Novachi EngineBack to home

Legal

Privacy Policy

Effective Date: June 9, 2026 · Last Updated: June 9, 2026

Novachi Engine is an AI marketing automation platform operated by Novachi Group LLC ("Novachi," "Novachi Engine," "we," "our," or "us"). This Privacy Policy explains how we collect, use, share, retain, protect, and delete personal data in connection with the Novachi Engine platform and the services it powers.

This Privacy Policy is intended to address applicable privacy and data protection requirements, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the CAN-SPAM Act, and other applicable privacy and electronic marketing laws.

1. Introduction

Novachi Engine is a marketing automation platform that captures, scores, enriches, and nurtures leads on behalf of the brands it powers. It generates personalized outreach, sends and schedules follow-up communications, and serves and measures demonstration videos so that growth activities can run with limited human involvement.

Because Novachi Engine processes personal data about prospective customers and website visitors, including individuals who have not directly registered with us, we take particular care to be transparent about what we collect, why we collect it, how it is used, who it is shared with, and how individuals can exercise their rights, including the right to opt out of marketing communications at any time.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed through the Novachi Engine website (novachiengine.net), application programming interfaces (APIs), the video portal, automated workflows, email and outreach systems, and related services (collectively, the "Service").

This Privacy Policy does not apply to third-party websites, applications, platforms, or services that are governed by their own privacy policies, including social media platforms and the websites of the individual brands that use Novachi Engine, each of which maintains its own privacy notice.

3. Who This Policy Concerns and Our Role

Several different groups of people may have personal data processed through Novachi Engine:

  • Account holders and brand operators who set up and operate the Service.
  • Leads and prospects whose personal data is captured, enriched, scored, and contacted through the Service, including individuals who submitted information through a brand website, individuals reached through tracked links, and individuals whose information was obtained from third-party data sources or purchased lists.
  • Website and portal visitors to novachiengine.net and the Novachi Engine video portal.
  • Recipients of marketing communications sent through the Service.

For most of the data described in this policy, including lead data, marketing activity, behavioral tracking, and video performance measurement, Novachi acts as a data controller, meaning we determine the purposes and means of processing. Where Novachi processes personal data strictly on the documented instructions of a brand customer under a written agreement, Novachi may act as a data processor or service provider for that processing. Where required, the parties will enter into a Data Processing Agreement (DPA) incorporating applicable safeguards, including Standard Contractual Clauses where appropriate. A copy of our standard DPA is available on request at partnership@novachigroup.com.

4. Information We Collect

4.1 Information Account Holders and Brand Operators Provide

  • Name, username, or display name
  • Email address and account login credentials
  • Company, organization, or brand information
  • Billing and subscription information
  • Preferences, configuration, and account settings
  • Support inquiries, feedback, and communications

4.2 Lead and Prospect Data

Novachi Engine captures and maintains personal data about leads and prospects. This may include:

  • Name and email address
  • Company, job title, role, and professional information
  • The brand or product the lead is associated with or interested in
  • Lead score, status, and stage in the marketing funnel
  • The source from which the lead was obtained
  • Notes, attributes, and other fields used to manage outreach

This data may be collected when a person submits a form on a brand website, when a person interacts with a tracked link, through enrichment from third-party data providers, or from third-party lists, including purchased lead lists. See Section 16 for important information about data obtained from third-party sources.

4.3 Automatically Collected and Behavioral Data

Through the Service and the tracking endpoints used on brand websites and in distributed links, we may collect:

  • IP address and approximate location derived from IP address
  • Device and browser information, including operating system and device identifiers
  • Page visits, events, and interactions on brand sites that have integrated the Service
  • Video views, clicks, and the platform a viewer arrived from
  • Signups attributed to a specific video, link, campaign, or platform
  • Email delivery, open, click, bounce, and unsubscribe activity
  • Security, authentication, and access logs
  • Cookie and analytics identifiers, where permitted

4.4 Data from Social Media and Advertising Platforms

Where a brand connects a social media or advertising platform account to the Service (for example, to distribute or measure video content, or to receive leads from a platform's lead-generation features), we may receive data from that platform in accordance with the platform's terms and the permissions granted, such as page or account identifiers, video and content performance metrics, and lead information submitted through platform forms. We use platform-derived data only for the purposes permitted by the relevant platform and disclosed in this policy, and we do not combine platform-derived data with other data sources in any manner prohibited by the platform's developer terms. See Section 17.

