Privacy Policy

Last updated: April 10, 2026

Nova ("we", "us", "our") is a personal AI assistant service operated by Xin Lu. This policy describes how we collect, use, and protect your data.

1. What Data We Collect

When you use Nova, we may collect and process:

Account information — name, email address, and profile preferences you provide
Conversation data — messages you send to Nova and Nova's responses, including text and voice input
Connected account data — if you connect Google or Outlook, we access calendar events as authorized by you
Email data — if you configure email access (via IMAP/SMTP), we sync and process your emails for triage, summarization, and sending on your behalf
Uploaded files — documents, images, and other files you share with Nova for processing
Usage data — interaction patterns and feature usage for service improvement

2. How We Use Your Data

Provide the service — power conversations, memory, reminders, calendar integration, email management, and proactive notifications
Personalization — learn your preferences, communication style, and habits to serve you better over time
Service improvement — analyze usage patterns to improve Nova's capabilities (aggregated, not individual)

We do not sell your data to third parties. We do not use your data to train general-purpose AI models.

3. Google User Data

If you connect your Google account, Nova accesses only the data you explicitly authorize:

Google Calendar — read and write calendar events to help you manage your schedule, provide daily briefings, detect conflicts, and create appointments on your behalf

Email integration with Gmail is handled separately via IMAP/SMTP (industry-standard email protocols), not through Google OAuth APIs.

Nova's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3a. AI Processing of Google Data

To provide conversational scheduling features (e.g. answering "what's on my calendar tomorrow?"), Google Calendar data is processed by AI language models. The following services may process your Google Calendar data:

Self-hosted AI model (primary) — runs on our own private infrastructure; your data never leaves our server
MiniMax AI API (backup, used only when the primary model is unavailable) — a third-party AI service; data is transmitted via encrypted API calls and is not retained or used for model training per their service agreement

No other third parties receive your Google data. Specifically:

Google data is used only to provide and improve Nova's user-facing features
Google data is not shared with, transferred to, or disclosed to any party other than the AI processing services listed above
We do not use Google data for advertising or to build user profiles for advertising
We do not use Google data to train AI models
Human access to Google data is limited to the service operator for debugging and support, only with your consent or as required by law

4. Data Storage and Security

Your data is stored on self-hosted infrastructure (not public cloud) with encrypted connections
Conversation history, memories, and uploaded documents are stored in a PostgreSQL database with access controls
Images are processed and discarded — only text descriptions are retained, not raw image data
Voice recordings are transcribed and discarded — only the text transcription is stored
Email credentials (IMAP/SMTP passwords) are stored encrypted on the server

5. Data Retention

Conversation history and memories are retained for as long as your account is active
Uploaded documents are retained per your subscription tier (configurable)
You can ask Nova to delete specific memories, documents, or conversation history at any time

6. Your Rights

You can:

Access your data by asking Nova ("show me my memories", "list my documents")
Delete specific data by asking Nova ("delete this memory", "forget about X")
Revoke Google/Outlook access at any time through your Google/Microsoft account settings
Request full data export or deletion by contacting us at the email below

7. Third-Party Services

Nova integrates with the following third-party services:

AI processing (for conversational features):

Self-hosted AI models — primary processor, runs on our private infrastructure, no data leaves our server
MiniMax AI API (platform.minimaxi.com) — backup processor, used only when the self-hosted model is unavailable; data is not retained or used for training

Connected services (user-initiated):

Google Calendar — governed by Google's terms and this policy (see Section 3 and 3a)
Microsoft Outlook (Calendar, Mail) — governed by Microsoft's terms and this policy
Email providers (Gmail, Outlook, etc. via IMAP/SMTP) — standard email protocols, credentials stored locally
Bark (iOS push notifications) — device key stored locally, no data shared with Bark servers beyond push delivery
LINE — messaging channel, governed by LINE's terms

8. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through Nova's proactive notification system or via email.

9. Contact

For privacy questions, data requests, or concerns:

Email: [email protected]