Legal

Privacy Policy

Effective Date: May 28, 2026 Last Updated: May 28, 2026
Your Documents Stay Private
Uploaded documents are analyzed in-browser using our AI. We do not store, retain, or transmit the content of your uploaded files to our servers. Your contracts never leave your device's session. This is a foundational commitment, not a setting.
Contents
  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Document Processing
  5. Data Storage & Retention
  6. Third-Party Services
  7. Cookies & Analytics
  8. Your Rights
  9. Security
  10. Children's Privacy
  11. Changes to This Policy
  12. Contact Us

1. Who We Are

NovaDocs ("NovaDocs," "we," "our," or "us") operates the website located at novadocs.online and provides an AI-powered contract intelligence platform that helps users understand the contracts they sign. NovaDocs is not a law firm and does not provide legal advice.

This Privacy Policy explains how NovaDocs collects, uses, discloses, and safeguards your information when you visit our website or use our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of the site.

Contact: automationdynasty@gmail.com

2. Information We Collect

2.1 Information You Provide Directly

  • Account registration: When you create an account, we collect your email address and any profile information you choose to provide. Authentication is handled via Supabase Auth.
  • Communications: If you contact us via email or a support channel, we retain the content of that communication to respond to your inquiry.

2.2 Uploaded Documents

When you upload a contract or legal document to NovaDocs for analysis, that document is processed client-side and through our AI analysis pipeline. The content of uploaded documents is not stored on NovaDocs servers. Documents are processed transiently during your active session only. See Section 4 for full details on document processing.

2.3 Automatically Collected Information

  • Usage data: Page views, feature interactions, session duration, and navigation patterns — collected in aggregate, anonymized form via Plausible Analytics and Microsoft Clarity.
  • Technical data: Browser type and version, operating system, device type, screen resolution, referring URL, and general geographic region (country/region level, not precise location).
  • Session recordings: Microsoft Clarity may capture anonymized heatmaps and session replays on public-facing pages. Clarity is intentionally excluded from authentication pages and any pages where sensitive inputs are present.

2.4 Information We Do Not Collect

  • We do not collect payment card numbers or financial account information. Billing, if applicable, is handled by a third-party payment processor under their own privacy terms.
  • We do not collect government-issued identification numbers, Social Security numbers, or biometric data.
  • We do not collect precise geolocation data.
  • We do not knowingly collect data from children under 13. See Section 10.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the service: To create and manage your account, authenticate your identity, and deliver the contract analysis features you request.
  • Improving the product: Aggregated, anonymized usage data helps us understand which features are most useful, diagnose technical issues, and prioritize improvements.
  • Communications: To respond to your support requests, send account-related notifications (such as password resets or subscription updates), and — only with your consent — send product updates or announcements.
  • Security and fraud prevention: To detect, investigate, and prevent fraudulent or abusive activity and protect the security of our systems and users.
  • Legal compliance: To comply with applicable law, respond to lawful requests from public authorities, and enforce our Terms of Service.

We do not sell your personal information to third parties. We do not use your data for targeted advertising. We do not use the content of your uploaded documents to train AI models.

4. Document Processing

Understanding how your documents are handled is important to us. Here is the complete picture:

What happens when you upload a document

  • Your document is parsed and processed to extract text content.
  • The extracted text is passed to our AI analysis pipeline to generate the contract intelligence report you see.
  • This processing happens transiently — document content is not written to a persistent database or long-term storage.
  • When your session ends, document content is no longer accessible.

What we do NOT do with your documents

  • We do not store document content on our servers beyond the active session.
  • We do not index, search, or archive your uploaded contracts.
  • We do not share the content of your contracts with third parties for any purpose other than the in-session AI analysis request.
  • We do not use document content to train machine learning models.
  • We do not sell, license, or otherwise transfer document content.

AI analysis providers

Our AI analysis pipeline may route document text to third-party AI inference APIs (such as large language model providers) solely for the purpose of generating your analysis. These providers act as data processors under our instruction. They are contractually prohibited from retaining or using your data beyond the immediate inference request.

5. Data Storage & Retention

Account data

Account information (email address and authentication credentials) is stored in Supabase, a cloud database platform. Supabase infrastructure is hosted on AWS in the United States. Data is encrypted at rest and in transit. For Supabase's own security practices, see supabase.com/security.

