Privacy Policy
Last updated: December 14, 2025
NovaLexy is designed with data minimization at its core. We do not collect or store the content you submit to our tools, and we do not train any models on your data. Our web app relays your prompts to secure third-party AI infrastructure providers to generate responses. This Privacy Policy explains what limited information we handle, how data is processed, and how you can control cookies.
1. Who We Are & Roles
For our website and any optional account/profile data, NovaLexy acts as a data controller. For user content you input into our AI features, NovaLexy acts as a pass-through facilitator. We do not store or retain that content; the request is transmitted directly to trusted third-party AI infrastructure providers who process it to generate an output. Those providers act as independent processors under their own terms.
2. What We Do Not Collect
- No storage of user content: We do not retain the text, translations, or prompts you submit to the AI features beyond the transient processing needed to return a response.
- No model training on your data: We never use your data to train our own models, nor do we permit our third-party AI infrastructure providers to use your API data for training.
- No sale of data: We do not sell or “share” personal information for cross-context behavioral advertising.
3. Limited Information We May Handle
To operate the site and your account, we may process a minimal set of data:
- Account metadata: Email address and password hash (if you register).
- Transactional data: Subscription status and billing history. Note: We do not see or store your credit card information. All payments are processed securely by Stripe, Inc.
- Technical logs: IP address, browser type, and timestamps used strictly for security and debugging.
- Cookies: As described in Section 8.
3.1 Legal Bases for Processing
We process personal data only when legally permitted, including:
- Performance of a Contract: To provide the services you requested (e.g., account access, subscriptions).
- Legitimate Interests: For security, fraud prevention, and service reliability.
- Consent: For optional analytics cookies, where applicable.
3.2 Data Retention
Account and billing records are retained only as long as necessary to provide the service and comply with legal obligations (e.g., tax and accounting laws). Security logs are retained for a limited period and then automatically deleted.
4. How Processing Works (Pass-Through)
When you submit text for processing, NovaLexy securely transmits your request to third-party AI infrastructure providers and relays the generated output back to your browser. NovaLexy does not keep a copy of your content. Any temporary handling is purely for delivery and is discarded immediately after the response is sent.
5. Third-Party Providers
We integrate with trusted external services to provide core functionality. These providers process data under their own privacy policies. NovaLexy is not responsible for the privacy practices of third-party providers.
- Third-Party AI Infrastructure Providers: We use trusted third-party providers for model inference. According to their published terms and contractual obligations, they process data solely to deliver the service and do not use API data to train their models.
- Stripe: Used for secure payment processing. They handle all financial data in compliance with PCI-DSS standards.
- Google Analytics 4 (GA4): Used to understand website traffic patterns. This service creates aggregated and pseudonymized usage statistics.
6. Security
We apply industry-standard security controls (HTTPS/TLS encryption). While no system is perfectly secure, we work continually to protect the service. If you believe your account is compromised, please contact us immediately.
7. Your Rights
Depending on your location (e.g., EU/UK under GDPR, California under CCPA), you have rights to:
- Access, correct, or delete your account data.
- Withdraw consent for optional cookies.
- Request a copy of your personal data (portability).
Since we do not store your AI content, there is no translation history for us to delete.
9. International Transfers
Our services are hosted on global cloud infrastructure. By using NovaLexy, you acknowledge that your data may be processed in the United States or other jurisdictions, always subject to appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Children’s Privacy
NovaLexy is not intended for children under 16. We do not knowingly collect personal data from children.
11. Automated Decision-Making
NovaLexy does not engage in automated decision-making that produces legal or similarly significant effects concerning users.
12. Changes to This Policy
We may update this policy to reflect changes in our service or laws. We will update the “Last updated” date at the top of this page.
13. GDPR Compliance Summary
NovaLexy is committed to complying with the EU General Data Protection Regulation (GDPR).
- We apply data minimization and do not store AI input content.
- We process personal data only under valid legal bases (contract, legitimate interests, or consent).
- Users may exercise their GDPR rights at any time by contacting us.
- We use appropriate safeguards for international data transfers, including Standard Contractual Clauses.
- We implement technical and organizational measures to protect personal data.
This summary is provided for transparency and does not replace the full details set out in this Privacy Policy.