Vesper by Novus
Sign in Start free
Back to home

Privacy Policy

Last updated: May 1, 2026 Effective: May 1, 2026

This Privacy Policy describes how Novus ("Novus", "we", "us", "our") collects, uses, and shares personal information when you use our website and Service. If you are an end-recipient of communications sent through our Service by one of our customers, see Section 3.

1. Information We Collect

Account information you provide when registering: name, work email, company, role, password (hashed).

Customer Data you upload or generate while using the Service, including prospect lists, message templates, sequences, AI prompts, and connected-tool credentials (stored encrypted at rest).

Usage data collected automatically: IP address, browser, device, pages viewed, feature interactions, timestamps, and error logs.

Cookies and similar technologies for session management, security, and product analytics. See Section 7.

Third-party data when you authorize integrations (e.g., HubSpot contacts, Apollo enrichment, Calendly bookings). We receive only what you authorize.

2. How We Use Information

We use personal information to:

  • provide, maintain, and improve the Service;
  • authenticate users and prevent fraud or abuse;
  • communicate with you about your account, security, and product updates;
  • generate aggregated analytics and benchmarks (de-identified);
  • comply with legal obligations and enforce our Terms.

We do not sell personal information. We do not train shared AI models on your Customer Data; AI inference is performed via our LLM provider, Oaktree Labs, under contractual data-handling restrictions that prohibit using your data for model training.

3. Personal Information of Recipients

If you receive an outbound communication sent through our Service, your information was provided to us by one of our customers acting as the data controller. Direct opt-out, access, or deletion requests to that customer in the first instance. We will assist them in honoring valid requests. To contact us directly: privacy@novusasi.com.

4. Sharing

We share personal information with:

  • Sub-processors that help us deliver the Service (hosting, email infrastructure, AI inference, analytics, customer support). A current list is available on request to legal@novusasi.com and is referenced in our DPA.
  • Integrations you authorize (e.g., your CRM).
  • Legal and safety recipients when required by law, subpoena, or to protect rights and safety.
  • Successors in the event of a merger, acquisition, or asset sale, subject to this Policy.

Where GDPR applies, we rely on: contract performance (to provide the Service), legitimate interests (to secure and improve the Service), consent (where required, e.g., certain cookies), and legal obligation. You may object to or withdraw consent at any time as described in Section 8.

6. International Transfers

We may transfer personal information to the United States or other countries where we and our sub-processors operate. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or another approved transfer mechanism. See the DPA for details.

7. Cookies

We use strictly-necessary cookies for session and security, and limited analytics cookies to understand product usage. You can control cookies through your browser settings. We do not use cross-site advertising trackers.

8. Your Rights

Depending on your location, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to lodge a complaint with a supervisory authority. Submit requests to privacy@novusasi.com. We will respond within the timeframes required by applicable law.

California residents: please contact privacy@novusasi.com to exercise your CCPA/CPRA rights or to request additional information about how we handle California consumer personal information. We do not sell personal information and do not share personal information for cross-context behavioral advertising.

9. Data Retention

We retain personal information for as long as your account is active and as needed to provide the Service. After account closure, we delete or de-identify Customer Data within 90 days, except where retention is required for legal, accounting, or security purposes.

10. Security

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, audit logging, and regular security reviews. No system is perfectly secure; report concerns to security@novusasi.com.

11. Children

The Service is not directed to individuals under 16. We do not knowingly collect information from children.

12. Changes

We may update this Policy from time to time. Material changes will be communicated via email or in-product notice. The "Last updated" date above reflects the most recent revision.

13. Contact

Novus General: legal@novusasi.com Privacy / data subject requests: privacy@novusasi.com Security: security@novusasi.com

EU/UK Representative: Not currently appointed. Contact privacy@novusasi.com for any data protection questions; we will route to an appropriate party. Data Protection Officer: Not currently appointed. Contact privacy@novusasi.com for any data protection questions.