Privacy Policy

1. Who We Are

Novalyx Web ("we," "us," or "our") is a B2B web design agency providing web app development, Shopify web development, AI automation, and SEO services. We operate the website novalyxweb.com (the "Site").

For the purposes of applicable data protection law, Novalyx Web is the data controller responsible for your personal data collected through this Site.

Contact: contact@novalyxweb.com

2. Data We Collect

We collect data in two ways: information you provide directly and information collected automatically.

Information You Provide

• Name and email address (via contact and audit request forms)
• Company name, website URL, and phone number (optional, form fields)
• Project details, messages, and service preferences you submit
• Any attachments or files you voluntarily share with us

Information Collected Automatically

• IP address and approximate geographic location (country/city level)
• Browser type, operating system, and device type
• Pages visited, time on site, and referral source
• Cookies and similar tracking technologies (see Section 5)

We do not collect sensitive personal data (e.g., health information, financial data, government ID numbers).

3. How We Use Your Data

We use collected data strictly for legitimate business purposes:

• To respond to your project inquiries and audit requests
• To deliver contracted services (web development, SEO, automation)
• To send transactional emails directly related to your request
• To improve the Site's performance, content, and user experience
• To analyze traffic patterns and optimize our marketing (in aggregate, anonymized form)
• To comply with legal obligations

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases:

• Contractual necessity — to fulfil a service agreement when you engage us for a project
• Legitimate interests — to respond to inquiries and improve our Site, where those interests are not overridden by your rights
• Consent — for optional marketing communications, where you have expressly opted in
• Legal obligation — where we must retain or disclose data to comply with applicable law

5. Cookies

Our Site uses cookies to function correctly and to understand how visitors use it. Cookies are small text files stored on your device.

Types of Cookies We Use

• Essential cookies — required for the Site to function (e.g., form submission tokens). Cannot be disabled.
• Analytics cookies — help us understand traffic and usage patterns (e.g., Google Analytics, if enabled). These are anonymized where possible.
• Preference cookies — remember settings you have chosen (e.g., language or region).

You can control or disable non-essential cookies through your browser settings. Note that disabling cookies may affect some Site functionality. Most browsers also allow you to delete existing cookies at any time.

6. Third-Party Services

We use a limited number of trusted third-party services to operate our Site and deliver services:

• Formspree — processes contact form submissions on our behalf. Data is transmitted securely and subject to Formspree's own privacy policy.
• Google Fonts — loads typefaces from Google's CDN. Google may collect limited technical data; see Google's privacy policy.
• Cloudflare / CDN providers — may be used for performance and security; logs are handled per their data processing agreements.
• Analytics providers (if and when enabled) — aggregated, anonymized usage data only.

All third-party processors are bound by data processing agreements and are required to handle your data in compliance with applicable privacy law. We do not grant them permission to use your data for their own marketing.

7. Data Retention

We retain your personal data only for as long as necessary for the purpose for which it was collected:

• Form inquiry data: retained for up to 2 years from the date of submission, or for the duration of any resulting client relationship
• Client project data: retained for the duration of the engagement plus 5 years for legal and accounting compliance
• Anonymous analytics data: retained per the analytics provider's standard retention settings (typically 14 months for Google Analytics)

Upon expiry, data is securely deleted or irreversibly anonymized.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements
• Right to restriction — request that we limit how we process your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, email us at contact@novalyxweb.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you specific rights:

• Right to know — what personal information we collect, use, disclose, and sell (we do not sell personal information)
• Right to delete — request deletion of personal information we have collected, subject to exceptions
• Right to opt out of sale — we do not sell personal information and have no opt-out requirement
• Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights
• Right to correct — request correction of inaccurate personal information we maintain about you

To submit a California privacy request, contact us at contact@novalyxweb.com with the subject line "CCPA Request."

10. Security

We implement commercially reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include HTTPS encryption, access controls, and secure form handling via trusted third-party processors.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. If you believe your data has been compromised, please contact us immediately at contact@novalyxweb.com.

11. Children's Privacy

Our Site and services are directed exclusively at businesses and adults aged 18 and over. We do not knowingly collect personal data from children under the age of 13 (or 16 in the EEA). If you believe a child has provided us with personal data, please contact us immediately and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page.

We encourage you to review this Policy periodically. Your continued use of our Site after changes are posted constitutes your acceptance of the updated Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

• Email: contact@novalyxweb.com
• Website: novalyxweb.com

We are committed to resolving any privacy concerns promptly and transparently.