1. Information We Collect
We may collect the following categories of personal information:
Information You Provide Directly
- Contact information: name, email address, phone number, company name, and job title when you contact us, request a consultation, or submit a form on our Site.
- Communications: the content of messages you send us via email, contact forms, or other channels.
- Account and service information: information you provide when engaging our documentation and SOP services, including project details and professional credentials.
Information Collected Automatically
- Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
- Usage data: pages visited, time spent on pages, referring URLs, click patterns, and navigation paths.
- Location data: approximate geographic location derived from your IP address.
- Cookies and similar technologies: see Section 6 for details.
Information from Third Parties
We may receive information about you from third-party service providers we use to operate our business, such as analytics providers, advertising platforms, or professional networking sites (e.g., LinkedIn), to the extent permitted by applicable law.
2. How We Collect Information
We collect personal information through the following means:
- Directly from you when you fill out forms, send emails, or otherwise communicate with us.
- Automatically through cookies, web beacons, pixels, and similar tracking technologies when you browse our Site.
- From third-party sources, including analytics and advertising partners, publicly available databases, and business partners.
3. How We Use Your Information
We use your personal information for the following purposes:
- Providing and improving our services: to respond to inquiries, deliver our SOP and documentation services, and improve our offerings.
- Communication: to send you information you’ve requested, respond to support requests, and provide service-related updates.
- Marketing: to send promotional communications about our services where permitted by law. You may opt out at any time.
- Analytics: to understand how visitors use our Site and to improve user experience, functionality, and content.
- Legal compliance: to comply with applicable laws, regulations, and legal processes.
- Security: to detect, prevent, and address fraud, abuse, or security issues.
- Business operations: to manage our business, including billing, record-keeping, and internal administration.
4. Legal Bases for Processing GDPR
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data based on one or more of the following legal bases:
- Consent: where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications, non-essential cookies).
- Contract: where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
- Legitimate interests: where processing is necessary for our legitimate business interests (e.g., improving our services, fraud prevention, direct marketing to existing clients), provided those interests are not overridden by your rights.
- Legal obligation: where processing is necessary for compliance with a legal obligation to which we are subject.
7. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider the nature of the information, the purposes for processing, applicable legal requirements, and our legitimate business interests.
When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention practices.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), access controls, and secure hosting infrastructure through Amazon Web Services.
While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard safeguards.
9. Your Privacy Rights
Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information:
| Right | Description | Applicable Law |
|---|---|---|
| Right to Know / Access | Request information about the categories and specific pieces of personal information we have collected about you. | CCPA GDPR TDPSA |
| Right to Delete / Erasure | Request deletion of your personal information, subject to certain legal exceptions. | CCPA GDPR TDPSA |
| Right to Correct | Request correction of inaccurate personal information we hold about you. | CCPA GDPR TDPSA |
| Right to Portability | Request a copy of your personal data in a structured, commonly used, machine-readable format. | GDPR TDPSA |
| Right to Opt Out of Sale/Sharing | Direct us not to sell or share your personal information for cross-context behavioral advertising. Note: We do not currently sell or share personal information. | CCPA TDPSA |
| Right to Restrict Processing | Request that we limit how we use your personal data in certain circumstances. | GDPR |
| Right to Object | Object to the processing of your personal data based on legitimate interests or for direct marketing. | GDPR |
| Right to Withdraw Consent | Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing. | GDPR TDPSA |
| Right to Non-Discrimination | We will not discriminate against you for exercising any of your privacy rights. | CCPA TDPSA |
| Right to Appeal | If we deny your privacy request, you have the right to appeal our decision. | TDPSA |
To exercise any of these rights, please contact us using the information in Section 18 below. We will respond to verifiable requests within the timeframes required by applicable law (generally 45 days under CCPA/CPRA and TDPSA, and 30 days under GDPR). You may also designate an authorized agent to submit a request on your behalf.
10. Additional Disclosures for California Residents CCPA
If you are a California resident, the CCPA/CPRA provides you with specific rights regarding your personal information. In the preceding 12 months, we may have collected the following categories of personal information:
- Identifiers: name, email address, IP address, and similar identifiers.
- Internet or electronic network activity: browsing history on our Site, search history, and information regarding your interaction with our Site.
- Professional or employment-related information: job title, company name, and professional role provided through contact or service forms.
- Geolocation data: approximate location derived from IP address.
- Inferences: preferences and characteristics drawn from the above categories.
We collect this information for the business purposes described in Section 3. We do not sell personal information, and we do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA.
California residents may submit a verifiable consumer request to know, delete, or correct their personal information by contacting us at the information provided in Section 18. We will verify your identity before processing your request. You will not be discriminated against for exercising your CCPA/CPRA rights.
11. Additional Rights for EEA/UK Residents GDPR
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR, including the rights described in the table in Section 9. In particular:
- You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.
- Where we rely on consent as the legal basis for processing, you may withdraw your consent at any time by contacting us.
- Where we rely on legitimate interests, you may object to processing, and we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Data Controller: Notiva Labs, LLC is the data controller for the personal data processed as described in this Privacy Policy. Contact details are provided in Section 18.
12. Additional Rights for Texas Residents TDPSA
If you are a Texas resident, the Texas Data Privacy and Security Act provides you with the rights described in Section 9, including the right to access, correct, delete, and obtain a portable copy of your data, as well as the right to opt out of the sale of personal data, targeted advertising, and profiling that produces legal or similarly significant effects.
To exercise your rights, contact us using the information in Section 18. If we decline your request, you have the right to appeal. To appeal, please submit a written request to us, and we will respond within 60 days. If the appeal is denied, you may contact the Texas Attorney General to submit a complaint.
13. Do Not Track & Global Privacy Control
Some browsers transmit “Do Not Track” (DNT) signals. There is currently no industry standard for recognizing DNT signals; however, we honor the Global Privacy Control (GPC) signal as a valid opt-out of the sale or sharing of personal information where required by applicable law, including under the CCPA/CPRA and TDPSA.
14. International Data Transfers
Notiva Labs is based in the United States. If you access our Site from outside the United States, your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards as required by the GDPR, including Standard Contractual Clauses (SCCs) adopted by the European Commission, or other legally recognized transfer mechanisms. By using our Site or providing your information, you acknowledge this transfer.
15. Children’s Privacy
Our Site and services are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to promptly delete that information. If you believe we may have collected information from a child, please contact us immediately using the information in Section 18.
16. Third-Party Links
Our Site may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices or content of third-party websites.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the revised policy.
18. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us:
Notiva Labs, LLC
5900 Balcones Drive, STE 100, Austin, TX 78731
Email: privacy@notivalabs.com
Website: notivalabs.com
For GDPR-related inquiries, you may also contact your local data protection authority. A list of EEA data protection authorities is available at edpb.europa.eu.
For TDPSA-related appeals, you may contact the Texas Attorney General at texasattorneygeneral.gov.