Legal

Privacy Policy

Effective date: 1 March 2025

1. Introduction

Noctua ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Noctua website, application, and services at noctua.uno and app.noctua.uno (the "Service").

We process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Noctua
Email: bubo@noctua.uno

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Display name (if provided)
  • Authentication credentials (managed by Firebase Authentication)

3.2 Content You Submit

When you use the Service, we process:

  • URLs of articles you submit for conversion
  • Extracted text content from those articles (temporarily, for audio generation)
  • Generated audio files stored in your personal feed

3.3 Usage Data

We automatically collect:

  • Credit usage and conversion history
  • Timestamps of conversions and account activity
  • Device type, browser type, and operating system
  • IP address (for security and abuse prevention)

3.4 Payment Data

If you purchase credits, payment processing is handled by our third-party payment provider. We do not store your full payment card details. We may receive and store transaction identifiers, purchase amounts, and billing-related information.

4. How We Use Your Data

We use your personal data for the following purposes:

Purpose Legal Basis (GDPR Art. 6)
Providing and operating the Service Performance of contract
Processing article conversions Performance of contract
Managing your account and credits Performance of contract
Processing payments Performance of contract
Sending service-related communications Legitimate interest
Preventing fraud and abuse Legitimate interest
Improving the Service Legitimate interest
Complying with legal obligations Legal obligation

5. Data Sharing

We do not sell your personal data. We may share your data with:

  • Google Cloud Platform / Firebase: Infrastructure, authentication, database, and file storage (data processed within the EU — europe-west2 region)
  • AI text-to-speech providers: Article text is sent to our TTS provider to generate audio. Only the article text is shared, not your personal details
  • Payment processors: To process credit purchases
  • Law enforcement: Where required by applicable law or valid legal process

6. Data Retention

  • Account data: Retained for as long as your account is active, and deleted within 30 days of account closure
  • Generated audio: Retained for as long as your account is active. Deleted within 30 days of account closure or upon your request
  • Submitted article text: Processed temporarily for audio generation and not retained after conversion is complete
  • Usage logs: Retained for up to 12 months for security and service improvement
  • Payment records: Retained for up to 7 years as required by tax and accounting regulations

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request that we limit the processing of your data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at bubo@noctua.uno. We will respond within 30 days.

8. International Transfers

Your data is primarily processed within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to AI service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Access controls and authentication
  • Regular security reviews

No system is perfectly secure. If you become aware of any security issue, please notify us immediately at bubo@noctua.uno.

10. Cookies

We use essential cookies and local storage required for the Service to function (such as authentication tokens). We do not use advertising or tracking cookies.

Essential cookies do not require consent under GDPR as they are strictly necessary for the Service.

11. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the effective date. We encourage you to review this policy periodically.

13. Supervisory Authority

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for Noctua is the Data Protection Commission (DPC) of Ireland:

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie

14. Contact

For any questions about this Privacy Policy or your personal data, contact us at:

Noctua
Email: bubo@noctua.uno