Privacy Policy

Last Updated: Jun 15, 2023

NovelyAi (referred to as "Service," “we,” “us,” or “our”) is committed to safeguarding the personal information it collects when you use our website at novelyai.com (the “Site”), mobile applications (the “Apps”), and together, the “Services.” This Privacy Policy covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal data; in plain language, keeping legal and technical jargon to a minimum. If you have any questions about this Policy, please contact us at customerdesk@novelyai.com.

If there is any inconsistency or ambiguity between the English version and any other language version, the English version shall prevail.

By using the Services, you agree to the terms of this Privacy Policy. You shouldn’t use the Services if you don’t agree with this Privacy Policy or any other agreement that governs your use of the Services.

1. What This Privacy Policy Covers

This Privacy Policy describes how our mobile applications, websites, and products collect, store, use, and share your personal information. It also describes how you can control and protect your privacy on our Service.

2. What Data We Collect

We collect certain data from you directly, like the information you enter yourself, data about your usage, and data from third-party platforms you connect with us. We also collect some data automatically, like information about your device and what parts of our Services you interact with or spend time using.

2.1 Collection of Personal Data and Method

The personal data of users collected and used by NovelyAi, in particular, are as follows: your order information if you make a purchase through in-app purchase and identifier for advertisers designated in your mobile device used in accessing our services (The Identifier for Advertisers-IDFA), and Internet Protocol Address-IP Address.

We may collect IP address, device type, device-specific and apps settings and characteristics, app crashes, advertising IDs (such as Google’s AAID and Apple’s IDFA, browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser through Google Firebase for analytics and diagnostics.

We may collect your log data generated while using our services/applications(through our products or third-party products). This log data may include information such as your device’s Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our service/application, the time/date of your use of the service/application, and other statistics.

2.2. Data You Provide to Us

We may collect different data from or about you depending on how you use the Services. When you create an account and use the Services, including through a third-party platform, we collect any data you provide directly, including

a. Account Data: In order to use certain features (registering for an account), when you create or update your account, we collect and store the data you provide, like your email address, phone number, username, gender, and date of birth, and assign you a unique identifying number (“Account Data”).

b. Usage Data: When you use our Services and features, we collect certain data, including; texts, in-app purchase history, other user-generated content, crash and diagnostics data, and other user data as part of the operation of the Services.

c. Paid Services Data: All our paid services are through iOS or Android platforms. We only receive a receipt of your transaction provided by these platforms.

d. Communications and Support Data: If you contact us for support or to report a problem or concern (regardless of whether you have created an account), we collect and store your contact information, messages, and other data about you like your name, email address, location, operating system, IP address, and any other data you provide or that we collect through automated means (which we cover below). We use this data to respond to you and research your question or concern in accordance with this Privacy Policy.

2.3. Data From Others

In addition to the information you provide us directly, we receive information about you from others or by automated means, including;

a. System Data: Technical data about your computer or device, like your IP address, device type, operating system and version, unique device identifiers, device language, device-specific and apps settings and characteristics, app crashes, advertising IDs (such as Google’s AAID and Apple’s IDFA), browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser, and other systems data, and platform types (“System Data”).

b. Usage Data: We collect information about your activity on our Services, for instance, how you use them (e.g., date and time you logged in, features you’ve been using, and advertising you click on).

c. Approximate Geographic Data: An approximate geographic location, including information like country, city, and geographic coordinates, calculated based on your IP address.

d. Other Partners: We may receive info about you from our partners, for instance, where our ads are published on a partner’s websites and platforms (in which case they may pass along details on a campaign’s success).

3.1 Analytics

We use tools like cookies, web beacons, analytics services, and advertising providers to gather the data listed below. Some of these tools offer you the ability to opt-out of data collection.

3.1 Analytics

We use third-party SDKs to analyze data to give better service to our users. The information we give and receive are non-user-specific. We use these tools to analyze your use of the Services, including information like third-party websites you arrive from, how often you visit, events within the Service, usage and performance data, and more. We use this data to improve the Services, better understand how the Services perform on different devices and provide information that may be of interest to you. All the information we send is anonymized and cannot be tracked back to specific users. In other words, it is not possible to draw conclusions about a specific person. All the third-party SDKs we use are GDPR compliant.

a. 3rd Party Usage Analytics Tools: Firebase for analytics, crash logs, and diagnostics, while Appsflyer for ad tracking and analytics.

b. 3rd Party Conversion Tracking Tools: Appsflyer (https://www.appsflyer.com/trust/privacy/) is used for user conversion tracking.

c. Crash Detection Tools: We use Firebase (https://www.firebase.com/terms/privacy-policy.html) for crash detection. It facilitates the maintenance and improvement of the Services. All your crash data is collected anonymously.

