Privacy Policy

1. Scope and Roles

This Policy applies to personal information processed by Noverionex in connection with:

• Noverionex CRM — marketing site (getleadforge.io), application (app.noverionex.com), and related CRM features;
• Warden — marketing site (warden.noverionex.com), security monitoring, ingest endpoints, analyst tools, and related integrations;
• Access and billing flows — pricing pages, Stripe checkout, license activation, subscriptions, and support communications.

Controller vs. processor

When Noverionex is the controller. We act as the data controller (or equivalent) for personal information we collect about account holders, access applicants, billing contacts, website visitors to our properties, and individuals who communicate with us for support or operations.

When Noverionex is the processor. When you use Noverionex CRM or Warden to store, analyze, or transmit personal information about your leads, clients, employees, contractors, or website visitors (“Customer Personal Data”), you are the controller (or equivalent) and Noverionex acts as a processor (or service provider) processing that data on your instructions and pursuant to your use of the Services and our Terms of Service.

If you are a data subject whose information was submitted by one of our customers, please contact that customer first. We will assist our customers with lawful requests where required by contract and applicable law.

2. Information We Collect

The categories of personal information we collect depend on how you interact with the Services.

2.1 Account and identity information Noverionex CRM

• Name, email address, and profile image from Google sign-in (where enabled and verified);
• Internal user identifiers, workspace membership, role, and permission settings;
• Optional profile fields you or your workspace administrator provide (job title, phone, department, timezone, bio, location, booking links, and similar workspace member fields).

2.2 Access request information

When you subscribe or check out, we may collect name, email, phone, business name, website, billing address, and plan selections through Stripe or our app pricing flows.

2.3 Billing and subscription information

We use Stripe to process payments. Stripe collects and processes payment card and billing details according to its own privacy policy. We receive limited billing metadata such as customer identifiers, subscription status, plan tier, invoice references, and payment outcome — not full payment card numbers stored on our application servers.

2.4 Customer Content and CRM records Noverionex CRM

As processor, we handle personal information you upload or create in the Services, including lead and contact records (names, emails, phones, companies, notes), messages, imported contact files, Brand Kit assets, Smart Metrics uploads, Team Calendar entries, support tickets, activity logs, and workspace settings you configure.

2.5 Communications and integrations

• Email content and metadata sent through workspace email features (SMTP or connected Gmail, where enabled);
• SMS or telephony metadata if Twilio or similar integrations are configured;
• OAuth tokens and connected-account identifiers for integrations you authorize (for example, Gmail workspace sending).

2.6 Warden security and telemetry data Warden

Where Warden is enabled for your properties, we may collect and process security telemetry including IP addresses, user-agent strings, request routes, timestamps, event types, severity scores, incident metadata, firewall rule actions, threat-intelligence enrichment results, site source identifiers, and related log excerpts submitted through Warden plugins, agents, or ingest APIs. This data may incidentally include personal information about visitors to your monitored websites.

2.7 Usage, diagnostic, and security operations data

• Authentication events, session activity, feature usage, and audit trails;
• IP addresses and device/browser signals used for security, abuse prevention, and workspace moderation (including internal member IP history where enabled);
• Error logs, performance metrics, and operational diagnostics from hosting and application infrastructure.

2.8 AI interaction data

Prompts, messages, and context you submit to AI features (including Zara and Smart Metrics analysis) may be processed to generate responses, summaries, or insights. Do not submit passwords, payment card numbers, or other sensitive secrets into AI features.

2.9 Support and correspondence

Information you provide when contacting us by email, support tickets, or other channels, including attachments and troubleshooting details.

2.10 Marketing website data

Our WordPress marketing sites may collect standard web server logs and, depending on site configuration, cookies or analytics tags from hosting providers or embedded tools.

