Security Assessment in Progress

    Nuvo is currently undergoing a CASA Tier 2 security assessment — the platform is live solely for the security team to review and test it. Please do not use it. We want to make sure everything is fully secured before you rely on it.

    Questions? contact@nuvo-hub.com

    Privacy Policy

    We believe your data is yours — and only yours. Nuvo is built on a strict zero-storage, zero-sharing architecture. We never store or share your personal data. Ever.

    Last updated: March 23, 2026

    TL;DR — The Short Version

    • We never store the content of your emails, messages, or calendar events.
    • We never share your data with third parties for advertising, analytics, or any other purpose.
    • We never sell your data. Not now, not ever. It is not part of our business model.
    • We only retain anonymous operational metadata (e.g., action execution time, error rates) to keep Nuvo running smoothly.
    • You can delete your account and all associated data at any time.

    1. Introduction

    This Privacy Policy explains how Nuvo ("we", "us", or "our") handles information when you use our AI assistant service through WhatsApp, Telegram, our website at www.nuvo-hub.com, and any related services (collectively, the "Services").

    Nuvo is designed with a privacy-first architecture. Our core principle is simple: we process your requests in real time and do not retain personal or sensitive information once the action is completed. We do not store the content of your emails, calendar events, or messages — they pass through our systems only long enough to execute your instructions and are never persisted.

    2. What We Do NOT Collect or Store

    To be absolutely clear, Nuvo does not store, log, or retain any of the following:

    • The content, subject lines, or attachments of your emails
    • The body or details of your calendar events or meeting notes
    • Your WhatsApp or Telegram message content or conversation history
    • Contact lists, address books, or recipient information from your email or calendar providers
    • Your email account passwords or authentication credentials (we use OAuth tokens only)
    • Any personally identifiable information (PII) derived from your communications

    3. What We DO Collect

    We retain only the minimum information needed to operate, maintain, and improve our service:

    a) Account Information

    When you sign up, we store:

    • • Your email address (used to identify your account and send service notifications)
    • • Your display name or username (if provided)
    • • OAuth tokens for your connected Gmail or Outlook accounts (encrypted at rest; we never see your password)
    • • Your messaging platform identifier (WhatsApp phone number or Telegram user ID) so we can communicate with you

    b) Operational Metadata

    We collect anonymous, non-personal operational metrics to monitor service health and improve performance. This includes:

    • • How long it took to execute an action (e.g., sending an email or creating a calendar event)
    • • Whether an action succeeded or failed (without details about the action's content)
    • • General usage patterns (e.g., number of actions per day, feature usage frequency)
    • • Error codes and system performance metrics

    This metadata is fully anonymized and cannot be used to reconstruct the content of any action. For example, we may know "an email was sent in 1.2 seconds" but we never know what the email said, who it was sent to, or what the subject was.

    c) Waitlist Information

    If you join our waitlist, we collect your email address solely to notify you when access is available. We do not use it for marketing or share it with any third party.

    4. How We Process Your Data

    When you send a command to Nuvo (e.g., "Email Sarah that I'll be late"), here's exactly what happens:

    1. Your message is received over an encrypted channel from WhatsApp or Telegram.
    2. Our AI processes your natural language instruction to understand the intended action.
    3. The action is executed using your authorized OAuth connection to Gmail, Outlook, or Google/Outlook Calendar.
    4. A confirmation is sent back to you through the same encrypted messaging channel.
    5. The message content, email body, and all related data are immediately discarded from memory. Nothing is written to disk or any persistent storage.

    5. Third-Party Integrations

    Nuvo integrates with the following third-party services to provide its functionality:

    • Google (Gmail & Google Calendar): We use Google's OAuth 2.0 to access your email and calendar with your explicit permission. We request only the minimum scopes necessary. Google's own privacy policy applies to data within their platforms.
    • Microsoft (Outlook & Outlook Calendar): We use Microsoft's OAuth 2.0 for the same purpose. Microsoft's privacy policy applies to data within their platforms.
    • WhatsApp & Telegram: These messaging platforms serve as the communication channel between you and Nuvo. Messages are subject to each platform's own encryption and privacy policies.

    We do not share any of your data with these services beyond what is strictly required to execute your commands. We do not pass your data to any advertising networks, data brokers, or analytics platforms.

    6. Data Security

    We implement industry-standard security measures to protect the limited data we do hold:

    • Encryption in transit: All communications use TLS 1.2+ encryption.
    • Encryption at rest: OAuth tokens and account data are encrypted using AES-256.
    • Zero persistent storage: Sensitive data (email content, message text, calendar details) is processed in volatile memory only and never written to disk.
    • Access controls: Strict internal access controls ensure only authorized systems can interact with user tokens.
    • Regular audits: We conduct regular security reviews of our infrastructure and codebase.

    7. Data Retention

    Data TypeRetention Period
    Email / message / calendar contentNever stored
    Account information (email, OAuth tokens)Until you delete your account
    Anonymized operational metadataUp to 90 days
    Waitlist emailUntil access granted or you unsubscribe

    8. Your Rights

    Regardless of where you are located, we provide the following rights to all users:

    • Right to Access: Request a copy of the data we hold about you (account info and metadata — there is no stored content to retrieve).
    • Right to Deletion: Delete your account and all associated data at any time. We will revoke all OAuth tokens and remove your account information within 30 days.
    • Right to Revoke Access: Disconnect your Gmail, Outlook, or messaging accounts at any time through your account settings or directly through Google/Microsoft's security settings.
    • Right to Portability: Request an export of the data we hold about you in a machine-readable format.
    • Right to Opt Out: Opt out of anonymized analytics collection by contacting us.

    9. International Users & Compliance

    Nuvo is operated from Canada. If you use our Services from outside Canada, your information may be processed in Canada. We comply with:

    • PIPEDA (Personal Information Protection and Electronic Documents Act) — Canada's federal privacy law.
    • GDPR (General Data Protection Regulation) — For users in the European Economic Area, we act as a data processor. Because we do not store personal content, our obligations are minimal by design.
    • CCPA / CPRA (California Consumer Privacy Act) — We do not sell personal information. California residents may exercise their rights by contacting us.

    10. Children's Privacy

    Nuvo is not intended for use by individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect information from children. If we learn that we have collected data from a child, we will delete it promptly.

    11. Cookies & Tracking

    Our website (www.nuvo-hub.com) may use essential cookies required for the site to function (e.g., session management). We do not use:

    • Third-party advertising or tracking cookies
    • Cross-site tracking pixels or beacons
    • Fingerprinting or behavioral profiling technologies

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Services at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Services after any changes constitutes acceptance of the updated policy.

    13. Contact Us

    If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

    Nuvo

    Email: contact@nuvo-hub.com

    Location: Remote, Canada

    We aim to respond to all privacy-related inquiries within 10 business days.