4. What We Use Your Data For

The main reason we use your information is to deliver and improve our Services. Additionally, we use your info to help keep you safe and to provide you with advertising that may be of interest to you. Read on for a more detailed explanation of the various reasons we use your information, together with practical examples.

  • To administer your account and provide our Services to you
  • Create and manage your account
  • Provide you with customer support and respond to your requests
  • Complete your transactions
  • Communicate with you about our Services, including order management and billing
  • To ensure a consistent experience across your devices
  • To serve you with relevant offers and ads
  • To improve our Services and develop new ones
  • Conduct research and analysis of users’ behavior to improve our Services and content (for instance, we may decide to change the look and feel or even substantially modify a given feature based on users’ behavior)
  • To prevent, detect and fight fraud or other illegal or unauthorized activities
  • Comply with legal requirements
  • Enforce or exercise our rights, for example, our Terms
  • To process your information as described above, we rely on the following legal bases:

Provide our service to you: Most of the time, the reason we process your information is to perform the contract that you have with us.

Legitimate interests: We may use your information where we have legitimate interests. For instance, we analyze users’ behavior on our Services to continuously improve our offerings, we suggest offers we think might interest you, and we process information for administrative, fraud detection, and other legal purposes.

Consent: From time to time, we may ask for your consent to use your information for certain specific reasons. You may withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Policy.

5. Data Retention

We keep your personal information only as long as we need it for legitimate business purposes and as permitted by applicable law. To protect the safety and security of our users on and off our services, we implement a safety retention window of 6 months following account deletion unless there is a technical difficulty.

In practice, we delete or anonymize your information upon the deletion of your account (following the safety retention window) or after 10 years of continuous inactivity. An account is considered inactive when the Application of the Member has not established contact with servers, and the Member has not used the Application. In any event, the Account of a Premium Member is not considered inactive.

Unless:

  • We must keep it to comply with applicable law (for instance, if you make purchases within the App, some personal data may need to be kept for tax and accounting purposes);
  • we must keep it to evidence our compliance with applicable law (for instance, records of consents to our Terms, Privacy Policy, and other similar consents are kept for five years);
  • there is an outstanding issue, claim, or dispute requiring us to keep the relevant information until it is resolved; or
  • the information must be kept for our legitimate business interests, such as fraud prevention and enhancing users' safety and security.
  • Correspondence with our Customer Support team will be retained for longer to allow us to deal with any subsequent queries you may have but will usually be deleted within 6 years if there are no queries.
  • Anonymized information about activity on our Services is retained for more extended periods of time for statistical and product research purposes, but this is not attributable to an individual once the profile has been deleted.

Keep in mind that even though our systems are designed to carry out data deletion processes according to the above guidelines, we cannot promise that all data will be deleted within a specific time frame due to technical constraints. The deleted data may also be available for up to 72 hours due to caching systems and the interconnection of proxy servers.

6. Data Protection and Security

We work hard to protect you from unauthorized access to or alteration, disclosure, or destruction of your personal information. As with all technology companies, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information will always remain secure. Your password is an essential part of our security system, and it is your responsibility to protect it. You should not share your password with any third party, and if you believe your password or account has been compromised, you should change it immediately and contact us with any concerns.

We regularly monitor our systems for possible vulnerabilities and attacks and regularly review our information collection, storage, and processing practices to update our physical, technical, and organizational security measures.

We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe your account or information is no longer secure, please notify us immediately.

We are not responsible for virus protection outside our service network. We are also not responsible for the damage or destruction of user data. We will pursue every detected attack by hackers, etc., under civil law and, if necessary, by the prosecution.

In case of a breach, we will notify; the EU representatives, our DPO, and our users who were or potentially were affected by the breach within 72 hours of the attack. We will get in contact via email. Thus, you must sign up with a valid email address that you often check so you are notified of any harmful attacks that may occur.

7. Your Rights

You have certain rights around the use of your data, including the ability to opt out of promotional emails, cookies, and the collection of your data by certain analytics providers. You can update or terminate your account within our Services and contact us for individual rights requests about your personal data. Privacy laws applicable in your country may give you the following rights:

  • Right to be informed: what personal data an organization is processing and why (this notice).
  • Right of access: you can request a copy of your data.
  • Right of rectification: if the data held is inaccurate, you have the right to have it corrected.
  • Right to erasure: you have the right to have your data deleted in certain circumstances.
  • Right to restrict processing: in limited circumstances, you have the right to request that processing is stopped but the data retained.
  • Right to data portability: you can request a copy of your data in a machine-readable form that can be transferred to another provider.
  • Right to object: in certain circumstances (including where data is processed on the basis of legitimate interests or for the purposes of marketing), you may object to that processing.
  • Rights related to automated decision-making, including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision that has legal or significant effects for the individual. In these circumstances, your rights include the right to ensure that there is human intervention in the decision-making process.
  • The particular rights which are applicable to you (which might include other rights not listed above) may vary depending on your country. You should make yourself aware of the rights you have under applicable privacy laws in your country.

