Privacy Policy

1. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Service, and information from third-party sources.

1.1 Information You Provide to Us

Account Information:

• Name
• Email address
• Password (stored in hashed form)
• Company name (optional)
• Billing address (collected by Lemon Squeezy, our payment processor)
• Payment information (collected and processed by Lemon Squeezy; we do not store full credit card numbers)

WooCommerce Store Connection Information:

• WooCommerce store URLs
• WooCommerce API keys and credentials (stored in encrypted form)
• WordPress bridge plugin authentication tokens

Support and Communications:

• Support tickets and correspondence
• Feedback, questions, and comments you provide to us
• Survey responses (if you participate in our surveys)

Team Member Information (if applicable):

• Names and email addresses of team members you invite to your account
• Role and permission settings

1.2 Information We Collect Automatically

When you use the Service, we automatically collect certain information:

Usage Data:

• Features you use within the Service
• Pages and screens you view
• Time spent on pages
• Navigation paths through the Service
• Actions you take (e.g., connecting stores, configuring settings)
• Error logs and performance data

Device and Technical Information:

• IP address
• Browser type and version
• Device type and operating system
• Time zone and language settings
• Referring/exit pages and URLs

Cookies and Similar Technologies:

• See our Cookie Policy for detailed information

1.3 Information from WooCommerce Stores

When you connect your WooCommerce stores to NovoVendi, we access and process data from those stores to provide the Service:

Product Data:

• Product names, descriptions, SKUs, prices
• Inventory levels and stock status
• Product categories and tags
• Product images and metadata

Order Data:

• Order IDs, statuses, and dates
• Order line items and quantities
• Order totals and subtotals
• Shipping and tax information

Customer Data (from your WooCommerce stores):

• Customer names and email addresses
• Shipping and billing addresses
• Order history
• Any other customer data stored in your WooCommerce database

Important: For customer data from your WooCommerce stores, you are the data controller and NovoVendi acts as a data processor on your behalf. Our processing of this data is governed by our Data Processing Agreement (DPA).

Configuration and Settings Data:

• WooCommerce settings and configurations
• Plugin and theme information
• Store metadata

1.4 Information from Third Parties

Payment Information:

• We receive limited payment information from Lemon Squeezy (our payment processor), such as payment status, subscription plan, and the last 4 digits of your payment method.

Analytics Services:

• We use third-party analytics services (e.g., Google Analytics, Mixpanel, PostHog) that may collect information about your use of our website and Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Maintain the Service

• Create and manage your account
• Connect and synchronize your WooCommerce stores
• Display product, order, and customer data from your stores
• Enable global configuration management across multiple stores
• Process and fulfill your requests
• Provide customer support and respond to your inquiries
• Send you service-related communications (e.g., account notifications, security alerts)

2.2 To Process Payments and Manage Subscriptions

• Process subscription payments through Lemon Squeezy
• Manage billing and invoicing
• Detect and prevent fraud
• Comply with payment card industry (PCI) requirements (handled by Lemon Squeezy)

2.3 To Improve and Optimize the Service

• Analyze usage patterns and trends
• Monitor and improve Service performance and reliability
• Develop new features and functionality
• Conduct research and development
• Fix bugs and resolve technical issues
• Perform A/B testing and experimentation

2.4 To Communicate with You

• Send you updates, newsletters, and marketing communications (with your consent where required)
• Respond to your comments, questions, and support requests
• Send you important Service announcements (e.g., changes to Terms of Service, Privacy Policy)
• Request feedback or conduct surveys

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us at info@novovendi.com.

2.5 For Security and Fraud Prevention

• Detect, prevent, and investigate security incidents, fraud, and abuse
• Monitor for unauthorized access or use
• Enforce our Terms of Service and other policies
• Comply with legal obligations and protect our legal rights

2.6 For Legal and Compliance Purposes

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from government authorities
• Enforce our Terms of Service and other agreements
• Protect the rights, property, and safety of NovoVendi, our users, and others

2.7 For Aggregated and Anonymized Data

• Create aggregated, de-identified, or anonymized data that cannot be used to identify you
• Use such data for analytics, research, benchmarking, and industry reporting
• Share aggregated and anonymized data with third parties for business purposes

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data based on the following legal bases under the General Data Protection Regulation (GDPR):

3.1 Contract Performance

We process your personal data to perform our contract with you (the Terms of Service) and provide the Service you requested. This includes:

• Creating and managing your account
• Providing access to the Service
• Processing your WooCommerce store data
• Providing customer support

3.2 Legitimate Interests

We process certain data based on our legitimate business interests, such as:

• Improving and optimizing the Service
• Analyzing usage patterns and trends
• Detecting and preventing fraud and security threats
• Enforcing our Terms of Service
• Marketing our services to existing customers (where permitted)

We balance our legitimate interests against your privacy rights and only process data where our interests are not overridden by your rights.

