Privacy Policy

Noviqi Inc. ("Noviqi," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website, use our AI API gateway platform, or interact with our services. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access our services at noviqi.dev and any associated subdomains, APIs, or applications (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of the Service immediately.

If you have any questions about this Privacy Policy, please contact us at support@noviqi.com.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account, subscribe to a plan, or contact our support team, you may provide the following types of information:

• Account Information: Name, email address, password (hashed and salted using bcrypt), organization name, and billing address.
• Payment Information: Credit card numbers, billing addresses, and transaction history. Payment data is processed by our PCI-DSS compliant payment processor (Stripe) and is never stored on our servers.
• Profile Information: Avatar images, display preferences, timezone settings, and notification preferences.
• Communications: Content of support tickets, emails, and feedback you submit to us.
• API Configuration: Downstream provider API keys (encrypted with AES-256-GCM before storage), routing configurations, and optimization rule settings.

1.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical information:

• Device Information: Browser type and version, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited, features used, click patterns, session duration, and referral URLs.
• Log Data: IP address, access timestamps, request methods, response codes, and user agent strings.
• API Usage Metrics: Token counts (input/output), request latency, cache hit rates, optimization ratios, and error rates. We do not log or store the content of your API prompts or completions.

1.3 Information from Third Parties

We may receive information about you from third-party sources, including authentication providers (such as GitHub or Google) when you use social login, analytics services, and payment processors. We combine this information with other data we collect to provide and improve the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve the Noviqi platform, including token optimization, request caching, and intelligent routing.
• Account Management: To create and manage your account, authenticate your identity, and process subscription payments.
• Analytics & Insights: To generate usage analytics dashboards, track cost savings, and provide optimization recommendations.
• Communications: To send transactional emails (invoices, password resets, security alerts), product updates, and marketing communications (with your consent).
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• Product Development: To develop new features, conduct research, and improve our optimization algorithms using aggregated, anonymized usage patterns.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: We engage trusted third-party companies to perform services on our behalf, such as payment processing (Stripe), cloud infrastructure (AWS, Cloudflare), email delivery (Resend), and analytics (PostHog). These providers are contractually bound to use your data only as directed by us.
• Downstream AI Providers: When you route API requests through Noviqi, your optimized prompts are forwarded to the AI providers you configure (e.g., OpenAI, Anthropic). This data transfer is necessary to fulfill your API requests and is governed by each provider's privacy policy.
• Workspace Members: If you participate in a team workspace, other members of that workspace may see shared analytics, API key names (not values), and usage statistics.
• Legal Requirements: We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena or court order), or to protect the rights, property, or safety of Noviqi, our users, or others.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention periods include:

• Account Data: Retained for the lifetime of your account plus 30 days following deletion.
• API Usage Logs: Aggregated analytics are retained for 12 months. Detailed request logs are retained for 30 days.
• Billing Records: Retained for 7 years in accordance with tax and accounting obligations.
• Support Communications: Retained for 3 years following case resolution.
• Marketing Preferences: Retained until you unsubscribe or request deletion.

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.

5. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request correction of inaccurate or incomplete personal information.
• Deletion: You may request deletion of your personal information, subject to certain legal exceptions.
• Portability: You may request your data in a structured, commonly used, machine-readable format.
• Restriction: You may request that we restrict the processing of your personal information in certain circumstances.
• Objection: You may object to our processing of your personal information based on legitimate interests.
• Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@noviqi.com. We will respond to verified requests within 30 days.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with the Service. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

7. Security

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit using TLS 1.3
• Encryption of sensitive data at rest using AES-256-GCM
• Regular security audits and penetration testing
• Role-based access controls with principle of least privilege
• Automated vulnerability scanning and dependency monitoring

For more details, please refer to our Security Policy.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information from our servers.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@noviqi.com.

9. International Data Transfers

Noviqi is operated by a distributed team based in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from your jurisdiction.

When we transfer personal information outside the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate safeguards, including:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Agreement (IDTA)
• Adequacy decisions where applicable
• Binding Corporate Rules for intra-group transfers

For more information, please contact our team.

10. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications that are not owned or controlled by Noviqi. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. For significant changes, we will provide additional notice via email or an in-app notification.

Your continued use of the Service following the posting of changes constitutes your acceptance of those changes.