Privacy Policy
NoeticDesk ("we", "us", or "our") is a software platform operated from India.
Website: https://www.noeticdesk.com
Contact: noeticdesk@gmail.com
This Privacy Policy explains how we collect, use, store, and protect information when you use NoeticDesk.
1. INFORMATION WE COLLECT
Information you provide directly:- Full name and email address when creating an account
- Practice name and timezone during onboarding
- Client data you enter: names, contact details, birth dates, birth times, birth locations, session notes, payment records, and follow-up reminders
- Payment information processed by Razorpay — we do not store card numbers or banking credentials
- Messages sent to our support team
- IP address and approximate location
- Browser type, device type, and operating system
- Pages visited, features used, and session duration
- Cookies (see Section 8)
- If you sign in with Google: your name and email from Google per their privacy policy
- From Razorpay: subscription status and payment confirmation
2. HOW WE USE YOUR INFORMATION
We use collected information to:
- Provide, operate, and maintain the NoeticDesk platform
- Process subscriptions and payments through Razorpay
- Send transactional communications: sign-in links, reminders, trial notifications, billing receipts
- Respond to support requests
- Improve the platform based on aggregate usage patterns
- Enforce our Terms of Service and prevent fraud
- Comply with legal obligations in applicable jurisdictions
We do not use your data or your clients' data to train AI or machine learning models. We do not sell your data. We do not share your data for advertising.
3. BIRTH DATA AND SENSITIVE PERSONAL DATA
Birth date, birth time, and birth location when combined may constitute sensitive personal data under applicable laws including GDPR Article 9 (EU/EEA/UK), the DPDP Act 2023 (India), and equivalent legislation.
The legal basis for processing this data is your explicit consent provided when you enter it into the platform, and the performance of the contract between us to provide the Service.
Birth data is stored exactly as entered and is never modified, converted, processed, or interpreted by us in any automated way.
4. CLIENT DATA — YOUR OBLIGATIONS AS DATA CONTROLLER
As a practitioner using NoeticDesk, you are the data controller for your clients' personal data. NoeticDesk is the data processor. You are responsible for:
- Obtaining informed consent from clients before entering their data into NoeticDesk
- Informing clients their data is stored in a third-party platform
- Handling client data access, correction, and deletion requests
- Ensuring your data collection complies with laws in your jurisdiction and your clients' jurisdictions
If a client contacts us directly about their data, we will direct them to you. We will reasonably assist you in meeting your processor obligations upon written request.
5. DATA SHARING AND DISCLOSURE
We share data only with:
Service providers:Supabase (database and auth), Razorpay (payments), Resend (email), Google (OAuth). Each operates under their own privacy policies.
Legal requirements:When required by law, court order, or governmental authority, or when necessary to protect our rights or prevent harm to any person.
Business transfers:If NoeticDesk is acquired or its assets transferred, we will notify you by email before your data becomes subject to a materially different privacy policy. You will have the option to delete your account before any such transfer.
We never share data with advertisers, data brokers, or any party for commercial purposes.
6. DATA STORAGE AND SECURITY
Data is stored on Supabase infrastructure. Service providers may process data in other regions in compliance with applicable transfer regulations.
Security measures:- Row-Level Security (RLS) on database tables
- HTTPS with TLS for all data in transit
- Passwords stored as salted hashes by Supabase Auth; Google OAuth also supported
- Production data access restricted to essential personnel
- Regular security reviews
No electronic transmission is 100% secure. In the event of a data breach likely to result in risk to your rights, we will notify affected users and relevant authorities as required by applicable law.
7. DATA RETENTION
Data is retained while your account is active. On account deletion:
- Access removed immediately
- Data permanently deleted within 30 days
- Backups overwritten in the normal backup rotation cycle thereafter
- Billing and transaction records may be retained as required by applicable financial regulations
You can export your data at any time from Settings → Export my data.
8. COOKIES
Essential cookies:Required for authentication and platform function. These cannot be disabled.
Usage data:Privacy-respecting aggregate usage data only. No personally identifiable information is sold or shared.
We do not use advertising cookies, retargeting pixels, or third-party marketing trackers.
9. YOUR RIGHTS
All users:- Access your data (Settings → Export my data)
- Correct inaccurate data (edit in platform or contact us)
- Delete your account and all data (Settings → Delete my account)
- Withdraw consent at any time
- Data portability in a machine-readable format
- Restrict processing
- Object to processing based on legitimate interests
- Lodge a complaint with your national supervisory authority
- Access information about processing of your personal data
- Correction and erasure of inaccurate or unnecessary data
- Nominate a representative in the event of death or incapacity
- Know what personal information is collected, used, and shared
- Delete personal information
- Opt out of sale or sharing — we do not sell or share personal information for advertising
- Correct inaccurate personal information
- Non-discrimination for exercising these rights
To exercise any right, email noeticdesk@gmail.com. We will respond within a reasonable timeframe and as required by applicable law. Identity verification may be required.
10. EU AND UK LEGAL BASES FOR PROCESSING
For EEA and UK users, our legal bases are:
- Contract performance: Processing necessary to provide the Service
- Legitimate interests: Platform improvement, fraud prevention, security
- Legal obligation: Retaining records as required by law
- Explicit consent: Processing sensitive personal data including birth data
You may withdraw consent at any time without affecting the lawfulness of prior processing.
11. INTERNATIONAL DATA TRANSFERS
Data may be transferred to and processed in India or other countries where our service providers operate. We rely on appropriate safeguards consistent with applicable law for such transfers.
12. DO NOT SELL OR SHARE
We do not sell, rent, or share your personal information with third parties for their commercial purposes.
13. CHILDREN'S PRIVACY
NoeticDesk is not directed at persons under 18. We do not knowingly collect data from minors. If you believe we have done so, please contact noeticdesk@gmail.com.
14. CHANGES TO THIS POLICY
We may update this policy from time to time. Material changes will be notified by email or through the platform before they take effect. Continued use after the effective date constitutes acceptance. The current version is always available at noeticdesk.com/privacy.
15. CONTACT
For support, privacy requests, and legal inquiries, please contact us at noeticdesk@gmail.com.