3.3 Consent

For certain processing activities, we rely on your consent, including:

• Sending marketing communications (where consent is required by law)
• Using non-essential cookies and tracking technologies
• Processing special categories of personal data (if applicable)

You may withdraw your consent at any time by contacting us at info@novovendi.com or using the opt-out mechanisms we provide.

3.4 Legal Obligations

We process personal data when necessary to comply with legal obligations, such as:

• Responding to lawful requests from government authorities
• Complying with tax, accounting, and financial reporting requirements
• Maintaining records as required by law

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers and Sub-processors

We share information with third-party service providers who perform services on our behalf, including:

A complete list of our current sub-processors is available in our Data Processing Agreement.

These service providers have access to your personal information only to perform tasks on our behalf and are obligated to protect your information and use it only for the purposes we specify.

4.2 Business Transfers

If NovoVendi is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government investigations). We may also disclose information when we believe it is necessary to:

• Comply with applicable laws and regulations
• Protect the rights, property, or safety of NovoVendi, our users, or others
• Detect, prevent, or investigate fraud, security issues, or technical problems
• Enforce our Terms of Service or other agreements

4.4 With Your Consent

We may share your information with third parties when you give us your explicit consent to do so.

4.5 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot be used to identify you with third parties for analytics, research, marketing, and other business purposes.

5. International Data Transfers

NovoVendi is based in the United States (Florida), and our servers and service providers are primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

5.1 Transfers from the EEA, UK, and Switzerland

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we ensure that transfers of your personal data to the United States and other countries are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We use the European Commission-approved Standard Contractual Clauses for transfers to countries that do not provide an adequate level of data protection. See our Data Processing Agreement for details.

• Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission recognizing certain countries as providing adequate data protection.

• Your Consent: In some cases, we may transfer data based on your explicit consent.

For more information about international data transfers, please see our Data Processing Agreement.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

Account Data:

• We retain your account information (name, email, etc.) for as long as your account is active or as needed to provide you with the Service.
• If you delete your account, we will delete your account information within 30 days, except for information we are required to retain by law.

WooCommerce Store Data:

• We retain product, order, and customer data from your WooCommerce stores for as long as you use the Service and the stores remain connected.
• When you disconnect a store or delete your account, this data is deleted within 30 days.

Backup Data:

• Deleted data may remain in our backup systems for up to 90 days before being permanently purged.

Usage and Analytics Data:

• We retain usage and analytics data in aggregated or anonymized form indefinitely for research and Service improvement purposes.

Communications and Support Data:

• We retain support tickets and communications for 3 years to improve customer support and resolve disputes.

Legal and Compliance Data:

• We retain certain data (e.g., payment records, Terms of Service acceptance logs) as required by applicable laws, typically for 3-7 years depending on the legal requirement.

6.2 Data Deletion

You may request deletion of your personal data at any time by:

• Deleting your account through Account Settings
• Contacting us at info@novovendi.com

Upon deletion, we will delete or anonymize your personal data within 30 days, except for data we are required to retain by law.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

7.1 Rights for All Users

Access and Correction:

• You can access and update your account information at any time by logging into your account and visiting Account Settings.
• For other information, you can request access or correction by contacting us at info@novovendi.com.

Account Deletion:

• You can delete your account at any time through Account Settings. Upon deletion, your personal data will be deleted within 30 days (see Data Retention section).

Opt-Out of Marketing:

• You can opt out of marketing emails by clicking the "unsubscribe" link in our emails or by contacting us at info@novovendi.com.

7.2 Additional Rights for EEA, UK, and Swiss Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have the following additional rights under the GDPR:

Right of Access (Article 15):

• You have the right to request a copy of the personal data we hold about you.

Right to Rectification (Article 16):

• You have the right to request that we correct inaccurate or incomplete personal data.