4.5 AI Processing Data

Novachi Engine uses artificial intelligence to generate personalized outreach and to support automation. To provide these features, lead data, message context, and related information may be processed by AI systems and AI infrastructure providers. AI-generated outputs may be incomplete or inaccurate, and outputs are reviewed and configured as part of operating the Service.

5. How We Use Information

We use personal data to:

  • Provide, operate, maintain, and improve the Service
  • Capture, score, enrich, and manage leads and prospects
  • Generate and send personalized outreach and scheduled follow-up communications
  • Serve, distribute, and measure demonstration videos, and attribute resulting signups
  • Authenticate users and manage accounts, subscriptions, billing, and support
  • Analyze performance, troubleshoot errors, and develop new features
  • Detect, prevent, and respond to fraud, abuse, unauthorized access, and security incidents
  • Comply with legal, regulatory, tax, and contractual obligations
  • Honor opt-out requests and maintain suppression records

6. Legal Basis for Processing Under GDPR

For individuals in the European Economic Area, United Kingdom, or Switzerland, we process personal data on one or more of the following legal bases:

  • Contractual necessity: To provide the Service to account holders and brand customers.
  • Consent: Where required, including for certain marketing communications and non-essential cookies. Where consent is the basis, it may be withdrawn at any time.
  • Legitimate interests: To operate and secure the Service, measure performance, and conduct direct marketing, provided those interests are not overridden by the individual's rights and freedoms. Individuals have the right to object to processing based on legitimate interests, including direct marketing, at any time.
  • Legal obligations: To comply with applicable laws and regulatory requirements.

Where we contact individuals located in jurisdictions that require prior consent for marketing communications, we rely on consent or another lawful basis as required by the applicable law of that jurisdiction.

7. Cookies and Tracking Technologies

The Service and the brand sites it integrates with use cookies, pixels, event tracking, and similar technologies to support sessions and security, to measure page visits and video performance, and to attribute signups to campaigns. Where required by law, we request consent before using non-essential cookies. You may manage cookies through your browser settings, though disabling certain cookies may affect functionality.

8. Sharing and Disclosure of Information

We do not sell personal data for money. We may disclose personal data only as described below:

  • Service providers and sub-processors: We share data with vendors that provide hosting, database, email delivery, AI infrastructure, content delivery, payment processing, data enrichment, email verification, analytics, and security services. See Section 9.
  • Brand customers: Where a lead is associated with a particular brand, the relevant brand operator may access and manage that lead's data.
  • Legal and compliance purposes: Where required by law, legal process, court order, or government request, or to protect rights, safety, and property.
  • Business transfers: In connection with a merger, acquisition, financing, reorganization, or sale of assets.
  • With your direction or consent: Where you instruct us to share or export information.

A note on CCPA/CPRA "sharing": Certain cross-context tracking and attribution activities may be considered "sharing" under California law even though no money changes hands. California residents may opt out of such sharing as described in Section 14.

9. Sub-Processors

We engage the following sub-processors to operate the Service: Vercel (cloud hosting and application infrastructure); Supabase (database and authentication); Resend (transactional and marketing email delivery); Anthropic (AI and machine learning infrastructure); Amazon Web Services, including CloudFront and S3 (content delivery and video streaming); Stripe (payment processing); and data enrichment and email verification providers as engaged from time to time. This list may be updated as our providers change, with prior notice where required by applicable agreement or law. All sub-processors are bound by appropriate confidentiality and data protection obligations.

10. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this policy, unless a longer period is required by law, contract, security need, dispute, or legitimate business requirement.

Data CategoryDefault RetentionNotes
Account and registration dataActive account plus 30 days after closureMay be retained longer for legal, tax, or dispute purposes.
Lead and prospect dataUntil deletion, opt-out, or no longer neededOpt-out and suppression records retained as below.
Behavioral, event, and video dataUp to 24 monthsAggregated or de-identified data may be kept longer.
Email delivery and engagement logsUp to 24 monthsUsed for deliverability, compliance, abuse prevention.
Suppression and unsubscribe recordsRetained indefinitelyKept to honor opt-outs and prevent re-contact, as required by law.
Security, authentication, access logsUp to 24 monthsMay be retained longer for security or legal compliance.
Billing and transaction recordsUp to 7 yearsRetained for tax, accounting, and legal compliance.
Support communicationsUp to 3 years after the request is closedMay be retained longer for dispute or compliance purposes.
Backup copiesWithin 90 days after the applicable periodSubject to legal hold.

11. Data Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, and misuse. These measures include encryption in transit using current Transport Layer Security (TLS) protocols, encryption at rest provided by our hosting and database infrastructure, role-based and least-privilege access controls, authentication controls for administrative access, logging and monitoring of security-relevant events, and incident response procedures aligned with applicable breach notification laws.

