NoeticDesk

Privacy Policy

Effective date: June 12, 2026 · Last updated: June 19, 2026

NoeticDesk ("we", "us", or "our") is a software platform operated from India.

Website: https://www.noeticdesk.com
Contact: noeticdesk@gmail.com

This Privacy Policy explains how we collect, use, store, and protect information when you use NoeticDesk.

1. INFORMATION WE COLLECT

Information you provide directly:
  • Full name and email address when creating an account
  • Practice name and timezone during onboarding
  • Client data you enter: names, contact details, birth dates, birth times, birth locations, session notes, payment records, and follow-up reminders
  • Payment information processed by Razorpay — we do not store card numbers or banking credentials
  • Messages sent to our support team
Information collected automatically:
  • IP address and approximate location
  • Browser type, device type, and operating system
  • Pages visited, features used, and session duration
  • Cookies (see Section 8)
From third parties:
  • If you sign in with Google: your name and email from Google per their privacy policy
  • From Razorpay: subscription status and payment confirmation

2. HOW WE USE YOUR INFORMATION

We use collected information to:

  • Provide, operate, and maintain the NoeticDesk platform
  • Process subscriptions and payments through Razorpay
  • Send transactional communications: sign-in links, reminders, trial notifications, billing receipts
  • Respond to support requests
  • Improve the platform based on aggregate usage patterns
  • Enforce our Terms of Service and prevent fraud
  • Comply with legal obligations in applicable jurisdictions

We do not use your data or your clients' data to train AI or machine learning models. We do not sell your data. We do not share your data for advertising.

3. BIRTH DATA AND SENSITIVE PERSONAL DATA

Birth date, birth time, and birth location when combined may constitute sensitive personal data under applicable laws including GDPR Article 9 (EU/EEA/UK), the DPDP Act 2023 (India), and equivalent legislation.

The legal basis for processing this data is your explicit consent provided when you enter it into the platform, and the performance of the contract between us to provide the Service.

Birth data is stored exactly as entered and is never modified, converted, processed, or interpreted by us in any automated way.

4. CLIENT DATA — YOUR OBLIGATIONS AS DATA CONTROLLER

As a practitioner using NoeticDesk, you are the data controller for your clients' personal data. NoeticDesk is the data processor. You are responsible for:

  • Obtaining informed consent from clients before entering their data into NoeticDesk
  • Informing clients their data is stored in a third-party platform
  • Handling client data access, correction, and deletion requests
  • Ensuring your data collection complies with laws in your jurisdiction and your clients' jurisdictions

If a client contacts us directly about their data, we will direct them to you. We will reasonably assist you in meeting your processor obligations upon written request.

5. DATA SHARING AND DISCLOSURE

We share data only with:

Service providers:Supabase (database and auth), Razorpay (payments), Resend (email), Google (OAuth). Each operates under their own privacy policies.

Legal requirements:When required by law, court order, or governmental authority, or when necessary to protect our rights or prevent harm to any person.

Business transfers:If NoeticDesk is acquired or its assets transferred, we will notify you by email before your data becomes subject to a materially different privacy policy. You will have the option to delete your account before any such transfer.

We never share data with advertisers, data brokers, or any party for commercial purposes.

6. DATA STORAGE AND SECURITY

Data is stored on Supabase infrastructure. Service providers may process data in other regions in compliance with applicable transfer regulations.

Security measures:
  • Row-Level Security (RLS) on database tables
  • HTTPS with TLS for all data in transit
  • Passwords stored as salted hashes by Supabase Auth; Google OAuth also supported
  • Production data access restricted to essential personnel
  • Regular security reviews

No electronic transmission is 100% secure. In the event of a data breach likely to result in risk to your rights, we will notify affected users and relevant authorities as required by applicable law.

7. DATA RETENTION

Data is retained while your account is active. On account deletion:

  • Access removed immediately
  • Data permanently deleted within 30 days
  • Backups overwritten in the normal backup rotation cycle thereafter
  • Billing and transaction records may be retained as required by applicable financial regulations

You can export your data at any time from Settings → Export my data.

8. COOKIES

Essential cookies:Required for authentication and platform function. These cannot be disabled.

Usage data:Privacy-respecting aggregate usage data only. No personally identifiable information is sold or shared.

We do not use advertising cookies, retargeting pixels, or third-party marketing trackers.

9. YOUR RIGHTS

All users:
  • Access your data (Settings → Export my data)
  • Correct inaccurate data (edit in platform or contact us)
  • Delete your account and all data (Settings → Delete my account)
  • Withdraw consent at any time
EU / EEA / UK (GDPR / UK GDPR):
  • Data portability in a machine-readable format
  • Restrict processing
  • Object to processing based on legitimate interests
  • Lodge a complaint with your national supervisory authority
India (DPDP Act 2023):
  • Access information about processing of your personal data
  • Correction and erasure of inaccurate or unnecessary data
  • Nominate a representative in the event of death or incapacity
California (CCPA / CPRA):
  • Know what personal information is collected, used, and shared
  • Delete personal information
  • Opt out of sale or sharing — we do not sell or share personal information for advertising
  • Correct inaccurate personal information
  • Non-discrimination for exercising these rights

To exercise any right, email noeticdesk@gmail.com. We will respond within a reasonable timeframe and as required by applicable law. Identity verification may be required.

10. EU AND UK LEGAL BASES FOR PROCESSING

For EEA and UK users, our legal bases are:

  • Contract performance: Processing necessary to provide the Service
  • Legitimate interests: Platform improvement, fraud prevention, security
  • Legal obligation: Retaining records as required by law
  • Explicit consent: Processing sensitive personal data including birth data

You may withdraw consent at any time without affecting the lawfulness of prior processing.

11. INTERNATIONAL DATA TRANSFERS

Data may be transferred to and processed in India or other countries where our service providers operate. We rely on appropriate safeguards consistent with applicable law for such transfers.

12. DO NOT SELL OR SHARE

We do not sell, rent, or share your personal information with third parties for their commercial purposes.

13. CHILDREN'S PRIVACY

NoeticDesk is not directed at persons under 18. We do not knowingly collect data from minors. If you believe we have done so, please contact noeticdesk@gmail.com.

14. CHANGES TO THIS POLICY

We may update this policy from time to time. Material changes will be notified by email or through the platform before they take effect. Continued use after the effective date constitutes acceptance. The current version is always available at noeticdesk.com/privacy.

15. CONTACT

For support, privacy requests, and legal inquiries, please contact us at noeticdesk@gmail.com.