novo SOLUTION - Privacy Policy

This Privacy Policy describes how novo SOLUTION ("novo SOLUTION", "we", "us") collects, uses, discloses, and protects information when you use our iOS app, associated websites, and related services (collectively, the "Services").

novo SOLUTION is developed and operated by Mohammad Reghabi, an individual located in Vancouver, British Columbia, Canada.

If you are using novo SOLUTION on behalf of a business, your business may be the "Customer" under a separate agreement (for example, an enterprise plan). In that case, we process information as described below and as required to provide the Services.

1. SCOPE

This Policy applies to:

  • The novo SOLUTION iOS app (including optional iCloud/CloudKit sync, if enabled on your device)
  • Your connected website and backend services (when you enable website integration/sync)
  • Optional integrations you connect (for example: Facebook/Instagram, TikTok, payment providers, email providers)

    • This Policy does not apply to third-party websites, platforms, or services that you connect to novo SOLUTION. Those third parties have their own policies.

    2. INFORMATION WE COLLECT

    The information we collect depends on which features you use and which integrations you connect.

    2A. Access to Your Data and Your Control

  • On-device / iCloud-only data: If your data is stored only on your device and/or synced via Apple iCloud/CloudKit, that data is managed by Apple under your iCloud account. We do not have routine access to the contents of your iCloud data.
  • Website/backend data (if enabled): If you enable website integration or backend services, some data is stored and processed on the connected backend to deliver those features (for example, website content, sync operations, integrations, security logs, and anonymous analytics). As the operator of that backend, we (or authorized personnel assisting with support/security) may be able to access limited server-side information as necessary to operate, secure, debug, and support the Services.

    • Practical impact: Many privacy requests (for example, changes to customer records you entered) should be directed to the business owner/admin using the Services. Where we do have control over server-side data (for example, stored OAuth tokens, anonymous analytics, and security logs), we can help process requests as described below.

    2.1 Account and Business Profile Information

    We may collect and process:

  • Account information: name, username, email, role/permissions, authentication and session data
  • Business information: company name, address, phone, country/region, business type, stores/locations and related settings
  • Administrative metadata: user roles, permissions, activity and configuration changes (for security and audit purposes)

    • 2.2 Business Data You Choose to Store in the Services

    You (and your team) may store business records such as:

  • Inventory and catalog: products, images, categories/collections, pricing, stock history
  • Sales and finance: invoices, estimates, receipts/records, taxes, store credit, vouchers/gift cards (as applicable)
  • Customers and appointments: customer contact details, appointment/reservation data, communications, notes, and related records
  • Website content: pages, media, documents, contact forms/subscribers (when using website features)

    • Important: Some of this data may include personal information about your customers or contacts. You control what you upload and how you use it.

    2.3 Technical, Device, and Diagnostic Information

    We automatically collect technical information needed to operate and secure the Services, such as:

  • Device and app data: device model, iOS version, app version/build, language and timezone
  • Diagnostic logs: crash reports, performance metrics, error logs
  • Security signals: authentication events, suspicious activity indicators, integrity and security monitoring data

    • We minimize collection of directly identifiable personal data in diagnostic and security logs; we also use redaction/sanitization where feasible.

    2.4 Analytics and Usage Data (Privacy-First)

    If you enable analytics and provide required consent in the app, we may collect:

  • Anonymous/aggregated usage events (for example: feature usage counts, screen views, and a hashed device identifier) to understand usage without directly identifying you

    • By default, analytics features are privacy-first and can be disabled in settings. Some minimal operational telemetry may still be necessary for security and reliability.

    2.5 Integration Data (OAuth Connections and Webhooks)

    If you connect third-party services (for example, Facebook/Instagram, TikTok, payment providers, email providers), we may collect:

  • OAuth tokens (access tokens, refresh tokens, and related metadata such as expiration)
  • Connected account identifiers (for example, a Facebook Page ID, Instagram Business Account ID)
  • Connection metadata (for example, page/account display name, token expiration timestamps)
  • Webhook events from third-party providers (for example, events delivered by Meta/Facebook webhooks)

    • We do not collect or store your third-party account passwords. Connections are established using OAuth (secure authorization flows).

    2.6 Payment Data

    When you use payment features, payment processing is generally handled by third-party payment processors and/or terminal providers. Depending on the feature, we may process:

  • Transaction metadata needed for records and reconciliation (for example, invoice IDs, totals, timestamps, status)

    • We aim to avoid storing full payment card numbers and other sensitive payment credentials on our systems; those are typically handled by the payment provider under their own terms.

