptions purchased inside the Novara iOS app are processed by Apple. Apple collects payment information; we never see your card number or billing details for iOS purchases. To cancel or manage your subscription, go to iOS Settings → [your name] → Subscriptions → Novara. Refund requests for iOS purchases must be directed to Apple.
Push Notifications
We send push notifications to alert you of new customer conversations. You can disable notifications at any time in iOS Settings → Notifications → Novara. Disabling notifications does not affect your account or data.
Local Device Storage
The iOS app may store a session token in your device's secure local storage (iOS Keychain) to enable biometric sign-in. This data remains on your device and is not backed up to iCloud or transmitted to our servers.
15. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Service at least 30 days before they take effect.
16. Contact Us
For questions about this Privacy Policy, data practices, or to exercise your rights:
- Email: support@novara.chat
- Support page: novara.chat/support
Operated by: AIBoost365
© 2026 Novara.chat. All rights reserved.