Legal

Privacy Policy

How NovoVendi collects, uses, and protects personal information.

Company: NovoVendi
Last Updated: May 3, 2026

1. Introduction

This Privacy Policy explains how NovoVendi ("we", "us", "our") collects, uses, stores, and protects personal information when you use our WooCommerce multi-store management platform (the "Service"). We are committed to GDPR and CCPA/CPRA compliance.

2. Information We Collect

We collect account data (name, email, password hash, consent timestamps), service usage data, operational platform logs, and technical metadata (IP, browser, device info). If you connect WooCommerce stores, we process store configuration and operational data required to provide the Service.

3. Legal Basis for Processing (GDPR)

We process personal data under one or more lawful bases: contract performance, legitimate interests (security and platform reliability), consent (such as analytics cookies), and legal obligations.

4. How We Use Data

We use data to operate and secure the Service, authenticate accounts, provide support, deliver transactional notifications (including verification emails), improve platform quality, and satisfy legal obligations.

5. Sub-Processors and Sharing

We do not sell personal information. We share data only with service providers needed to run NovoVendi, such as:

Google Cloud Platform (GCP): hosting and infrastructure operations
Brevo: transactional email sending
Google Cloud Storage (GCS): file/object storage for platform assets and backups
Google Analytics (optional): aggregated usage analytics with consent
Google Identity Services (optional): Google SSO authentication

6. Cookies and Tracking

We use essential cookies for authentication and security. Optional analytics cookies are used only with consent where required. You can manage cookie settings in your browser and in-app controls.

7. Data Retention and Security

We retain data for as long as needed to provide the Service and meet legal obligations. We apply technical and organizational safeguards including password hashing, access controls, audit logging, and transport security.

8. International Data Transfers

Your information may be processed in the United States and other regions where our providers operate. Where required, we use appropriate safeguards such as standard contractual clauses.

9. Your Rights (GDPR/CCPA/CPRA)

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your data; restrict or object to processing; withdraw consent; and request non-discriminatory treatment when exercising privacy rights.

10. California Privacy Notice

California residents have rights to know, delete, and correct personal information, and to opt out of selling/sharing where applicable. NovoVendi does not sell personal information.

11. Changes to this Policy

We may update this Privacy Policy periodically. Material updates will be reflected by updating the "Last Updated" date and may be communicated through the Service or by email.

12. Contact

For privacy questions or rights requests, contact privacy@novovendi.com.