Privacy Policy
Effective date: 01 January 2026
This Privacy Policy describes how Novek Technology Inc and Novek Limited (together, "Novek", "we", "us", or "our") collect, use, and protect information when you use the Novek mobile application, website, and related products and services (together, the "Services"). By using the Services you agree to the practices described in this policy.
1. Google Play Data Safety Summary
The following summary aligns with the declarations we make in the Google Play Data Safety section for the Services.
- Data is encrypted in transit using TLS 1.2 or higher.
- You can request deletion of your data by contacting us at [email protected].
- We do not sell your personal data to third parties.
- We do not share data with third parties for advertising purposes.
- We do not collect precise or approximate location data.
- We do not use advertising identifiers or cross-app tracking.
2. Data Controller
The data controller responsible for your personal data is:
Novek Limited
[email protected]
Novek Limited determines the purposes and means of processing your personal data.
3. Information We Collect
When you use the Services we collect the following information:
- Account credentials — the username or phone number and the access code you enter to log in.
- Telemetry data — ATM dispensing machine operational data retrieved on your behalf after authentication.
- Device information — device model, operating system version, and a pseudonymous device identifier (such as an application-scoped instance ID) used solely for session management. We do not collect hardware serial numbers, IMEI, or Android Advertising ID.
- Usage logs — timestamps and actions performed within the Services, used to maintain service reliability.
- Local storage — the Services may store an authentication token and session preferences locally on your device to keep you signed in.
We do not collect your precise or approximate location, payment information, contacts, photos, or any data beyond what is necessary to operate the Services.
4. How We Use Your Information
We use the information collected to:
- Authenticate your identity and authorise access to your assigned ATM machine data.
- Display real-time and historical telemetry information within the Services.
- Maintain, improve, and secure the Services and our backend infrastructure.
- Diagnose technical issues and respond to support requests.
- Comply with applicable legal obligations.
5. Legal Basis for Processing
We process your personal data on the following bases:
| Processing activity | Legal basis |
|---|---|
| Authentication & displaying telemetry data | Contractual necessity — processing is required to deliver our core Services to you. |
| Usage logs & device information for reliability and security | Legitimate interests — maintaining service reliability, diagnosing issues, and improving security, where such interests are not overridden by your rights. |
| Retention or disclosure required by law | Legal obligation — processing or retaining data where required by applicable law or regulation. |
| Optional analytics | Consent — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. |
6. Third-Party Services & Sub-Processors
The Services integrate the following third-party services, each of which may collect data as described in their own privacy policies:
| Category | Provider | Data processed |
|---|---|---|
| Cloud infrastructure | Microsoft Azure (UK region) | All data described in Section 3, stored and processed on our behalf under a data processing agreement. Servers are located in the United Kingdom. |
| Application development & technical support | Novek group entities | Access to application data as needed for development, maintenance, and technical support, under an intra-group data processing agreement. |
We do not integrate any advertising SDKs, social-media tracking pixels, or behavioural analytics platforms.
7. Data Storage, Security, and Retention
All data transmitted between the Services and our servers is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent industry-standard encryption. Access to stored data is restricted to authorised personnel only and protected by role-based access controls.
We apply the following retention periods:
| Data category | Retention period |
|---|---|
| Account credentials | Duration of active account + 30 days after deletion request. |
| Telemetry data | Rolling 24-month window from date of collection, unless a shorter period is agreed with your organisation. |
| Device information & usage logs | 12 months from date of collection, then anonymised or deleted. |
If you request deletion of your account, we will remove or anonymise your personal data within 30 days, except where retention is required by applicable law.
8. International Data Transfers
Your data is stored on servers located in the United Kingdom. It may be accessed from other countries by authorised personnel — including our group entity in Kenya — for the purposes described in this policy. Where personal data is accessed internationally, we ensure appropriate safeguards are in place, including data processing agreements that require all recipients to protect your data to a standard consistent with this policy.
You may request details of the safeguards we apply by contacting us at [email protected].
9. Sharing of Information
We do not sell, trade, or rent your personal information to third parties. We may disclose your information only in the following circumstances:
- When required by applicable law, regulation, or a valid legal process.
- To protect the rights, property, or safety of Novek, our users, or the public.
- To trusted service providers acting on our behalf (see Section 6), who are bound by data processing agreements and confidentiality obligations.
10. Your Rights
Depending on applicable law in your jurisdiction, you may have the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of your personal data.
- Request restriction of processing or object to processing based on legitimate interests.
- Request data portability — receive your data in a structured, machine-readable format.
- Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days, or sooner where required by law.
11. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay, unless an exception under applicable law applies.
12. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects concerning you.
13. Children's Privacy
The Services are intended for use by business professionals and are not directed at children. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have inadvertently collected data from a child, we will take prompt steps to delete that information. If you believe a child has provided us with personal data, please contact us at [email protected].
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. Where changes are material — for example, a new processing purpose, a change in legal basis, or the introduction of a new sub-processor — we will notify you via the Services or by email at least 30 days before the changes take effect and, where required by applicable law, seek your renewed consent before applying the changes.
15. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at:
Novek Technology Inc / Novek Limited
[email protected]