Right to Erasure / "Right to be Forgotten" (Article 17):

• You have the right to request that we delete your personal data in certain circumstances (e.g., when the data is no longer necessary, you withdraw consent, or you object to processing).

Right to Restriction of Processing (Article 18):

• You have the right to request that we restrict processing of your personal data in certain circumstances (e.g., while we verify the accuracy of data or assess a legitimate interest claim).

Right to Data Portability (Article 20):

• You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON, CSV) and to transmit it to another controller.

Right to Object (Article 21):

• You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent:

• Where we process your personal data based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint:

• You have the right to lodge a complaint with a supervisory authority (data protection authority) in your jurisdiction if you believe our processing of your personal data violates the GDPR.
• For a list of EU supervisory authorities, visit: https://edpb.europa.eu/about-edpb/board/members_en

To exercise your GDPR rights, please contact us at info@novovendi.com.

We will respond to your request within 30 days (or as otherwise required by law). We may ask you to verify your identity before processing your request.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

8.1 Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information from California residents:

8.2 Use and Disclosure of Personal Information

We use and disclose these categories of personal information for the business and commercial purposes described in Section 2 (How We Use Your Information).

We share personal information with the categories of third parties described in Section 4 (How We Share Your Information).

8.3 Your California Privacy Rights

Right to Know:

• You have the right to request that we disclose:
• The categories of personal information we collected about you
• The categories of sources from which we collected personal information
• The business or commercial purposes for collecting or selling personal information
• The categories of third parties with whom we share personal information
• The specific pieces of personal information we collected about you

Right to Delete:

• You have the right to request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention).

Right to Correct:

• You have the right to request that we correct inaccurate personal information we maintain about you.

Right to Opt-Out of Sale or Sharing:

• We do not sell or share your personal information for cross-context behavioral advertising.
• If this changes in the future, we will update this Privacy Policy and provide you with an opt-out mechanism.

Right to Limit Use of Sensitive Personal Information:

• We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA (e.g., providing the Service, security, legal compliance).

Right to Non-Discrimination:

• We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by:
• Denying you goods or services
• Charging different prices or rates
• Providing a different level or quality of service

8.4 How to Exercise Your California Rights

To exercise your California privacy rights, you may:

• Email us: info@novovendi.com
• Submit a request: Through our website (if we implement a webform for CCPA requests)

We will verify your identity before processing your request. We may ask for additional information to confirm your identity (e.g., account email, recent activity).

We will respond to verifiable requests within 45 days (or as otherwise required by law). If we need more time, we will notify you and explain the reason for the delay.

Authorized Agents:

You may designate an authorized agent to make a request on your behalf. We will require written proof that the agent is authorized to act on your behalf.

8.5 California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

9. Security of Your Information

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized or unlawful processing, accidental loss, destruction, or damage.

9.1 Security Measures

Our security measures include:

Technical Safeguards:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent.
• Secure Credential Storage: API keys, passwords, and authentication tokens are stored in encrypted form and never exposed in plain text.
• Access Controls: Role-based access control (RBAC) limits employee access to personal data to only those who need it to perform their job functions.
• Multi-Factor Authentication (MFA): We require MFA for employee access to production systems and offer it to customers for account access.
• Firewalls and Intrusion Detection: Network-level security measures protect against unauthorized access and attacks.
• Security Monitoring: Continuous monitoring and logging of system access and activities to detect and respond to security incidents.

Organizational Safeguards:

• Employee Training: All employees receive security and privacy training.
• Background Checks: Employees with access to personal data undergo background checks (where permitted by law).
• Incident Response Plan: We maintain a documented incident response plan and data breach notification procedures.
• Vendor Security Assessments: We assess the security practices of third-party service providers before engaging them.
• Regular Security Reviews: We conduct regular security assessments, penetration testing, and vulnerability scanning.

For a complete list of our security measures, see Annex III (Technical and Organizational Measures) of our Data Processing Agreement.

9.2 Your Responsibility

While we take extensive measures to protect your information, no method of transmission or storage is 100% secure. You are responsible for:

• Maintaining the confidentiality of your account password
• Securing your device and internet connection
• Logging out of your account when using shared or public devices
• Reporting any suspected security incidents to security@novovendi.com

9.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law:

• GDPR: Within 72 hours of becoming aware of a breach (for EU/UK/Swiss users)
• CCPA: Without unreasonable delay (for California residents)
• Other jurisdictions: As required by applicable state or federal law

Notifications will include information about the nature of the breach, the data affected, and steps you can take to protect yourself.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your use of our website and Service. For detailed information, please see our Cookie Policy.