3. How We Use Information

We use personal information for the following purposes:

1. Provide the Services — authenticate users, operate workspaces, deliver CRM and Warden functionality, generate reports, and fulfill subscriptions.
2. Review and manage access — evaluate access requests, issue license keys, and administer controlled enrollment.
3. Process payments — manage billing, renewals, failed payment handling, and account status.
4. Security and abuse prevention — detect suspicious activity, protect accounts, operate Warden monitoring and mitigation workflows, and maintain platform integrity.
5. Communicate with you — send service notices, security alerts, onboarding messages, support replies, and administrative emails.
6. Improve the Services — troubleshoot, analyze usage trends, develop features, and enhance reliability (using aggregated or de-identified data where practicable).
7. AI features — process prompts and content to provide assistance, analysis, and triage suggestions.
8. Legal and compliance — enforce our terms, respond to lawful requests, protect rights and safety, and maintain records required by law.

We do not sell your personal information. We do not use Customer Personal Data processed as a processor for cross-customer advertising profiles.

4. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

Where applicable privacy law requires a legal basis, we rely on one or more of the following:

• Contract — processing necessary to provide the Services you request or to take steps at your request before entering a contract;
• Legitimate interests — securing the platform, preventing fraud, improving the Services, and communicating about your account, balanced against your rights;
• Consent — where required for optional integrations, certain cookies, or specific communications;
• Legal obligation — compliance with tax, accounting, security, or law-enforcement requirements.

You may withdraw consent where processing is consent-based, without affecting the lawfulness of processing before withdrawal.

5. How We Share Information

We disclose personal information only as described below:

5.1 Service providers and subprocessors

We use trusted vendors who process data on our behalf under contractual safeguards, including providers for:

• Cloud hosting and deployment (for example, Vercel);
• Database and data storage infrastructure;
• Payment processing (Stripe);
• Email delivery (Resend and connected mailbox providers);
• Authentication (Google OAuth);
• File storage (Vercel Blob for Brand Kit and related assets);
• AI model providers (for example, OpenAI for Smart Metrics and related analysis features, where enabled);
• Security and edge services (for example, Cloudflare when Warden blocking or CDN integrations are configured);
• Threat intelligence and enrichment APIs (for example, IP reputation services where configured);
• SMS or telephony providers (for example, Twilio, where configured).

5.2 Within your organization

Information you submit to a workspace may be visible to other Authorized Users according to role permissions you or your administrator configure.

5.3 Legal and safety disclosures

We may disclose information if we believe in good faith that disclosure is necessary to comply with law, respond to lawful requests, protect the rights and safety of Noverionex, our users, or the public, or investigate fraud or security incidents.

5.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred subject to continued protections.

6. Cookies and Similar Technologies

The Noverionex CRM application uses session and authentication cookies (or comparable tokens) necessary to keep you signed in and secure your account. These are essential to operation of the Services.

Our marketing websites may use cookies, local storage, or similar technologies for basic functionality, performance, or optional analytics. See our Cookie Policy for category details and your choices.

On getleadforge.io, a cookie banner lets you accept all cookies or limit use to essential cookies only. Optional analytics tags are not loaded unless you choose “Accept all.” You can control many cookies through your browser settings. Disabling essential cookies may prevent sign-in or certain features from working.

7. AI and Automated Processing

AI features may analyze text, files, security events, or support conversations to produce summaries, recommendations, triage verdicts, or draft responses. Outputs are probabilistic and may be inaccurate. Human review is recommended before taking security, legal, or financial action based on AI results.

We may use de-identified or aggregated interaction data to improve support quality and product reliability. Do not submit special-category or highly sensitive personal data into AI prompts unless you have completed appropriate risk assessment and safeguards.

8. Warden Security Data Warden

Warden processes technical and security-related data to help you monitor and respond to threats against websites and applications you authorize. This may include visitor IP addresses, user agents, requested URLs, authentication failure patterns, plugin integrity signals, and incident timelines.

Your responsibilities. You are responsible for providing privacy notices to individuals whose data may appear in Warden logs, obtaining required consents or establishing appropriate legal bases, configuring retention and access controls, and ensuring monitoring is limited to systems you own or are authorized to protect.