We retain account data for as long as your account is active. If you delete your account, we will delete your account data within 30 days, except where we are required by law to retain it for a longer period.

Document content

As described in Section 4, document content is not stored. There is no document retention period because no document data is persisted.

Analytics data

Aggregated, anonymized analytics data (page views, feature usage counts) is retained for up to 24 months to support trend analysis and product improvement. This data cannot be used to identify individual users.

Support communications

Email communications with our support team are retained for up to 2 years to maintain continuity of support and comply with applicable record-keeping obligations.

6. Third-Party Services

NovaDocs uses the following third-party services to deliver and operate the platform. Each service processes data under its own privacy policy, which we encourage you to review:

Supabase (Authentication & Database)

We use Supabase for user authentication and data storage. Supabase processes your email address and authentication tokens. Privacy policy: supabase.com/privacy.

Netlify (Hosting & Delivery)

Our website and serverless functions are hosted on Netlify. Netlify processes server access logs, which include IP addresses and request metadata, for security and performance purposes. Privacy policy: netlify.com/privacy.

Plausible Analytics (Website Analytics)

We use Plausible Analytics for privacy-first website analytics. Plausible does not use cookies and does not collect personally identifiable information. Data is aggregated at the site level. Privacy policy: plausible.io/privacy.

Microsoft Clarity (UX Analytics)

We use Microsoft Clarity for heatmaps and anonymized session recordings on public-facing pages. Clarity is disabled on authentication pages. Clarity does not capture passwords, payment information, or document content. Privacy policy: Microsoft Privacy Statement.

AI Inference Providers

Contract analysis is powered by third-party AI APIs. These providers act solely as data processors — they receive document text only for the purpose of generating your analysis and are prohibited from retaining or using that content for any other purpose. We will update this section if our AI providers change.

7. Cookies & Analytics

NovaDocs uses a minimal number of cookies and similar tracking technologies:

Essential cookies

Supabase Auth uses a session cookie or local storage token to keep you logged in between visits. This cookie is strictly necessary for the authenticated features of the service to function. It expires when you log out or after the session timeout period.

Analytics

Plausible Analytics is cookieless — it does not set any cookies on your device and does not track you across sessions or sites. Microsoft Clarity uses a first-party cookie to differentiate sessions for heatmap analysis; it does not create a cross-site profile of you.

No advertising or tracking cookies

We do not use advertising cookies, retargeting pixels, or any cookies that track your behavior across third-party websites.

Cookie preferences

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the authenticated portion of the service (login/logout). Analytics cookies can be blocked without affecting core product functionality.

8. Your Rights

Depending on your location, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your account and associated personal data. You may also delete your account directly from within the application. We will process deletion requests within 30 days.
  • Portability: Request an export of your personal data in a machine-readable format.
  • Objection: Object to certain processing of your personal data, such as processing for direct marketing.
  • Restriction: Request that we restrict processing of your personal data in certain circumstances.
  • Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at automationdynasty@gmail.com. We will respond within 30 days. We may need to verify your identity before processing certain requests.

If you are located in the European Economic Area (EEA), United Kingdom, or California, you have additional rights under GDPR, UK GDPR, and CCPA respectively. We will honor requests consistent with those laws regardless of your stated location.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data lawfully.

9. Security

We take the security of your data seriously and implement reasonable administrative, technical, and physical safeguards, including:

  • HTTPS encryption for all data transmitted between your browser and our servers.
  • Encryption at rest for data stored in Supabase.
  • Row-level security on our database so users can only access their own data.
  • Authentication tokens that expire and are rotated on a regular basis.
  • Exclusion of Clarity session recording from any pages where sensitive inputs (email, authentication tokens) are present.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of data transmitted over the internet. In the event of a security breach that affects your personal information, we will notify you as required by applicable law.

10. Children's Privacy

NovaDocs is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have inadvertently collected information from a child under 13, please contact us immediately at automationdynasty@gmail.com and we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on the website.

Your continued use of NovaDocs after the effective date of any revision constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

We aim to respond to all privacy-related inquiries within 5 business days.