NÓA← Home

Privacy Policy

Draft — pending legal review. This document outlines our intended data practices and is provided for transparency. It will be finalized with qualified counsel before general availability.

Last updated: 30 June 2026

1. Who we are

NÓA ("we", "us") operates an AI receptionist that connects to your business WhatsApp account to answer customers and book appointments. For the purposes of the EU General Data Protection Regulation (GDPR), we act as a data processor for the customer conversations of the businesses that use NÓA, and as a data controller for the account information of those businesses.

2. Data we collect

  • Business account information — name, email, phone number, business name, location, and billing details of the subscribing business.
  • WhatsApp booking messages — the content of messages exchanged between the business's WhatsApp number and its customers when handled by NÓA, plus message timestamps and sender phone numbers.
  • Appointment metadata — service requested, date, time, and status of each booking created through NÓA.
  • Technical data — logs, error reports, and basic usage analytics required to operate the service.

3. How and where data is stored

Customer data is hosted on infrastructure located in the European Union (Supabase EU region). Data in transit is encrypted with TLS, and data at rest is encrypted by the underlying storage provider.

4. Why we process your data

We process data to provide the service (Art. 6(1)(b) GDPR — contract), to comply with our legal obligations (Art. 6(1)(c)), and on the basis of our legitimate interest (Art. 6(1)(f)) in operating, securing, and improving NÓA.

5. Sharing and sub-processors

We rely on a limited number of sub-processors, including our hosting provider (Supabase, EU region), the WhatsApp Business Platform (Meta), and the AI model providers used to generate replies. We do not sell personal data.

6. Retention

Booking and conversation data is retained for as long as the business remains a customer, and deleted within 90 days of account closure unless we are required to keep it for legal reasons.

7. Your rights

Under GDPR you have the right to access, rectify, erase, restrict, or object to processing of your personal data, the right to data portability, and the right to lodge a complaint with a supervisory authority.

8. Contact for data requests

To exercise any of these rights or ask a question about this policy, email hello@noareceptionist.com.