This Privacy Policy (hereinafter referred to as the “Policy”) aims to clarify the relevant rules for the NovaTalk Software (hereinafter referred to as the “Software”) for collecting, using, storing, transmitting, and disclosing users‘ personal information and data, to safeguard users‘ privacy rights and data security, to strictly comply with the International General Data Protection Principles (including but not limited to the EU GDPR, U.S. CCPA, Brazilian LGPD, etc.), to comply with the “Privacy by Design” (PbD) principles, and to integrate privacy protection into the entire life cycle of the Software. This Policy applies to all users who use the Software (hereinafter referred to as “Users”), regardless of the device through which users access or use the Software (computer, mobile terminal, etc.). The use of this Software is considered as if the user has fully read, understood and agreed to all the terms of this Policy; if the user does not agree to this Policy, they should immediately stop using this Software.
1. Definition and scope
1.1 Core Definitions
1.1.1 Personal Information: Means information that can identify a specific natural person individually or in combination with other information, including but not limited to names, email addresses, device identifiers, IP addresses, usage records, AI interaction content, communication information, etc., conforming to the standards that the International General Data Protection Regulation defines for personal information, covering the core definitions of personal data in the EU GDPR.
1.1.2 Non-Personal Information: Means information that cannot identify a specific natural person, including but not limited to software usage statistics, anonymized processing of user behavior data, system execution logs, AI interaction desensitization data, etc. This type of data can be used for software optimization, industry research and AI model training, and will remain anonymized.
1.1.3 Third-party services: Means services provided by third parties that are integrated or linked to this Software (such as cloud storage, data analysis, payments, etc.), whose privacy policies are independent of this Policy, the user‘s use of third-party services is subject to third-party privacy regulations, this Software does not assume any privacy-related responsibility for third-party services, and third-party services must comply with the data protection laws of the region in which they are located.
1.2 Applicability Scope
1.2.1 This Policy applies to all functional modules, services, and related extended services of this Software, including but not limited to all service scenarios such as account registration, AI interactions, data storage, feature upgrades, customer service consultations, etc., covering privacy protections throughout the lifetime of the Software.
1.2.2 This Policy does not apply to third-party services. The third party is independently responsible for the privacy protection of third-party services. If users develop privacy-related issues due to using third-party services, they should communicate directly with the third party to resolve them. This Software provides only an access channel and does not participate in the operation of third-party services.
2. Information Collection
2.1 Collecting Principles
2.1.1 Legitimacy Principles: Collecting user information only when obtaining the user‘s explicit consent, necessary for the fulfillment of the service agreement, or in compliance with relevant international laws, regulations, and treaty provisions, strictly following the core requirements of “informed consent,” adopting an active consent mode, preventing unauthorized collection of information, and complying with the requirements of Article 6 of the EU GDPR regarding data processing legitimacy.
2.1.2 Minimum Required Principle: Collect only the user information necessary to realize the core functionality of this Software, do not collect information that is not related to the Service, control the scope of information collection to a minimum, implement the core requirements of “Design as Privacy,” and avoid the privacy risks associated with redundant data collection.
2.1.3 Transparency Principles: Clearly inform users of the purpose, scope, method, and use of information collected, ensure that users are aware and have the freedom to choose whether to provide it, do not conceal any matters related to information collection, ensure users‘ right to be informed, and comply with the transparency requirements of international data protection.
2.2 Scope and method of collection
2.2.1 Account Related Information: When users register for this Software account, they are required to provide a real, valid, and legitimate email address as a login credential. We will collect the email address provided by users for core purposes such as account verification, password recovery, service notifications, security alerts, etc., without collecting additional non-personal information.
2.2.2 Interaction and Usage Behavior Information: When users use this Software AI feature, interaction instructions sent by users, feedback information, and usage behavior data (including software startup time, feature usage records, device model, operating system version, IP address, log data, etc.) will be collected to optimize AI response accuracy, improve service experience, and ensure software security, all data collection complying with the minimum necessary principles.
2.2.3. Voluntarily provided information: When users voluntarily provide additional information (such as preferences, requirements descriptions, etc.) when using specific features of this Software, we will use it only for the implementation of that specific feature, not for other purposes, and users can withdraw the voluntarily provided information at any time, exercising data control.
3. Information Use and Storage
3.1 Information Usage
3.1.1 Core Service Usage: Using the collected information to provide users with the core functionality of this Software, including account login, AI interaction, data storage, service push, etc., to ensure that the service operates properly and reliably, meets user usage needs, and all usage behaviors comply with the scope of user authorization.
3.1.2 Optimize Service Usage: Based on user usage behavior information, interaction content, analyze user needs preferences, optimize AI algorithms, software feature design, and interface interactions, improve service personalization and convenience, improve user usage experience, and de-sensitize personal information during use.
3.1.3 Security Assurance Use: Use of user information to identify unusual login, malicious use, sending spam information, and other behaviors, prevent account theft, information leakage, and other security risks, protect user accounts and data security, comply with international data security protection requirements, and implement security principles for the entire life cycle of data.
3.1.4 Use Restrictions: Use of information not beyond the scope of the user‘s consent, and do not use the user‘s personal information for other purposes unrelated to this Software Services, except with the explicit authorization of the user or in compliance with relevant international laws, regulations and treaty provisions, and strictly prohibiting the misuse of information.
3.2 Information Storage
3.2.1 Storage locations: User information collected by this Software will be stored on servers that comply with international data protection standards (such as requirements of Article 48 of the EU GDPR), and the specific locations will be dynamically adjusted according to service optimization requirements to ensure compliance with local data protection regulations and cross-border data flow rules.
