Legal

Privacy Policy

What we collect, what we deliberately don't, and the rights you have over your data. Written plainly, because privacy you can't read isn't privacy.

Last updated: June 2026
Please note: this policy is a plain-language template for a demonstration product. It is written to read like a real policy, but it is not legal advice. Adapt it with your own counsel before relying on it in production.

01Introduction

This Privacy Policy explains how Novex (“we”, “us”) collects, uses, and protects information when you visit our site, create an account, or use the Service. We designed Novex around a simple privacy principle: the safest data is the data we never hold. Wherever we can avoid touching sensitive information, we do.

02Data we collect

We collect a deliberately small set of information:

  • Account data — your name, email, password hash, and account settings, so we can give you a place to sign in and manage your business.
  • Business & KYB data — your legal entity details, business address, and the identity information of beneficial owners and representatives required to verify your business and satisfy financial regulations.
  • Usage data — logs, API request metadata, device and browser information, and product analytics that help us keep the Service reliable and secure.

03Data we don't collect

Raw card numbers never reach our servers. Card details (the PAN, expiry, and CVC) are tokenized in your customer's browser and exchanged directly with our payment processor. They never land in a Novex database, log line, or backup.

Because we don't store that data, we can't lose it, leak it, or be compelled to hand it over. We work with tokens and metadata — not cardholder secrets. This is security by design, not security by promise.

04How we use data

We use the information we collect to:

  • provide, maintain, and improve the Service;
  • verify your business and meet legal, anti-fraud, and anti-money-laundering obligations;
  • process payouts and reconcile fees through our payment partner;
  • detect, investigate, and prevent abuse or security incidents;
  • communicate with you about your account and important changes.

We do not sell your personal data, and we do not use the contents of your transactions to build advertising profiles.

05Stripe & sub-processors

Novex is built on Stripe's payment rails. Stripe acts as our payment processor and processes payment and identity data under Stripe's Privacy Policy. We also rely on a small set of trusted sub-processors for cloud hosting, infrastructure, email delivery, and product analytics. Each is bound by contractual obligations to protect your data and to process it only on our instructions.

06Cookies

We use a minimal set of cookies and similar technologies: strictly necessary cookies that keep you signed in and secure, and a small number of analytics cookies that help us understand how the product is used. You can control non-essential cookies through your browser settings; disabling strictly necessary cookies may break core functionality.

07Data retention

We keep personal data only as long as we need it for the purposes described in this policy — typically for the life of your account and for a reasonable period afterward. Some records, particularly those tied to KYB verification and financial transactions, must be retained longer to satisfy legal and regulatory requirements. When data is no longer needed, we delete or anonymize it.

08Security

We protect data with encryption in transit and at rest, strict access controls, audit logging, and regular review of our infrastructure. Our strongest control, though, is architectural: by tokenizing card data in the browser and never storing it, we remove an entire category of risk rather than merely guarding against it. No system is perfectly secure, but we work hard to make Novex a small, well-defended target.

09Your rights

Depending on where you live, you may have rights over your personal data — including the right to access, correct, delete, or export it, to object to or restrict certain processing, and to withdraw consent. These reflect protections such as the GDPR and CCPA.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law, and we will not discriminate against you for exercising a right.

10International transfers

We may process and store data in countries other than your own, including where our infrastructure providers and payment partner operate. When we transfer personal data across borders, we rely on appropriate safeguards — such as standard contractual clauses — to ensure your data continues to be protected to the standard required by applicable law.

11Children

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact us and we will delete it.

12Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after changes take effect means you accept the revised policy.

13Contact

Questions, requests, or concerns about your privacy? Write to us at [email protected]. You can also review our Terms of Service.

Privacy by design.

The card data we never hold is the breach we can never have.

Start free