Novalytics - Privacy Policy

Last updated: Dec. 18, 2025

At Novalytics (“we”, “our”, “us”), we respect your privacy and are committed to protecting your personal information.
This Privacy Policy explains how we collect, use, store, and share information when you use our website, platform, and related services (collectively, the “Services”).

By using our Services, you agree to this Privacy Policy. If you do not agree, please do not use our Services.

1. Who We Are

Novalytics is a data intelligence company based in Quebec, Canada, building advanced AI solutions that help ESG and sustainability professionals transform complex data into actionable insights.

We act as the data controller for personal data we collect directly from users and as a data processor for information uploaded by clients through our platform.

2. Information We Collect

We collect the following types of information:

a. Information You Provide

  • Account information: Name, email address, company name, role, and password.
  • Billing information: Payment details, billing address, and transaction history (processed securely via Stripe).
  • Uploaded content: ESG or sustainability reports, datasets, or other materials you choose to upload for analysis.
  • Communications: Messages, support requests, or survey responses you send us.

b. Information We Collect Automatically

When you use our Services, we automatically collect:

  • Usage data: Log files, access times, device type, browser, and operating system.
  • Analytics data: Through cookies and similar technologies (for example, page views, time spent, and interaction data).
  • AI processing data: Metadata related to the use of AI tools and generated results (to improve model accuracy and performance).

You can control or delete cookies through your browser settings.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Services.
  • Personalize your experience and improve platform performance.
  • Process payments and manage subscriptions.
  • Communicate with you (e.g., service updates, security notices, marketing emails).
  • Develop AI models and analytics systems using aggregated data.
  • Comply with legal, regulatory, and security obligations.

We do not sell or rent personal information to third parties.

4. Data Ownership and Processing

  • You retain ownership of all confidential content and data you upload to our Services.
  • By using our Services, you grant Novalytics a limited license to process, analyze, and store that data for the purpose of delivering the Services.
  • We may use aggregated data to improve our algorithms, analytics, and overall system intelligence. This data can no longer be used to identify you or your organization.

5. Legal Basis for Processing (GDPR & Loi 25)

We process personal data only when:

  • It is necessary to perform a contract with you (e.g., providing Services).
  • You have given consent (e.g., for marketing communications or analytics cookies).
  • It is required by law.
  • It is in our legitimate business interests, such as improving our platform or preventing fraud.

You may withdraw your consent at any time by contacting us (see Section 11).

6. Data Retention

We retain personal data only as long as necessary to:

  • Fulfill the purposes outlined in this Policy,
  • Comply with legal obligations, and
  • Resolve disputes or enforce agreements.

When data is no longer needed, it is securely deleted or anonymized.

7. Data Sharing and Third Parties

We may share data with:

  • Service providers who help us operate our platform (e.g., Stripe for payments, cloud storage providers, and analytics tools).
  • Enterprise clients who have authorized access to shared organizational data.
  • Legal authorities, if required by law or to protect our rights and users.

All third-party processors are contractually obligated to protect your data and comply with privacy laws.

8. International Data Transfers

If we transfer data outside of Canada (for example, to the U.S. or Europe), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms that meet GDPR and Loi 25 requirements.

9. Your Rights

Depending on your location, you may have the right to:

  • Access and obtain a copy of your personal data.
  • Correct or update inaccurate or incomplete information.
  • Request deletion (“right to be forgotten”).
  • Withdraw consent to certain processing activities.
  • Request data portability.
  • Object to certain uses (e.g., automated decision-making or marketing).

You can exercise these rights at any time by contacting us (see Section 11).

10. Security Measures

We use appropriate technical and organizational measures to protect data, including encryption, access controls, and monitoring for unauthorized access.
While we take data protection seriously, no system is completely secure; use of the Services is at your own risk.

11. Contacting Us About Privacy

If you have questions, concerns, or requests regarding your personal data, you can reach us at: team@novalytics.ca.
For users in Quebec, our designated Privacy Officer under Loi 25 can be contacted at the same address.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal changes or improvements in our practices.
When we do, we’ll update the “Last Updated” date above and, where appropriate, notify users through email or within the platform.