10.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They allow websites to remember your preferences, authenticate your identity, and analyze usage patterns.

10.2 Types of Cookies We Use

Essential Cookies (Necessary):

• Required for the Service to function properly
• Enable authentication, security, and basic functionality
• Cannot be disabled without impairing Service functionality

Analytics Cookies (Performance):

• Help us understand how you use the Service
• Collect anonymous usage data and performance metrics
• Used to improve the Service and user experience

Functional Cookies (Preference):

• Remember your settings and preferences
• Provide enhanced features and personalization
• Example: language preference, dashboard layout

Marketing Cookies (Advertising):

• Used to deliver relevant advertisements (if applicable)
• Track the effectiveness of marketing campaigns
• May be provided by third-party advertising partners

10.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View and delete cookies
• Block all cookies or specific cookies
• Receive notifications when cookies are set

Note: Disabling essential cookies may impair Service functionality.

For more information on managing cookies, see our Cookie Policy.

10.4 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Currently, there is no industry standard for how to respond to DNT signals. We do not currently respond to DNT signals, but we will update this Privacy Policy if we adopt a DNT policy in the future.

11. Third-Party Services

11.1 Third-Party Links

Our website and Service may contain links to third-party websites, services, or resources that are not owned or controlled by NovoVendi. We are not responsible for the privacy practices or content of these third-party sites.

We encourage you to read the privacy policies of any third-party sites you visit.

11.2 WooCommerce and WordPress

NovoVendi integrates with WooCommerce (developed by Automattic Inc.) and WordPress.org. Your use of WooCommerce and WordPress is governed by their respective privacy policies:

• WooCommerce Privacy Policy: https://automattic.com/privacy/
• WordPress.org Privacy Policy: https://wordpress.org/about/privacy/

NovoVendi is an independent third-party service and is not affiliated with, endorsed by, or sponsored by Automattic Inc. or WordPress.org.

11.3 Lemon Squeezy (Payment Processor)

Payment processing is handled by Lemon Squeezy (operated by Sold through Link, LLC), our Merchant of Record. When you subscribe to NovoVendi, you provide payment information directly to Lemon Squeezy. We receive only limited payment information from Lemon Squeezy (e.g., payment status, subscription plan, last 4 digits of payment method).

Lemon Squeezy's privacy practices are governed by their Privacy Policy: https://www.lemonsqueezy.com/privacy

11.4 Analytics Services

We may use third-party analytics services (e.g., Google Analytics, Mixpanel, PostHog) to analyze usage of our website and Service. These services may use cookies and other tracking technologies to collect information about your use of the Service.

For more information about how these services collect and use data:

• Google Analytics: https://policies.google.com/privacy
• Mixpanel: https://mixpanel.com/legal/privacy-policy/
• PostHog: https://posthog.com/privacy

You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on: https://tools.google.com/dlpage/gaoptout

12. Children's Privacy

NovoVendi is a B2B SaaS platform intended for use by businesses, not individuals under the age of 18. We do not knowingly collect personal information from children under 13 years of age (or the applicable age in your jurisdiction).

If you believe we have collected personal information from a child under 13, please contact us immediately at info@novovendi.com, and we will delete the information as soon as possible.

Note: If you process personal data of children through your WooCommerce stores (e.g., if you sell products to minors), you are responsible for complying with applicable laws regarding children's privacy (e.g., COPPA, GDPR Article 8). NovoVendi acts as a data processor and processes such data on your behalf in accordance with your instructions.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. When we make material changes, we will notify you by:

• Updating the "Last Updated" date at the top of this Privacy Policy
• Sending an email to the email address associated with your account (for material changes)
• Displaying a prominent notice within the Service

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must stop using the Service and may delete your account.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

NovoVendi LLC

Data Protection Contact

Palm Beach County, Florida, United States

Email: info@novovendi.com

Support: support@novovendi.com

Security Issues: security@novovendi.com

For GDPR-related inquiries:

If you are located in the EEA, UK, or Switzerland and have questions about our data processing practices, you may contact us using the information above.

If we appoint an EU representative in the future, their contact information will be provided here and at https://novovendi.com/privacy.

For CCPA-related inquiries:

California residents may submit privacy requests using the contact information above or by visiting our website.