Skip to main content
ToolsEaaSAcademyTDDPartnersPricing
Get Early Access
🔒 GDPR · UK GDPR · UAE PDPL

Privacy Policy

Last updated: 26 April 2026  ·  Applies to: novtriq.tech and all subdomains

Summary: NOVTRIQ collects only what is necessary to operate the platform. We do not sell your data. We store data in the EU (GDPR). If you are in the UK or UAE, local equivalents apply. You can request deletion at any time by emailing hello@novtriq.tech.

1. Who We Are

NOVTRIQ ("we", "us", "our") operates the novtriq.tech platform — a suite of AI-powered engineering intelligence tools, Energy-as-a-Service (EaaS) subscriptions, Technical Due Diligence (TDD) reports, an Academy, an MCP Server, and a Partner Network. The platform is accessible globally, with primary coverage in the United Kingdom, European Union, and United Arab Emirates.

Data controller contact: hello@novtriq.tech

2. Data We Collect

2.1 Data You Provide

  • Account registration: Name, email address, company name, country/region
  • API key generation: Email address, intended use case
  • EaaS / TDD purchase: Name, email, billing address, payment intent (processed by Stripe — we do not store card numbers)
  • Academy enrolment: Name, email, professional background (optional)
  • Partner Network application: Company name, contact name, email, LinkedIn URL
  • Contact / support form: Name, email, message content
  • Newsletter / waitlist: Email address only

2.2 Data Collected Automatically

  • Usage analytics: Pages visited, tool interactions, session duration (via Google Analytics 4 — anonymised IP)
  • API call logs: Endpoint called, timestamp, response time, error codes (no payload content stored)
  • Cookies: See our Cookie Policy
  • Technical metadata: Browser type, OS, referring URL — for security and debugging

2.3 Data from Third Parties

  • Stripe: Payment status, transaction ID, and subscription status only. Card numbers and full payment details are processed and stored exclusively by Stripe, Inc. and are never stored on NOVTRIQ servers. Stripe retains payment and customer records for a minimum of 7 years for legal and tax compliance purposes. For details see stripe.com/privacy.
  • Make.com: Webhook triggers for CMS publishing — no personal data transferred.

2.4 Academy Subscription Data

When you purchase an Academy subscription, NOVTRIQ stores your email address and subscription status (active / cancelled / expired) in Cloudflare KV to control course access. This data is held only for the duration of your subscription plus a 30-day grace period after expiry. Payment history is managed by Stripe. You may request deletion at any time by emailing hello@novtriq.tech.

3. Legal Basis for Processing

PurposeLegal Basis
Providing the platform, API, EaaS, TDD, AcademyContract (Art. 6(1)(b) GDPR)
Sending transactional emails (receipts, API keys)Contract (Art. 6(1)(b) GDPR)
Marketing emails (newsletter, product updates)Consent (Art. 6(1)(a) GDPR)
Analytics and platform improvementLegitimate interest (Art. 6(1)(f) GDPR)
Fraud detection and securityLegitimate interest (Art. 6(1)(f) GDPR)
Legal compliance (VAT, audit trail)Legal obligation (Art. 6(1)(c) GDPR)

4. How We Use Your Data

  • Authenticate and manage your account and API access
  • Deliver EaaS monitoring dashboards, TDD reports, and Academy course access
  • Process payments via Stripe and issue invoices
  • Send platform notifications, regulatory update alerts, and — if opted in — marketing emails
  • Monitor API usage against your plan limits and send rate-limit notifications
  • Improve tool accuracy, calibrate AI models, and improve UX (using anonymised usage data)
  • Detect abuse and ensure platform security

5. Data Retention

Data TypeRetention Period
Account data (active user)Duration of account + 30 days after deletion request
API call logs90 days rolling
Payment records (legal requirement)7 years (EU VAT / UK HMRC compliance)
TDD report dataDuration of engagement + 12 months
Marketing email consentUntil withdrawn
Analytics data (GA4)14 months (Google default, anonymised)

6. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe Inc. — payment processing (PCI-DSS Level 1 certified)
  • Google LLC — analytics (GA4, anonymised; EU data residency selected)
  • Make.com (Celonis) — workflow automation (no personal data in payloads)
  • Hetzner Online GmbH — server infrastructure (EU data centres, Germany)
  • Webflow Inc. — website hosting and CMS
  • DonDominio — email hosting (hello@novtriq.tech)
  • Legal authorities — when required by law (we will notify you where legally permitted)

All third-party processors have been assessed for GDPR compliance or equivalent standards.

7. International Transfers

Our infrastructure is hosted in the EU (Hetzner, Germany). Google Analytics data is transferred to the US under Standard Contractual Clauses (SCCs). Stripe operates globally under its Privacy Shield successor agreements. UAE users are covered under UAE PDPL (Federal Decree-Law No. 45 of 2021) and we apply equivalent safeguards.

8. Your Rights

Depending on your jurisdiction, you have the following rights:

Under GDPR (EU) and UK GDPR:

  • Right of access — request a copy of your data
  • Right to rectification — correct inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing (including marketing)
  • Rights related to automated decision-making

Under UAE PDPL:

  • Right to access, correct, and request destruction of your personal data
  • Right to withdraw consent at any time

To exercise any of these rights, email hello@novtriq.tech with the subject line "Privacy Request". We respond within 30 days. You may also lodge a complaint with your local data protection authority (UK: ICO · EU: your national DPA · UAE: UAEIAIT).

9. Security

We implement technical and organisational measures including: TLS 1.3 encryption in transit, AES-256 at rest, API key hashing (bcrypt), role-based access controls, automated vulnerability scanning, and regular penetration testing. No method is 100% secure — if you suspect a breach, contact hello@novtriq.tech immediately.

10. Cookies

We use essential, analytics, and functional cookies. Full details are in our Cookie Policy. You can manage your preferences at any time via the cookie banner or by emailing us.

11. Children

NOVTRIQ is a professional engineering platform. We do not knowingly collect data from persons under 18. If you believe a minor has submitted data, contact us immediately for deletion.

12. Changes to This Policy

We may update this policy to reflect product changes, regulatory updates (GDPR amendments, UK ICO guidance, UAE PDPL implementing regulations), or operational changes. Material changes will be notified by email to registered users and by banner on novtriq.tech at least 14 days before taking effect. The "last updated" date at the top of this page always reflects the current version.

Privacy Enquiries

Email: hello@novtriq.tech
Subject line: "Privacy Request" or "Data Deletion Request"
Response time: within 30 days