The short version: Your employee data never touches our servers. It stays entirely in your browser. We collect only what is necessary to run your account. We do not sell your data. This policy covers GDPR, CCPA, and other applicable privacy laws.
Noveli is an HR tooling platform accessible at noveli.io, operated from Romania, European Union. For privacy questions contact [email protected].
When you create an account we collect your email address (for authentication and communication), your name (optional, for workspace personalization), and your workspace name and settings.
If you subscribe to a paid plan, billing is managed via our payment processor. We collect only your subscription plan and status. We never store credit card details.
We collect basic usage data to operate and improve Noveli, including IP address, browser type, pages visited, timestamps, and error logs. We do not use third-party analytics trackers or advertising pixels.
Your employee data is processed entirely within your browser. CSV files, org chart data, and workforce information are never uploaded to, transmitted to, or stored on Noveli's servers. Our backend has zero access to your employee data at any point. This is a core architectural principle.
We use collected data to provide and improve the Service, authenticate your account, send transactional emails, respond to support requests, detect and prevent fraud, and comply with legal obligations. We do not use your data for advertising and do not sell it to any third party.
We share data only with the following service providers, strictly as necessary to operate Noveli:
All sub-processors are contractually required to handle data in accordance with applicable privacy laws including GDPR.
Some of our sub-processors operate data centers in the United States. Where personal data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission, or the sub-processor's participation in a recognized adequacy framework. You may request details of applicable safeguards by contacting [email protected].
If you are located in the EEA you have the right to access, rectify, erase, and port your personal data; to object to or restrict processing; and to withdraw consent at any time. To exercise any of these rights, contact [email protected]. We respond within 30 days. You may also lodge a complaint with your local data protection authority.
If you are a California resident you have the right to know what personal information we collect and how we use it, to request deletion of your personal information, and to opt out of the sale of personal information. We do not sell personal information. To exercise these rights, contact [email protected]. We respond within 45 days as required by law.
We process personal data on the basis of contract performance (to provide the Service), legitimate interests (security monitoring and fraud prevention), legal obligation (where required by law), and consent (for optional communications).
We retain account data while your account is active. Upon deletion, personal data is removed within 30 days, except where legally required, such as billing records for tax compliance which may be kept for up to 7 years. Employee and workforce data processed in your browser is never stored by us and requires no retention policy on our part.
We use TLS 1.2 or higher for all data in transit, hashed passwords, row-level security in our database, and SOC 2-certified infrastructure providers. For security concerns, contact [email protected].
Noveli uses only strictly necessary functional cookies, specifically authentication session tokens to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required for strictly necessary cookies under GDPR.
Noveli does not currently meet the thresholds requiring a mandatory DPO under GDPR Article 37. For all data protection enquiries please contact [email protected].
Noveli is a B2B platform for HR professionals and is not directed at individuals under 16. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact [email protected] and we will delete it promptly.
We will notify account holders by email of material changes at least 14 days before they take effect. Continued use constitutes acceptance of the updated policy.
Privacy enquiries: [email protected]
Data controller: Noveli, Romania, European Union
GDPR response time: Within 30 days
CCPA response time: Within 45 days