Privacy Policy
This Privacy Policy explains how Noviterm AI LLC ("Noviterm", "we", "our", "us") collects, uses, and protects information when you visit noviterm.com or contact us about our services. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Who We Are
Data Controller:
Noviterm AI LLC
19 Mrii Street, Kyiv, Ukraine
Email: [email protected]
Phone: +38 (093) 777-32-42
Noviterm AI builds AI-powered climate control software for commercial buildings. Our platform connects to existing Building Management Systems (BMS) to reduce energy consumption and ensure regulatory compliance.
2. What Data We Collect
2.1 Information You Provide Directly
When you contact us, request a demo, or submit an audit request via our website, we may collect:
- Name and job title
- Business email address
- Company name and size
- Building address or location (for audit requests)
- Phone number (if provided)
- Content of messages or enquiries you send us
2.2 Information Collected Automatically
When you visit our website, we automatically collect certain technical data:
- IP address (anonymised where possible)
- Browser type and version
- Operating system
- Pages visited and time spent on each page
- Referring URL (where you came from)
- Date and time of visits
2.3 Building & Technical Data (Service Clients Only)
If you become a Noviterm client, we process operational data from your building's HVAC systems for the purpose of delivering our service. This data is governed separately by your service agreement and Data Processing Agreement (DPA). It does not include personal data of building occupants.
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Responding to your enquiries and demo requests | Name, email, company, message content |
| Preparing and delivering a free building energy audit | Company name, building details, contact info |
| Sending follow-up communications related to your enquiry | Email address, name |
| Improving our website and user experience | Anonymised usage data, browser/device data |
| Complying with legal obligations | As required by applicable law |
| Security and fraud prevention | IP address, technical access logs |
We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and UK, we process your personal data under the following legal bases:
- Legitimate Interests (Art. 6(1)(f) GDPR): Responding to business enquiries, improving our website, security monitoring.
- Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to deliver services you have requested (e.g., a free audit).
- Legal Obligation (Art. 6(1)(c) GDPR): Where required by applicable law.
- Consent (Art. 6(1)(a) GDPR): For any marketing communications — only where you have opted in explicitly.
5. Data Sharing & Third Parties
We may share your data with trusted third-party service providers who assist us in operating our website and delivering our services. All such providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
Current service providers may include:
- Google (Google Workspace, Google Analytics): Email, analytics. Google Privacy Policy
- WordPress / Hosting Provider: Website infrastructure
- CRM / Email Platform: Managing enquiry follow-ups
We may also disclose data where required by law, court order, or regulatory authority.
6. Cookies & Tracking
Our website uses cookies and similar technologies. Cookies are small text files placed on your device that help us understand how our site is used.
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Essential | Required for basic website functionality (login sessions, form security) | No — site may not function correctly |
| Analytics | Understanding how visitors use the site (pages visited, time on site) | Yes — via cookie consent banner |
| Marketing | Tracking ad performance (if applicable) | Yes — via cookie consent banner |
You can manage your cookie preferences through our cookie banner when you first visit the site, or by adjusting your browser settings. Note that disabling certain cookies may affect site functionality.
7. Data Retention
We retain personal data only for as long as necessary for the purpose it was collected:
- Enquiry / contact form data: 2 years from last contact, unless a business relationship is established
- Website analytics data: 26 months (standard Google Analytics default)
- Client service data: Duration of contract + 5 years for legal and accounting purposes
- Legal compliance records: As required by applicable law (typically 5–7 years)
After the retention period expires, data is securely deleted or anonymised.
8. Your Rights
Under GDPR, if you are located in the EEA or UK, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
9. International Data Transfers
Noviterm AI LLC is based in Ukraine. If you are located in the EU/EEA, please note that data transferred to Ukraine may not benefit from a formal EU adequacy decision. Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with third-party processors
For transfers to Google Cloud services, Google's data processing terms and SCCs apply.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction, including:
- HTTPS / TLS encryption for all data in transit
- Access controls limiting data access to authorised personnel only
- Regular security reviews of our systems and third-party providers
No method of transmission over the internet is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authorities as required by law.
11. Children's Privacy
Our website and services are directed exclusively at business professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Your continued use of our website after changes are posted constitutes your acknowledgement of the updated policy.
13. Contact Us
For any privacy-related questions, data subject requests, or concerns, please contact:
Noviterm AI LLC
19 Mrii Street, Kyiv, Ukraine
Email: [email protected]
Phone: +38 (093) 777-32-42
We aim to respond to all privacy enquiries within 5 business days and to all formal data subject requests within 30 days.