NOVAC

Privacy & Data Processing Policy

Privacy Policy

This Privacy Policy explains how NOVAC INNOVATION LLC collects, uses, stores, shares, and protects personal data in connection with our websites, software, marketing tools, analytics workflows, integrations, and related services.

Effective date: May 6, 2026 Controller/Responsible Party: NOVAC INNOVATION LLC Contact: support@novac.cx

1. Who We Are and Scope

NOVAC INNOVATION LLC is a Florida-based software and digital commerce company. For purposes of applicable privacy laws, NOVAC INNOVATION LLC may act as a data controller, business, responsible party, service provider, processor, or data processor depending on the service and the relationship with the customer.

This Policy applies to novac.cx, our software tools, marketing and data-management applications, integrations with third-party platforms, communications, support, and business operations. When we process personal data on behalf of a customer under a written agreement, we process that data according to the customer's instructions and the applicable agreement.

2. Personal Data We Collect

The categories of personal data we collect depend on how you interact with us and which services are enabled.

Category Examples Primary Purposes Retention
Identifiers and contact data Name, email, phone, company, job title, account IDs, app-scoped IDs, business asset IDs. Account access, support, communication, authentication, customer management. For the relationship plus a reasonable period for legal, tax, security, and audit needs.
Commercial and account data Customer records, subscription or service details, invoices, support history, transaction metadata. Provide services, billing, compliance, dispute resolution, business administration. Usually up to 7 years where needed for accounting, tax, or legal records.
Marketing and communications data Preferences, consent records, opt-out records, campaign interactions, business inquiries. Send requested communications, manage opt-outs, improve relevance, comply with marketing laws. Until opt-out or deletion request, with suppression records retained as needed to honor opt-outs.
Platform and integration data Meta/Facebook or Instagram permissions, Pages, ad accounts, campaign metrics, lead forms, CRM imports, analytics events, Shopify or commerce data when connected. Operate marketing, reporting, lead management, data synchronization, and analytics tools. Until the integration is disconnected, the customer requests deletion, or the data is no longer needed.
Device and usage data IP address, browser, device, logs, pages viewed, authentication logs, cookie identifiers. Security, fraud prevention, diagnostics, analytics, product improvement. Typically up to 24 months, unless a longer period is needed for security or legal reasons.
Sensitive data We do not intentionally request sensitive personal data unless necessary for a specific service and authorized by law or consent. Only for the disclosed purpose and with appropriate safeguards. Only as long as necessary for the authorized purpose.

We may collect data directly from you, from our customers, from connected platforms that you authorize, from service providers, from public business sources, and through automated technologies such as cookies and logs.

3. How We Use Personal Data

  • Provide, maintain, secure, and improve our software, marketing, analytics, e-commerce, and data-management services.
  • Authenticate users, manage accounts, respond to support requests, and communicate about services.
  • Operate integrations, dashboards, reporting, campaign management, lead routing, data synchronization, and customer workflows.
  • Analyze usage, diagnose issues, prevent fraud, monitor abuse, and protect systems and data.
  • Send business communications and marketing where permitted by law, with opt-out options.
  • Comply with legal obligations, enforce agreements, respond to lawful requests, and protect rights.

For Colombia, processing is based on prior, express, and informed authorization where required, performance of contractual or pre-contractual relationships, legal obligations, and other lawful grounds under applicable data-protection rules. For U.S. residents, processing is based on the purposes disclosed in this Policy and any notices provided at or before collection.

4. Meta/Facebook Platform Data

If our services connect to Meta products, including Facebook, Instagram, Pages, Ads, Lead Ads, Business Manager, or related APIs, we only access the data permitted by the permissions granted by the user, customer, or business administrator. This may include app-scoped user IDs, business asset identifiers, Page or ad account information, campaign metrics, lead form data, and other data necessary to provide the requested marketing or reporting functions.

We use Meta Platform Data to operate the requested service, manage integrations, generate reports, route leads, help customers manage campaigns, maintain security, and comply with Meta Platform Terms and applicable law. We do not sell Meta Platform Data. We do not use Meta Platform Data to determine eligibility for credit, employment, housing, insurance, or other legally protected decisions.

Customers are responsible for ensuring they have the necessary rights, permissions, notices, and consents to connect business assets, upload customer lists, process leads, or send conversion and analytics events through our services.

5. How We Share Personal Data

We may disclose personal data to the following categories of recipients:

  • Service providers and processors, including hosting, cloud infrastructure, databases, analytics, email, security, support, payments, and professional services.
  • Integrated platforms and business tools, including Meta, Google, Shopify, CRM systems, analytics platforms, or other third parties that the customer or user connects or instructs us to use.
  • Customers and authorized account administrators, when we process data for a business customer or within a shared workspace.
  • Authorities, courts, regulators, or third parties when required by law or necessary to protect rights, safety, security, or enforce agreements.
  • Successors in a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections.

We do not sell personal data for money. If we use advertising cookies, pixels, custom audiences, or similar technologies, that activity may be considered “sharing,” “targeted advertising,” or “sale” under certain U.S. state privacy laws. Where applicable, you may opt out as described below.

