Privacy Policy

Last updated: 25 July 2025

1. Introduction

Thank you for choosing Nova Rafale, a product of PGG AI – part of PGG Grup (collectively, “Nova Rafale,” “we,” “our,” or “us”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit https://nova‑rafale.com (the “Site”), use our mobile or desktop applications, interact with our application programming interfaces (“APIs”), or otherwise engage any of our products, services, or events (together, the “Services”).

By accessing or using any Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not access the Services.

2. Definitions

To aid clarity, key terms in this Policy have the meanings below:

Term Meaning
Personal Data Any information that identifies, relates to, describes, or could reasonably be linked to an individual.
Processing Any operation performed on Personal Data, whether automated or not, such as collection, storage, use, disclosure, or deletion.
Controller The natural or legal person that determines the purposes and means of Processing Personal Data. Nova Rafale acts as a Controller for data described here.
Processor A person or entity that Processes Personal Data on behalf of the Controller. Our cloud‑hosting partners, payment processors, and analytics vendors are examples.

3. Information We Collect

We collect the following categories of information:

3.1 Information You Provide Directly

  • Account Information – name, email address, password hash, preferred language, time‑zone, profile image.

  • Payment Information – billing name, billing address, payment method token, partial card number (last 4 digits), and transaction identifiers. Note: Full card numbers are handled only by our payment processor and never stored on Nova Rafale servers.

  • Content & Files – prompts, documents, images, code snippets, chats, or other data you upload or generate via the Services (“User Content”).

  • Communications – enquiries sent to customer support, responses to surveys, or feedback forms.

3.2 Information Collected Automatically

  • Usage & Log Data – IP address, browser type, referring/exit URLs, clickstream data, pages viewed, session duration, date/time stamps.

  • Device Data – operating system, device model, unique device identifiers, and crash reports.

  • Cookies & Similar Technologies – identifiers stored on your browser or device to remember settings, authenticate sessions, and analyse traffic. (See Section 9.)

  • Approximate Location – derived from IP address to customise content and comply with regional regulations.

3.3 Information from Third Parties

  • Social‑Login Providers – email address and profile metadata when you sign in with Google, Apple, or similar services.

  • Marketing Partners – attribution data (ad clicks, campaign IDs).

  • Security Vendors – fraud‑prevention signals, compromised‑credential lists.

4. How We Use Information

We Process Personal Data to:

  1. Provide and Maintain Services – create accounts, deliver AI outputs, store documents, and operate APIs;

  2. Process Transactions – manage subscriptions, issue invoices, and detect fraudulent payments;

  3. Personalise Experience – remember preferences, suggest templates, and surface relevant features;

  4. Improve & Develop – train models, debug issues, conduct research, and perform analytics;

  5. Communicate – send confirmations, technical notices, updates, security alerts, and administrative messages;

  6. Market – deliver newsletters and promotional offers (you may unsubscribe at any time);

  7. Protect – enforce our Terms of Service, secure our infrastructure, and prevent malicious activity;

  8. Comply with Law – respond to lawful requests and satisfy legal obligations.

5. Legal Bases for Processing (EEA/UK)

Where the EU General Data Protection Regulation (“GDPR”) or UK GDPR applies, we rely on one or more of the following legal bases:

Legal Basis Typical Purpose
Performance of a Contract To create your account, process your subscription, and deliver Services.
Legitimate Interests To improve Services, prevent fraud, secure the network, and market similar products.
Consent For non‑essential cookies or email marketing. You may withdraw consent at any time.
Legal Obligation To satisfy tax, accounting, and regulatory requirements.

6. Automated Decision‑Making & Profiling

We may use automated systems to help detect spam or malicious behaviour, allocate compute resources, and suggest content. These processes do not produce legal or similarly significant effects on users.

7. How We Share Information

We disclose Personal Data only as described below:

  1. Service Providers – cloud hosting, payment processors, customer‑support tools, email delivery, analytics platforms. Each provider may only use data as instructed and must maintain confidentiality.

  2. Affiliates & Subsidiaries – entities within PGG Grup that support Service operations, subject to this Policy.

  3. Business Transfers – in connection with mergers, acquisitions, or asset sales. Users will be notified of any change in ownership or use of their data.

  4. Legal & Regulatory – to comply with subpoenas, court orders, or other lawful requests by public authorities.

  5. Protection of Rights – where necessary to enforce our Terms, investigate violations, or defend against legal claims.

  6. With Your Consent – at your direction or when you connect third‑party integrations (e.g., cloud‑storage exports).

We never sell your Personal Data.

8. International Transfers

Nova Rafale is headquartered in Romania, with infrastructure in the European Economic Area (“EEA”) and the United States. When transferring Personal Data outside the EEA/UK, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;

  • UK International Data Transfer Addendum; and

  • Other legally recognised transfer mechanisms.

9. Cookies & Tracking Technologies

We use the following categories of cookies:

Category Purpose Example Duration
Essential Authenticate users, prevent fraud, enable core features Session
Analytics Measure traffic and performance 6–24 months
Functional Remember settings like language or theme 12 months
Marketing Deliver and measure ads for our Services 3–12 months

You can manage cookies through your browser settings or by clicking “Cookie Preferences” on our Site footer.

10. Data Retention

We keep Personal Data only as long as necessary for the purposes stated in this Policy, including to satisfy legal, accounting, or reporting requirements. Criteria used to determine retention periods include the nature of data, potential risk from unauthorised use, and whether we need it to perform a contract or defend legal claims. When data is no longer required, we delete or anonymise it.

11. Security

We implement appropriate administrative, technical, and physical safeguards such as encryption in transit, logical access controls, regular penetration testing, and employee security training. While we strive to protect your data, no Internet transmission is entirely secure, and we cannot guarantee absolute security.

12. Your Rights

Depending on your location, you may have the right to:

  • Access the Personal Data we hold about you;

  • Rectify inaccurate or incomplete data;

  • Erase (“right to be forgotten”) or anonymise data when no longer necessary;

  • Restrict or object to certain Processing;

  • Port data to another service provider;

  • Withdraw consent where Processing is based on consent;

  • Complain to a supervisory authority.

To exercise any right, email us at privacy@nova‑rafale.com.

13. California & Other U.S. State Privacy Rights

If you reside in California, Colorado, Connecticut, Utah, Virginia, or another U.S. state with privacy legislation, you may have additional rights to access, correct, delete, or opt out of the sale or sharing of Personal Data. We honour all such rights where applicable. To submit a request, email privacy@nova‑rafale.com with the subject “U.S. Privacy Request.”

14. Children’s Privacy

Our Services are not directed to children under 13 years (or 16 in the EEA). We do not knowingly collect Personal Data from children. If we learn that a child has provided us with data, we will promptly delete it.

15. Third‑Party Links

The Services may contain links to external sites or services not operated by Nova Rafale. We are not responsible for the privacy practices or the content of third‑party sites. Please review their policies before providing Personal Data.

16. Changes to This Policy

We may revise this Policy periodically. If we make material changes, we will notify you by email or by posting a notice on the Site at least 30 days prior to the change becoming effective. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy.

17. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Nova Rafale – Privacy Team
PGG AI – part of PGG Grup
Str. Example No. 1, 010101 Bucharest, Romania
Email: privacy@nova‑rafale.com

© 2025 Nova Rafale · PGG AI – PART OF PGG GRUP. All rights reserved.