    2.7 Subscription Data

    If you purchase a subscription through Apple's App Store, Apple handles billing and payment processing. We receive limited subscription status information from Apple (such as subscription tier, expiration date, and renewal status) to provide you with the appropriate level of service. We do not receive or store your Apple ID password or full payment details.

    3. HOW WE USE INFORMATION

    We use information for purposes such as:

  • Provide and operate the Services: core business management features, syncing, website integration, and connected services
  • Security and fraud prevention: authentication, access control, audit logging, abuse prevention, integrity monitoring
  • Support and communications: responding to requests, service notices, product updates, account-related messages
  • Improve and develop: bug fixes, performance improvements, feature development, analytics (when enabled/consented)
  • Compliance and legal: meeting legal obligations, enforcing terms, and protecting rights and safety

    • 4. LEGAL BASES FOR PROCESSING

    Where applicable (for example, under GDPR), we process information under one or more legal bases, including:

  • Contract: to provide the Services you request
  • Legitimate interests: to secure, maintain, and improve the Services
  • Consent: for optional analytics and certain integrations where you choose to enable them
  • Legal obligations: compliance with applicable laws and lawful requests

    • 5. HOW WE SHARE INFORMATION

    We do not sell your personal information. We may share information:

  • With service providers that help us run the Services (hosting, security, analytics, customer support tooling, email delivery, etc.)
  • With integrated third parties you choose (for example, Meta/Facebook/Instagram, TikTok, payment processors, email providers) to perform the features you enable
  • With Apple iCloud/CloudKit if you enable iCloud sync on your device (Apple's terms and policies apply)
  • For legal and safety reasons: to comply with law, respond to lawful requests, protect users, prevent fraud and abuse, and enforce our terms
  • In connection with a merger, acquisition, or sale of assets, subject to applicable safeguards

    • 6. SECURITY

    We use administrative, technical, and physical safeguards designed to protect information, such as encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure; however, we work to meet enterprise-grade security expectations appropriate for the Services.

    7. DATA RETENTION

    We retain information for as long as your account is active or as needed to provide the Services, and as needed for backups, synchronization, dispute resolution, and compliance with legal obligations. Specific retention periods include:

  • Business data: retained while your account is active and as long as your business uses the Services
  • Anonymous analytics events: if enabled/consented, anonymous analytics events (for example, event type, timestamp, session identifier, coarse device info, and an anonymized identifier) are retained for analytics purposes and periodically purged
  • Security and audit logs: retained as needed for security monitoring, incident investigation, and compliance
  • Integration tokens: retained while the integration is connected and deleted upon disconnection

    • 8. YOUR RIGHTS AND CHOICES

    Depending on your jurisdiction, you may have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of personal information (subject to legal exceptions)
  • Object to or restrict certain processing
  • Withdraw consent (for example, for optional analytics)
  • Data portability (export)

    • You can also manage certain privacy settings directly in the app (for example, analytics toggles and integration connections).

    8A. Operational Telemetry (Security and Reliability)

    Even if you disable optional analytics, we may still process minimal operational telemetry strictly for security, abuse prevention, and service reliability. Examples may include:

  • Security logs: authentication attempts, session and token validation outcomes, CSRF and rate-limit events, suspicious activity signals, and audit logging of administrative actions
  • Technical metadata: request identifiers, timestamps, device/platform info, and network metadata such as IP address and user agent (used for security and fraud prevention)

    • We use this information to protect the Services (for example, detect abuse, enforce access controls, investigate incidents, and prevent fraud). We do not use operational telemetry for behavioral advertising.

    8B. Cookies and Similar Technologies

    When you use our web properties (for example, the admin portal or your connected website), we may use cookies or similar technologies for:

  • Essential operation (for example, authentication/session management, CSRF protection, security controls)
  • Preferences (for example, tenant/company selection in multi-tenant setups)

    • We do not intentionally use third-party advertising cookies by default. If we introduce optional analytics or advertising cookies on web properties in the future, we will provide appropriate notice and choice mechanisms where required by law.

    Do Not Track: Some browsers offer a "Do Not Track" setting. Because there is no consistent industry standard for DNT signals, our web properties may not respond to DNT signals.

    8C. International Transfers

    novo SOLUTION may process and store information in countries other than where you live (for example, where we or our service providers operate). Where required (for example, transfers from the EEA/UK), we use appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms.