We want you to be in control of your information, so we have provided you with the following tools:

Access / Update tools in the service: Tools and account settings that help you to access, rectify, or delete information that you provided to us and that’s associated with your account directly within the service.

Device permissions: Mobile platforms have permission systems for specific types of device data and notifications, such as gallery permissions as well as push notifications. You can change your settings on your device to either consent to or oppose the collection of the corresponding information or the display of the corresponding notifications. Of course, if you do that, certain services may lose full functionality.

Deletion: You can delete your account by using the corresponding functionality directly on the service.

We want you to be aware of your privacy rights. Here are a few key points to remember:

Reviewing your information: Applicable privacy laws may give you the right to review the personal information we keep about you (depending on the jurisdiction, this may be called the right of access, right of portability, or variations of those terms). You can request a copy of your personal information by sending us an email at customerdesk@novelyai.com.

Updating your information: If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please contact us via customerdesk@novelyai.com.

For your protection and the protection of all of our users, please provide proof of identity before we can answer the above requests.

Keep in mind we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property, or the privacy of another user.

Uninstall: You can stop all information collected by an app by uninstalling it using the standard uninstall process for your device. If you uninstall the app from your mobile device, the unique identifier associated with your device will continue to be stored. If you reinstall the application on the same mobile device, we will be able to re-associate this identifier from your previous transactions and activities.

Accountability: In certain countries, including the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal information. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work, or where we are established.

If you want to exercise any of your rights listed above, please email us at customerdesk@novelyai.com

8. International Transfer Policy

In order to provide the Services to you, we must transfer your data to our servers and process it there. By visiting or using our Services, you consent to the storage of your data on servers. If you are using the Services, you consent to the transfer, storage, and processing of your data. Specifically, personal data collected in Switzerland and the European Economic Area (“EEA”) is transferred and stored outside those areas.

That data is also processed outside of Switzerland and the EEA by our group companies, or our service providers, including processing transactions, facilitating payments, and providing support services. We have entered into data processing agreements with our service providers that restrict and regulate their processing of your data on our behalf. By submitting your data or using our Services, you consent to this transfer, storage, and processing by us and its processors. We operate a global network of servers in Germany, the Netherlands, Turkey, and Canada. Data collected by advertising partners may also be held outside the European Economic Area. We ensure that the data is adequately protected by ensuring that valid, legal mechanisms are in place. For European users, if your data is transferred internationally (outside of the EEA), we rely on standard contractual clauses and additional security measures in line with the relevant clauses in the GDPR and the relevant case law. If you want more information relating to the nature of the safeguards we have in place, please email customerdesk@novelyai.com.

9. California Privacy Rights

Consumers residing in California have some additional rights with respect to their personal information under the California Consumer Privacy Act (“CCPA”).

Your California Consumer Rights:

California consumers have the right to request access to the personal information we have collected about them in the last 12 months. You may make this request up to two times in a 12-month period. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the categories of sources of such collection, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share and sell your personal information, the categories of personal information we have disclosed and sold about you in the preceding 12 months, and the categories of third parties to whom we sold personal information in the preceding 12 months. If you are a California consumer, you also have the right to request the deletion of your personal information (subject to certain exceptions), to opt-out of sales of personal information (we never sell user information, regardless of the country they are located in) and to receive equal service and price and not be discriminated against even if you exercise any of your CCPA rights.

California consumers may make a rights request by emailing us at customerdesk@novelyai.com. Your request must include sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, which may include your email address, name, and username. If you have an account with us, you can find your account id on your main account page after you log in. We will not discriminate against you if you exercise your rights under the CCPA.

10. Privacy Policy Changes

Because we’re always looking for new and innovative ways to help you build meaningful connections, this policy may change over time. We will notify you before any material changes take effect so you have time to review the changes.

11. Contact Us

If you have any questions regarding this privacy policy or the processing of your personal data, you can contact us directly. We are also available to you in the case of requests for information, requests, or complaints:

Address:

Yesilkoy SB Mah. ISBI Plaza Sokak ISBI Plaza

Bakırkoy/ISTANBUL

E-mail: customerdesk@novelyai.com

12. Legal Notice

For European citizens or residents:

You can exercise your rights as a data subject (right to be informed; right of access; right to rectification; right to erasure; right to restriction; right of data portability; and the right to object) by contacting our European representative:

EU Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), NovelyAi has appointed Naq Cyber B.V. as its GDPR representative in the EU. If you usually reside in an EU Member State, you can contact Borlux Ltd regarding matters pertaining to the GDPR by:

Contact: Nadia Kadhim

Address: Vlamingstraat 4, 2712BZ Zoetermeer, Netherlands

Email: privacy@naqcyber.com

When contacting our European representative, always mention our name and the nature of your request or inquiry in the subject of your email.