Privacy Policy

1. Data controller

Notavy is operated from France. For privacy questions: contact@notavy.app. We process data in line with the GDPR and French data protection law.

2. Data we collect

• Email — account and communications.
• Technical identifiers — account and credits.
• Payment data — transaction reference and amount (we do not store card details; Stripe processes payments).
• Credits and usage — to run the service.
• Reviews you paste — processed by our AI to generate replies; not stored long term.
• Custom instructions — e.g. signature, business name, stored on your account.

3. Purposes & legal basis

We use your data to provide the service, manage your account and credits, process payments, and comply with legal obligations (e.g. accounting). Legal bases: contract (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c)), and where relevant legitimate interest (e.g. product updates). We do not sell your data.

4. Processors & retention

We use sub-processors (auth, payment, AI, hosting) under GDPR-compliant agreements. Transaction data is kept for 10 years (French law). Account data until closure plus a reasonable period. Review text is not stored. Technical logs up to 12 months.

Where data is transferred outside the EU (e.g. US), we use appropriate safeguards (e.g. Standard Contractual Clauses).

5. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict processing, portability and to object. Contact us at contact@notavy.app; we will respond within 30 days. You may lodge a complaint with a supervisory authority (e.g. CNIL in France: cnil.fr).

6. Cookies & updates

We use strictly necessary cookies (e.g. session, auth). No advertising cookies. We may update this policy; the “Last updated” date applies. Continued use after changes means you accept the updated policy.