Beta Release: Features may change. Not for production use or sensitive data. Learn more

← Back
Nova Nova - Universal Agent Forge

Privacy Notice

Version 1.0 · Last updated: May 2026

Important Beta Privacy Warning

Nova is an active beta product. Do not upload production, regulated, or highly sensitive personal data. Some compliance-level controls are still in progress.

1. Scope

This notice explains how Nova handles account, usage, and integration data in the current beta environment. It applies to the web apps and APIs operated for Nova beta.

2. Data We Process

Depending on features you use, Nova may process:

  • Account and identity data (name, email, tenant, role, auth metadata).
  • Authentication/session data (access and refresh token records, login events).
  • Agent/workflow data (prompts, workflow configs, execution state, results).
  • Usage and billing telemetry (tokens, compute time, execution counts, credit usage).
  • Integration data for connected services (OAuth connection metadata and encrypted tokens).
  • Operational and security logs (audit entries, API and system events).

3. Why We Process It

  • To authenticate users and secure sessions.
  • To run agent and workflow executions requested by your tenant.
  • To support approvals, auditability, and incident investigation.
  • To meter usage and produce billing/credit records.
  • To operate, debug, and improve reliability of the beta platform.

4. Data Storage and Protection (Current State)

  • Nova is deployed on AWS (ECS, RDS PostgreSQL, Redis, Secrets Manager).
  • Infrastructure secrets are stored in AWS Secrets Manager.
  • User OAuth tokens and user LLM/API credentials are stored encrypted in PostgreSQL.
  • Encryption/decryption is handled by Nova services at execution time.
  • Authentication uses JWT access/refresh token flows.

5. Tenant Isolation

Nova is designed as a multi-tenant system using tenant scoping and row-level security patterns. Service and repository layers are intended to enforce tenant boundaries on data access.

6. Third-Party Providers and AI Models

If you connect providers (for example OAuth integrations or external LLM providers), data needed to execute your workflows may be sent to those third parties. Their privacy, retention, and security terms are controlled by those providers, not Nova.

7. Known Risks and Current Gaps

The following risks are important and should be considered before use:

  • Nova is still in beta; bugs or design changes may affect data integrity, retention, or availability.
  • Compliance-level behavior (for example HIPAA/GDPR/SOC2-specific enforcement) is not fully implemented yet and is tracked as pre-launch work.
  • AI outputs can be incorrect or unstable; users must review outputs before using them for real-world decisions.
  • Connected tools and integrations can perform actions in external systems if configured with sufficient permissions.
  • During beta operations, administrators and engineers may need to inspect logs and execution metadata for support and security response.

8. What You Should Avoid Uploading

  • Protected health information (PHI).
  • Highly sensitive customer records or regulated personal data sets.
  • Unredacted secrets, production keys, or credentials in prompts.
  • Data where loss, leakage, or model output errors would create legal or safety harm.

9. Contact

For privacy questions, requests, or concerns, contact nova@roaiq.com.

← Back to Sign Up