← Back to Nova

Privacy Policy

Effective April 10, 2026 · Nova Companion LLC

In plain English

  • We don’t sell your data. Ever.
  • Your conversations are yours. Only you can see them.
  • You can delete everything at any time — and we actually delete it.
  • We don’t run ads. We don’t track you across the internet.
  • Nova remembers you because you asked it to, not because we’re watching.

1. Who We Are

Nova Intelligence (“Nova”) is operated by Nova Companion LLC, a Pennsylvania limited liability company. This policy describes how we collect, use, and protect your data.

2. What We Collect

  • Account data: Email address, display name, and authentication credentials (managed by Supabase).
  • Profile data: Name, birthday, location, occupation, and interests you choose to provide.
  • Conversation data: Messages you send to Nova, AI-generated responses, and conversation metadata.
  • Memory data: Facts and preferences Nova extracts from your conversations to personalize your experience. You can view all stored memories in the Memory tab.
  • Project & routine data: Projects, milestones, documents, dreams, and routines you create.
  • Calendar data: If you connect Google Calendar, we read your calendar events (read-only) to power the Stardate Calendar. We store your OAuth refresh token securely in the database.
  • Payment data: Subscription billing is processed by Stripe. We store your Stripe customer ID and subscription status but never see or store your full card number.
  • Usage analytics: Page views, feature usage, and performance metrics via Vercel Analytics and Speed Insights. No personally identifiable information is sent to analytics.

3. How We Use Your Data

  • Providing and personalizing the Nova companion experience
  • Generating AI responses informed by your conversation history and memories
  • Powering your daily briefing, projects, and routines
  • Processing subscription payments
  • Improving the Service through anonymized usage analytics
  • Sending transactional emails (e.g., weekly memory digests) via Resend

We do not sell your data. We do not use your data to train third-party AI models. We do not serve ads.

4. Third-Party Services

Nova integrates with the following third-party services to provide its features. Each receives only the minimum data necessary:

ServiceData SharedPurpose
Anthropic (Claude)Messages, memory contextPrimary AI responses
OpenAI (GPT-4o)Messages, memory contextFallback AI responses
SupabaseAll account and app dataAuthentication & database
StripeTokenized payment infoSubscription billing
Mem0Messages, extracted factsConversational memory
UpstashRate limit countersSecurity & rate limiting
GoogleCalendar events (if connected)Stardate Calendar
Tavily / ExaSearch queriesWeb research (Boosters)
FirecrawlURLs onlyWeb page scraping
FAL.aiImage promptsImage generation
VercelAvatar images, analyticsHosting & storage
ResendEmail address, digest contentTransactional email

5. The Memory System

Nova’s memory system is a core feature, not a hidden tracker. When you chat with Nova, it may extract facts and preferences (e.g., “Colin likes hiking”) to personalize future interactions. Memory extraction only occurs on substantive messages (short greetings and casual chat are skipped). You can view all memories Nova has stored about you in the Memory tab. Account deletion permanently removes all stored memories.

6. Data Security

  • All API routes require authentication via Supabase JWT with PKCE
  • Row-Level Security (RLS) ensures users can only access their own data
  • SSRF protection on all external URL fetching
  • Rate limiting on all endpoints via Upstash Redis
  • Content Security Policy headers enforced in production
  • Security logging with PII masking (user IDs and IPs are redacted)
  • OAuth state parameters are HMAC-signed with a 10-minute TTL

7. Data Retention & Deletion

Your data is retained for as long as your account is active. You may delete your account at any time from your Companion Profile. Deletion is permanent and irreversible — it removes all data across all database tables, cancels any active Stripe subscription, deletes uploaded avatars, and clears stored memories from Mem0.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (available in-app)
  • Object to processing of your data
  • Request data portability

California residents: Under the CCPA, you have the right to know what personal information we collect and to request its deletion. We do not sell personal information. To exercise your rights, contact us or use the in-app deletion feature.

EU/EEA residents: Under GDPR, you have additional rights including the right to restrict processing and the right to lodge a complaint with your local data protection authority. Our legal basis for processing is contractual necessity (providing the Service) and legitimate interest (improving the Service).

9. Cookies

Nova uses minimal cookies and local storage. We use Vercel Analytics and Speed Insights for anonymized usage data. We do not use advertising cookies or third-party tracking pixels. Your cookie preference is stored locally and respected.

10. Age Requirement

Nova requires users to be at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has created an account, please contact us and we will delete it.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via the app or email. The effective date at the top of this page reflects the most recent revision.

12. Contact

Questions or requests regarding your privacy? Reach us at privacy@novasystems.app

Terms of Service·Nova Intelligence© 2026 Nova Companion LLC