Privacy Policy

Last updated: May 10, 2026

Nova ("we", "us", "our") is a personal AI assistant service operated by Xin Lu. This policy describes how we collect, use, and protect your data.

1. What Data We Collect

When you use Nova, we may collect and process:

Account information — your name, email address, and account preferences
Contact details for people you ask Nova to remember — phone numbers, addresses, birthdays, family relationships, and notes for the people in your life that you choose to record (yourself, family, friends, business contacts)
Conversation data — messages you send to Nova and Nova's responses, including text and voice input
Connected account data — if you connect Google or Outlook, we access calendar events as authorized by you
Email data — if you configure email access (via IMAP/SMTP), we sync and process your emails for triage, summarization, and sending on your behalf
Uploaded files — documents, images, and audio you share with Nova for processing; these remain on our servers so you can re-open them from your conversation history
Usage data — interaction patterns, feature usage, and token consumption for tier accounting and service improvement

2. How We Use Your Data

Provide the service — power conversations, memory, reminders, calendar integration, email management, and proactive notifications
Personalization — learn your preferences, communication style, and habits to serve you better over time
Service improvement — analyze usage patterns to improve Nova's capabilities (aggregated, not individual)

We do not sell your data to third parties. We do not use your data to train general-purpose AI models.

3. Google User Data

If you connect your Google account, Nova accesses only the data you explicitly authorize:

Google Calendar — read and write calendar events to help you manage your schedule, provide daily briefings, detect conflicts, and create appointments on your behalf

Email integration with Gmail is handled separately via IMAP/SMTP (industry-standard email protocols), not through Google OAuth APIs.

Nova's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3a. AI Processing of Google Data

To provide conversational scheduling features (e.g. answering "what's on my calendar tomorrow?"), Google Calendar data is processed by AI language models. The following services may process your Google Calendar data:

Self-hosted AI model (primary) — runs on our own private infrastructure; your data never leaves our server
MiniMax AI API (backup, used only when the primary model is unavailable) — a third-party AI service; data is transmitted via encrypted API calls and is not retained or used for model training per their service agreement

No other third parties receive your Google data. Specifically:

Google data is used only to provide and improve Nova's user-facing features
Google data is not shared with, transferred to, or disclosed to any party other than the AI processing services listed above
We do not use Google data for advertising or to build user profiles for advertising
We do not use Google data to train AI models
Human access to Google data is limited to the service operator for debugging and support, only with your consent or as required by law

4. Data Storage and Security

Your data is stored on self-hosted infrastructure (not public cloud) with encrypted connections
Conversation history, memories, and uploaded documents are stored in a PostgreSQL database with access controls
Images you send are stored on our servers so you can re-open them from your history; we also generate a text description (via vision AI) that is linked to your account. Images count against your storage quota and can be deleted at any time
Voice recordings are stored on our servers to allow playback. By default, voice messages expire after 24 hours; you can mark a voice reply as "kept" to retain it indefinitely. Both the audio file and its text transcription are linked to your account
Email credentials (IMAP/SMTP passwords) are stored encrypted on the server

5. Data Retention

Conversation history and memories are retained for as long as your account is active
Uploaded documents are retained per your subscription tier (configurable)
You can ask Nova to delete specific memories, documents, or conversation history at any time

6. Your Rights

You can:

Access your data by asking Nova ("show me my memories", "list my documents")
Delete specific data by asking Nova ("delete this memory", "forget about X")
Revoke Google/Outlook access at any time through your Google/Microsoft account settings
Request full data export or deletion by contacting us at the email below

7. Third-Party Services

Nova integrates with the following third-party services:

AI processing (for conversational features):

Self-hosted AI models — primary processor, runs on our private infrastructure, no data leaves our server
MiniMax AI API (platform.minimaxi.com) — backup processor, used only when the self-hosted model is unavailable; data is not retained or used for training

Web search:

SearXNG — when Nova searches the web on your behalf, your query is forwarded through our self-hosted search aggregator to public search engines (Google, Bing, DuckDuckGo, and similar). Your account identity is not passed to those engines; they see only the query text and our server's IP

Connected services (user-initiated):

Google Calendar — governed by Google's terms and this policy (see Section 3 and 3a)
Microsoft Outlook (Calendar, Mail) — governed by Microsoft's terms and this policy
Email providers (Gmail, Outlook, etc. via IMAP/SMTP) — standard email protocols, credentials stored encrypted on our server
Nova iOS App Push (APNs) — your device token is stored on our server and used only to deliver push notifications to your device; we do not share it with third parties
LINE — messaging channel, governed by LINE's terms

8. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through Nova's proactive notification system or via email.

9. Contact

For privacy questions, data requests, or concerns:

Email: [email protected]