Privacy Policy

1. Introduction

NoLog ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you visit our website nolog.dev or use our services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

NoLog
Email: jonathandanielsoftware@gmail.com
Website: https://nolog.dev

3. What Personal Data We Collect

We collect the following personal data:

• Contact Form Data: Name, email address, product interest, and any message you provide
• Account Data: Email address, name, and authentication credentials when you create an account
• OAuth Integration Data: Access tokens from third-party services (Jira, Slack, Teams, Google Meet, Zoom) that you authorize
• Meeting Data: Transcriptions and metadata from meetings you record
• Usage Data: Information about how you use our services
• Communication Data: Records of our communications with you

4. Legal Basis for Processing

We process your personal data based on:

• Consent: When you submit our contact forms or authorize OAuth integrations
• Legitimate Interest: To respond to your inquiries and provide our services
• Contract Performance: To fulfill our obligations when providing services

5. How We Use Your Data

We use your personal data to:

• Respond to your inquiries and provide customer support
• Provide information about our products and services
• Process meeting transcriptions and create Jira tickets
• Integrate with third-party services you authorize (Jira, Slack, Teams, Google Meet, Zoom)
• Improve our website and services
• Comply with legal obligations
• Send marketing communications (only with your consent)

6. Data Sharing and Recipients

We may share your data with:

• Web3Forms: Our form processing service (for contact form submissions)
• OAuth Providers: Third-party services you authorize (Jira, Slack, Microsoft Teams, Google, Zoom)
• Service Providers: Third-party providers who help us operate our website and services
• Legal Authorities: When required by law or to protect our rights

We do not sell, rent, or trade your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Certification schemes

8. Data Retention

We retain your personal data for:

• Contact Form Data: 3 years from last contact
• Account Data: Duration of account plus 1 year after deletion
• Meeting Transcriptions: Until you delete them or close your account
• OAuth Tokens: Until you revoke authorization or close your account
• Marketing Communications: Until you unsubscribe
• Legal Requirements: As required by applicable law

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at: jonathandaniel@nolog.dev

10. Authentication and Session Management

Our application uses JWT (JSON Web Token) authentication with Bearer tokens. We do not use cookies for authentication. Instead:

• Authentication tokens are stored in your browser's local storage
• Tokens are sent via HTTP Authorization headers
• Tokens expire after 30 days for security
• You can revoke access by logging out, which clears your local token

OAuth integrations with third-party services (Jira, Slack, Teams, Google, Zoom) may use their own cookies and session management as governed by their respective privacy policies.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit and at rest
• JWT-based authentication with secure token handling
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• OAuth tokens stored securely with encryption

12. Data Retention and Deletion

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Contact Form Data: Retained for 2 years to follow up on inquiries and provide support
• Service Usage Data: Retained for the duration of your service subscription plus 1 year for account management
• Marketing Communications: Until you unsubscribe or withdraw consent
• Legal Compliance: Some data may be retained longer when required by law

Automated Deletion: We have implemented automated systems to delete personal data when retention periods expire. You can also request immediate deletion of your data by contacting us.

Right to Erasure: You have the right to request deletion of your personal data at any time. We will comply within 30 days unless we have a legal obligation to retain certain information.

13. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date.

15. Contact Information

For any questions about this Privacy Policy or our data practices, contact us:

• Email: jonathandaniel@nolog.dev
• Website: https://nolog.dev

16. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.