6. Colombia: Política de Tratamiento de Datos Personales

Para titulares ubicados en Colombia, esta sección constituye la política de tratamiento de datos personales de NOVAC INNOVATION LLC en los términos de la Ley 1581 de 2012, el Decreto 1377 de 2013, el Decreto 1074 de 2015 y demás normas aplicables.

NOVAC INNOVATION LLC actúa como Responsable o Encargado del Tratamiento según corresponda. Los datos serán tratados bajo los principios de legalidad, finalidad, libertad, veracidad o calidad, transparencia, acceso y circulación restringida, seguridad y confidencialidad.

Derechos de los titulares en Colombia

  • Conocer, actualizar y rectificar sus datos personales.
  • Solicitar prueba de la autorización otorgada, salvo excepciones legales.
  • Ser informado sobre el uso que se ha dado a sus datos personales.
  • Presentar quejas ante la Superintendencia de Industria y Comercio cuando corresponda.
  • Revocar la autorización o solicitar la supresión del dato cuando no exista un deber legal o contractual de conservarlo.
  • Acceder gratuitamente a sus datos personales en los términos de la ley.

Consultas y reclamos

Para ejercer derechos, escriba a support@novac.cx con el asunto “Data Privacy Request - Colombia”. Las consultas se responderán dentro de diez (10) días hábiles, prorrogables por cinco (5) días hábiles cuando sea necesario. Los reclamos se responderán dentro de quince (15) días hábiles, prorrogables por ocho (8) días hábiles cuando sea necesario.

7. United States Privacy Rights

This section is intended to address U.S. privacy requirements that may apply to our services, including the California Consumer Privacy Act as amended by the CPRA and similar state privacy laws. Depending on your state and the context of our relationship, you may have the right to:

  • Know or access the personal data we collect, use, disclose, sell, or share.
  • Request deletion of personal data, subject to legal exceptions.
  • Correct inaccurate personal data.
  • Receive a portable copy of certain personal data.
  • Opt out of sale, sharing, targeted advertising, or certain profiling where applicable.
  • Limit the use or disclosure of sensitive personal information where applicable.
  • Not be discriminated against for exercising privacy rights.
  • Appeal a decision if your state provides an appeal right.

To exercise these rights, email support@novac.cx with the subject “U.S. Privacy Request”. We may need to verify your identity and authority before responding. Authorized agents may submit requests where permitted by law.

We honor legally required opt-out preference signals, such as Global Privacy Control, to the extent technically feasible and applicable to the service. You may also opt out of marketing emails using the unsubscribe link in those messages.

8. Cookies, Analytics, and Marketing Technologies

We may use essential cookies for security, authentication, and site functionality. We may also use analytics or marketing technologies to understand usage, improve services, measure campaigns, or support advertising workflows. Where required by law, we will seek consent before using non-essential cookies or similar tracking technologies.

You can control cookies through browser settings, device settings, platform controls, and opt-out tools offered by advertising or analytics providers. Some features may not work properly if essential cookies are disabled.

9. Data Deletion Instructions

You may request deletion of personal data by emailing support@novac.cx with the subject “Data Deletion Request”. If your request relates to a Meta/Facebook or Instagram app integration, please include the app name, your Facebook or Instagram user ID if available, and any relevant business, Page, lead form, ad account, or workspace information so we can locate the data.

After verifying your request, we will delete or anonymize applicable personal data unless retention is required or permitted by law, contract, security, fraud prevention, dispute resolution, accounting, tax, or compliance obligations. Active systems are generally updated within thirty (30) days after verification; backups and disaster recovery systems may take up to ninety (90) days to cycle out.

You may also disconnect our app or remove permissions from your Facebook, Instagram, or Meta account settings. Disconnecting an integration may stop future collection but does not automatically delete data already processed by NOVAC, so please contact us if you want deletion from our systems.

10. Security, Retention, and International Transfers

We use administrative, technical, and organizational safeguards designed to protect personal data, including access controls, limited retention, secure infrastructure, monitoring, and vendor review where appropriate. No system is perfectly secure, and we cannot guarantee absolute security.

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, to provide services, comply with law, resolve disputes, enforce agreements, maintain security, and keep legitimate business records.

NOVAC is based in the United States, and personal data may be processed in the United States, Colombia, or other countries where we or our providers operate. When data is transferred internationally, we use appropriate contractual, organizational, and technical safeguards as required by applicable law.

11. Children and Sensitive Uses

Our services are not directed to children under 13 in the United States or to minors in Colombia. We do not knowingly collect personal data from children. In Colombia, personal data of children or adolescents will only be processed when it respects their fundamental rights and best interests and when appropriate authorization has been obtained.

Our marketing and data-management services should not be used to process sensitive personal data unless expressly authorized, necessary for a documented purpose, and protected by appropriate legal and technical safeguards.

12. Changes to This Policy

We may update this Policy from time to time. If changes are material, we will take reasonable steps to provide notice, such as updating the effective date, posting a notice on our website, or notifying affected users where required by law.

13. Contact Information

NOVAC INNOVATION LLC
9696 Plumeria Way, 33436, Boynton Beach, Florida, United States
Phone: +1 561 441 9373
Email: support@novac.cx

For privacy requests, please include your name, contact information, jurisdiction, the right you want to exercise, and enough information for us to verify and process the request.