Mitigation actions. If you enable blocking or firewall integrations, actions taken through those providers may affect network traffic to your properties. Noverionex processes related metadata to audit what was blocked, when, and why.

Warden is a security operations tool, not a guarantee of complete protection. See our Terms of Service, Section 12 for additional Warden disclaimers.

9. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

• Account data — retained while your account is active and for a reasonable period afterward to resolve disputes, enforce terms, and comply with legal obligations.
• Customer Content — retained according to your use of the Services and workspace settings; may be deleted or archived after account termination subject to backup cycles.
• Warden telemetry — retained for incident investigation, reporting, and security operations according to operational schedules and plan features; some aggregated metrics may be retained longer in de-identified form.
• Access requests — retained to administer enrollment and business records.
• Billing records — retained as required for tax, accounting, and payment dispute purposes.
• Activity logs — retained for operational and security needs, with older records archived or purged per internal schedules.

You may request deletion subject to applicable law and technical constraints. Backups may persist for a limited period before overwrite.

10. Security

We implement administrative, technical, and organizational measures designed to protect personal information, including access controls, encryption in transit for modern connections, credential management practices, and monitoring of platform security events through Warden and infrastructure tooling.

No method of transmission or storage is completely secure. You are responsible for safeguarding your credentials, license keys, API secrets, integration tokens, and workspace permission settings. Notify us promptly at sales@teamleadforge.io if you suspect unauthorized access.

11. International Transfers

Noverionex is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate. These countries may have data protection laws different from those in your jurisdiction.

Where required, we implement appropriate safeguards for cross-border transfers, such as standard contractual clauses or equivalent mechanisms with subprocessors.

12. Your Privacy Rights

Depending on your location, you may have rights to:

• Access personal information we hold about you;
• Request correction of inaccurate information;
• Request deletion, subject to legal exceptions;
• Object to or restrict certain processing;
• Request portability of information you provided in a structured, commonly used format;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with a supervisory authority.

To exercise rights relating to account data we control, contact sales@teamleadforge.io. We may need to verify your identity before responding. If your request relates to Customer Personal Data processed on behalf of one of our customers, we may direct you to that customer.

We will respond within timeframes required by applicable law.

13. California Privacy Notice

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, may provide additional rights regarding personal information.

Categories collected (last 12 months)

Identifiers (name, email, IP address, account IDs); commercial information (subscription and billing metadata); internet or network activity (usage logs, security telemetry); professional information (business name, job title); and inferences drawn from the above for security and service improvement.

Business purposes

As described in Section 3 of this Policy.

Sale or sharing

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

Your California rights

You may request access, deletion, and correction, and you may not be discriminated against for exercising privacy rights. Submit requests to sales@teamleadforge.io. Authorized agents may submit requests with proof of authorization.

14. Children’s Privacy

The Services are intended for business and professional use and are not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact sales@teamleadforge.io and we will take appropriate steps to delete it.

15. Third-Party Links and Services

The Services may link to third-party websites, plugins, or integrations (for example, Noverionex, Stripe checkout, Google sign-in, Cloudflare dashboards, or customer websites monitored by Warden). We are not responsible for the privacy practices of third parties. Review their policies before providing personal information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy at getleadforge.io/privacy, update the “Last Updated” date, and where appropriate provide additional notice (for example, by email or in-app message). Continued use of the Services after the effective date of changes constitutes acceptance of the updated Policy, except where further consent is required by law.

17. Contact Us

For privacy questions, rights requests, security concerns, or data processing inquiries:

Noverionex — Privacy
Email: sales@teamleadforge.io
Web: noverionex.com
Terms: getleadforge.io/terms

Customers requiring a data processing addendum (DPA) for Noverionex CRM or Warden may request one by email at sales@teamleadforge.io. Noverionex maintains a standard DPA template and subprocessor list for business customers; executed copies are provided upon request.