    8D. Subprocessors and Service Providers

    We use vendors ("subprocessors") to help provide the Services (for example, cloud hosting, database infrastructure, security monitoring, email delivery, payment processors, and integration providers). A current list of subprocessors can be requested by contacting us.

    8E. Sensitive Data

    Unless expressly agreed in writing, you must not upload or store:

  • Government-issued identifiers (for example: Social Insurance Numbers, passport numbers)
  • Precise geolocation, biometric identifiers, or other sensitive categories regulated by law
  • Health/medical information, including Protected Health Information (PHI)

    • The Services are not designed to support HIPAA compliance and should not be used to store Protected Health Information unless you have a separate written agreement with us that specifically covers such use.

    8F. Marketing Communications

    We may send service-related communications (for example, account, security, billing, and service notices). Where we send marketing communications, you can opt out using the unsubscribe mechanism provided in the message or by contacting us, subject to legal requirements.

    9. DATA DELETION (INCLUDING ACCOUNT DELETION)

    9.1 Account Deletion

    novo SOLUTION provides a complete account deletion feature directly within the app, in compliance with Apple App Store requirements.

    How to Delete Your Account: 1. Open the novo SOLUTION app 2. Navigate to Settings > Account 3. Tap Delete Account 4. Confirm your decision when prompted

    What Happens When You Delete Your Account:

  • Your user account and all data associated with your account (including companies, products, customers, invoices, appointments, and other records) will be permanently deleted
  • All connected integrations (social media, payment providers, etc.) will be disconnected and their tokens revoked
  • All website content and backend data associated with your account will be permanently deleted
  • iCloud/CloudKit synced data associated with your account will be removed

    • Important Notes:

  • Account deletion is permanent - this action cannot be undone
  • Temporary deactivation is not offered - we only provide full, permanent account deletion
  • No customer service required - you can complete account deletion entirely within the app without needing to call, email, or contact support
  • Data recovery is not possible - once deleted, your data cannot be recovered
  • Please export any data you wish to keep before initiating account deletion

    • Timing:

  • Account deletion is processed immediately upon confirmation
  • All local data, iCloud/CloudKit data, and associated records are deleted immediately
  • Once deleted, your data cannot be recovered

    • 9.2 Deleting Social Media Connection Data

    You can disconnect social media integrations and delete associated connection data using the in-app "Delete All Social Media Data" option, which is designed to:

  • Disconnect connected social platforms
  • Remove stored tokens and connection metadata from our systems where supported
  • Clear local cached social media data on the device (for example, stored page/account IDs and last-post timestamps)

    • Important notes:

  • Content you already posted to Facebook/Instagram/TikTok remains on those platforms unless you delete it from the platform directly.
  • Token revocation is attempted where supported, but revocation may not always succeed (for example, if a token is already expired or provider-side revocation is unavailable). If you want to fully remove access, you can also remove novo SOLUTION's access from within the provider's security settings.
  • Company deletion: removing a company from the app will also delete associated social media connection data.
  • Backend deletion: if you enabled website integration, deletion may involve deleting data stored on your connected backend as well.
  • Full account deletion: use the account deletion feature described in Section 9.1 for complete removal of all data.

    • For deletion assistance beyond in-app controls, contact us (see "Contact").

    10. CHILDREN'S PRIVACY

    The Services are intended for business use and are not directed to children under 13. If you believe a child has provided personal information, contact us.

    11. CHANGES TO THIS POLICY

    We may update this Privacy Policy at any time, without prior notice, to the extent permitted by law. The updated version will be posted in the Services and will be effective when posted (or as otherwise stated). If notice is required by applicable law for certain changes, we will provide the required notice.

    12. CONTACT

    For privacy questions or requests: Email: support@novosolution.org

    For legal notices: Email: support@novosolution.org

    Submitting Privacy Requests:

    To submit a privacy request (access, deletion, correction, portability), email us with:

  • Your name and account/business identifier (if available)
  • The type of request
  • The email address associated with the account (if applicable)
  • Any relevant details needed to locate the data

    • For security, we may need to verify your identity before processing your request. If you are acting on behalf of a business account, we may require proof of authority. We aim to respond within applicable legal timeframes (commonly 30-45 days, depending on your jurisdiction and the nature of the request).

    Last Updated: February 20, 2026

    Version 1.0.7 • Last updated: 2/19/2026