3.2.2 Retention Period: The minimum period of retention of personal information is necessary to achieve the purposes of the service. If the user signs out of the account, we will delete or anonymize all personal information processed by that user within 15 business days after the account sign-out is completed, except as otherwise stipulated by law, regulations and treaties, in accordance with the data minimization and storage limitation principles.
3.2.3 Storage security: Encrypt user information storage using internationally leading encryption technologies (such as SSL/TLS, AES-256), establish a well-established security management system, regularly conduct security detection, vulnerability remediation, and risk assessment, equip professional security teams to ensure data storage security, and implement “design-for-privacy” security requirements throughout the lifecycle.
4. Information Transfer and Disclosure
4.1 Information Transfer
4.1.1 Transfer Principles: Transfer user information only in order to achieve the purposes of this Software Services, obtain user consent or comply with relevant international laws, regulations and treaty requirements, employ encryption technologies during the transfer process to ensure the security, integrity of the information, prevent information from being intercepted, tampered with, or disclosed, and comply with the relevant requirements of the EU GDPR regarding cross-border data transfer.
4.1.2 Transfer scope: User information will be transferred only between the entity operating this Software and its authorized service provider, and the authorized service provider must strictly comply with this Policy and related confidentiality agreements, and may not use or disclose user information without permission; cross-border transfers will comply with data protection regulations of the relevant country or region, notify users in advance and obtain their consent, ensuring that data flows freely and securely under control.
4.2 Information Disclosure
4.2.1 No Disclosure: Do not disclose user personal information to any third party without the user‘s explicit consent, except as otherwise stipulated by law, regulations and treaties. Strictly protect user information from illegal disclosure and adhere to data privacy principles.
4.2.2 Permitted Disclosure: Disclosure of relevant information to third parties designated by the User with the User‘s written consent; Disclosure of User information necessary to comply with legal, regulatory, and contractual obligations, and in response to the legal requirements of judicial or regulatory authorities; Disclosure of User information to authorized service providers for the implementation of this Software Service, and strictly limiting the scope of use, ensuring that the service provider complies with its confidentiality obligations.
5. User Rights
5.1 Core Rights
5.1.1 Access rights: Users can log in to this Software account at any time to view their personal information (such as email, usage records, interactive content, etc.), understand the collection, use, and storage of information, ensure that users have the right to be aware of their information, and comply with the core rights granted to data subjects by the EU GDPR.
5.1.2 Correction Right: If you find that your personal information is inaccurate or incomplete, you can request a correction through the relevant features of this Software or contact Customer Service at aselnov@salma1eood.com. We will review and process your information within 3 working days to ensure the sourcing circumstances of your information.
5.1.3 Right to delete: Users can request to delete some or all of their personal information. If the deletion of information affects the normal provision of the service, we will inform the user of the relevant impact. After the user confirms, we will proceed with the deletion operation to ensure that the user‘s right to delete information complies with the requirements of international data protection regulations for the right to delete.
5.1.4 Right to sign off and right to withdraw consent: Users can apply to sign off their account, and after the account is signed off, the related data will be processed according to regulations; Users can withdraw their consent to the collection, use, transmission, and disclosure of information at any time, and upon withdrawal, the related information processing behavior will stop, and does not affect the legality of information processing activities that were completed based on the user‘s consent before withdrawal.
5.2 Rights Relief
5.2.1 If users believe that their privacy rights have been infringed, they can submit a complaint or complaint through the contact email provided in this Policy. We will process and provide feedback on the processing results within 5 working days to provide users with effective rights relief channels to ensure that their rights are realized.
6. Third-party services and policy updates
6.1 Third-party services
6.1.1 This Software may integrate or link to third-party services (such as cloud storage, data analysis, etc.), third-party services may collect relevant information about users, and their information processing behavior must comply with their own privacy policies and international data protection rules, and must not violate relevant laws and regulations as well as the core requirements of this Policy.
6.1.2 This Software provides only links or access channels to third-party services, does not control the information collection and use behavior of third-party services, and does not assume any privacy-related responsibility arising from third-party services. Users should carefully read their privacy policy before using third-party services and make their own decision whether to use them.
6.2 Policy Update
6.2.1 As international laws, regulations, and treaties are updated, software functions are optimized, and operational requirements are changed, this Policy may be revised. After revisions, update notices will be published at significant locations in this Software to inform users of the changes in the Policy, ensuring that users are aware of the changes in the Policy.
6.2.2 After updating this Policy, the user‘s continued use of this Software, effective from the date of publication, is considered to agree to the updated Policy; if the user does not agree to the updated Policy, they should immediately stop using this Software, through which the user can view the historical version of the Policy, ensuring the user‘s right to be informed.
7. Contact information and disclaimer
7.1 Contact information
7.1.1 If you have any questions, complaints, complaints about this Policy, or need to exercise any relevant rights, please contact us via the following email address: aselnov@salma1eood.com, and we will respond and handle them promptly, providing you with a convenient communication channel.
7.2 Disclaimer
7.2.1. The Software assumes no responsibility for the disclosure, loss, or tampering of user information due to irresistible forces (such as natural disasters, network disruptions, hacking attacks, etc.). The irresistible forces must comply with standards defined by international common law, and the Software will promptly take remedial measures after the irresistible force occurs.
7.2.2 Users are solely responsible for information security risks resulting from their own misconduct (such as leaking account passwords, improperly sharing personal information, using unofficial versions of the Software, etc.), and this Software assumes no related responsibility.
7.2.3 This Software assumes security responsibility only for the user information it collects, processes, and stores, not for the security of information provided by third-party services, clearly demarcates responsibility, and complies with the general disclaimer principles for international software operations.
This policy comes into effect from the day of publication. The final interpretation rights belong to the entity operating the NovaTalk software. It does not fulfill its duties. It is implemented according to international common data protection laws, regulations, and treaties, strictly conforming to core international data protection standards such as the EU GDPR.