No system is completely secure. You are responsible for protecting your login credentials and for configuring any access you control appropriately.

12. Personal Data Breach Notification

In the event of a personal data breach, we will investigate, contain, and remediate the incident, and where required by applicable law we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach under GDPR Article 33 where feasible and required, notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights, and notify affected individuals in accordance with applicable U.S. state breach notification laws. We maintain a record of personal data breaches and remedial action taken.

13. International Data Transfers

Your data may be transferred to, stored in, or processed in countries other than your own, including the United States. Where required, we use appropriate safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, and industry-standard security protections.

14. Your Privacy Rights

14.1 GDPR Rights (EU/EEA, UK, Switzerland)

Subject to applicable law and identity verification, you may have the right to access your personal data; correct inaccurate data; request deletion; restrict or object to processing, including objecting to direct marketing at any time; receive a copy of your data in portable format; withdraw consent where processing is based on consent; and lodge a complaint with your local supervisory authority under GDPR Article 77.

14.2 CCPA/CPRA Rights (California)

Subject to applicable law and verification, California residents may have the right to know what personal information we collect, use, disclose, and share; request access to and deletion of personal information; request correction; opt out of the sale or sharing of personal information; limit the use of sensitive personal information; and not be discriminated against for exercising these rights. We do not sell personal information for money.

14.3 How to Exercise Your Rights

To exercise any of these rights, contact us at partnership@novachigroup.com. We will respond within the timeframe required by applicable law. To stop receiving marketing communications, you may also use the unsubscribe link in any marketing email, as described in Section 15.

15. Marketing Communications and Opt-Out

Novachi Engine sends marketing and outreach communications on behalf of the brands it powers. We are committed to honoring opt-out requests promptly and to complying with the CAN-SPAM Act and other applicable electronic marketing laws.

  • Every marketing email includes a clear and functioning unsubscribe mechanism and a valid physical postal address.
  • When you unsubscribe, we add your address to a suppression list and stop sending you marketing communications.
  • We retain suppression records indefinitely for the specific purpose of honoring your opt-out and preventing future contact.
  • We do not charge a fee, require a reason, or require you to log in to opt out.

16. Data Obtained from Third-Party Sources

Some lead and prospect data processed through the Service is obtained from sources other than the individual directly, including data enrichment providers and third-party or purchased lead lists. Where we process personal data obtained from such sources:

  • We rely on a lawful basis as required by applicable law, and we provide individuals with the information required under GDPR Article 14 where it applies.
  • We provide an opt-out in every marketing communication, and we honor deletion and objection requests as described in this policy.
  • We take reasonable steps to validate and suppress invalid, undeliverable, or opted-out addresses before contacting them.

If you believe your personal data has been included without an appropriate basis, contact us at partnership@novachigroup.com and we will address your request.

17. Social Media and Advertising Platform Data

Where the Service connects to social media or advertising platforms, we comply with the developer and platform terms of those platforms, including applicable Meta Platform Terms and TikTok developer terms. Data obtained through a platform's API is used only for the purposes permitted by that platform and disclosed in this policy, is not sold, and is not combined with other data in any manner the platform prohibits. Individuals may request deletion of platform-derived data by contacting us at partnership@novachigroup.com, and we honor data-deletion requirements imposed by the relevant platform.

18. Children's Privacy

The Service is directed to businesses and professional audiences and is not directed to children under the age of 13, or under the age of 16 in the EU/EEA where applicable law requires a higher age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate authorization, we will delete it promptly. Contact us at partnership@novachigroup.com if you believe a child has provided personal data to us.

19. Third-Party Services and Integrations

The Service integrates with third-party services, including hosting, database, email delivery, AI infrastructure, content delivery, payment, enrichment, and social media platforms. These services are governed by their own terms and privacy policies. We are not responsible for the privacy, security, or practices of third-party services you or a connected brand chooses to use.

20. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date above. Where required by law or where changes are material, we will provide additional notice. Your continued use of the Service after the effective date of an updated policy means you acknowledge the updated policy.

21. Governing Law

This Privacy Policy is governed by the laws of the State of Georgia, United States, without regard to conflict of law principles, except where applicable privacy laws provide otherwise. EU/EEA users retain the right to lodge a complaint with their local supervisory authority under GDPR Article 77.

22. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, contact us at:

Novachi Group LLC

Privacy Team

Email: partnership@novachigroup.com

Website: www.novachiengine.net

Address: 4060 Alba Court, Cumming, GA 30028, USA