Privacy Policy

Last updated: September 10, 2025

Introduction

Notenugget ("we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information. This Privacy Policy describes our practices concerning the information we collect through our website and services, and your rights and choices regarding that information.

By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information you provide directly to us, information we obtain automatically when you use our services, and information from third parties. This includes:

Personal Information

  • Account information (name, email address, company name, job title)
  • Contact information and communication preferences
  • Billing and payment information (processed securely through third-party providers)
  • Profile information and preferences

Email and Calendar Data

  • Email metadata including sender information, subject lines, timestamps, and message threading
  • Out-of-office message content and auto-reply configurations
  • Calendar event details including meeting information, attendees, and scheduling data
  • Email composition and follow-up scheduling preferences

Usage and Technical Information

  • Device information including IP address, browser type, and operating system
  • Usage analytics including feature interactions and service performance metrics
  • Log data including access times, pages viewed, and error reports
  • Cookies and similar tracking technologies as described in our Cookie Policy

2. How We Use Your Information

We use the information we collect for legitimate business purposes, including:

Service Delivery

  • Processing and analyzing out-of-office emails to detect absence periods
  • Creating automated follow-up reminders and calendar events
  • Generating email draft suggestions and scheduling follow-up communications
  • Providing customer support and technical assistance

Service Improvement

  • Enhancing our machine learning algorithms and detection capabilities
  • Analyzing usage patterns to improve user experience and feature development
  • Conducting research and development for new products and services
  • Performing quality assurance and security monitoring

Communications

  • Sending service updates, security notifications, and account information
  • Providing marketing communications (with your consent where required)
  • Responding to your inquiries and providing customer support
  • Sending surveys and feedback requests to improve our services

3. Data Security and Protection

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

  • Advanced 256-bit AES encryption for data in transit and at rest
  • Multi-factor authentication and secure access controls
  • Regular security audits and penetration testing by third-party security firms
  • Automated threat detection and monitoring systems

Organizational Safeguards

  • SOC 2 Type II certified infrastructure and operations
  • Strict employee access controls with role-based permissions
  • Regular security training and awareness programs for all staff
  • Incident response procedures and breach notification protocols

Compliance

  • GDPR (General Data Protection Regulation) compliance for EU residents
  • CCPA (California Consumer Privacy Act) compliance for California residents
  • Regular compliance audits and policy updates
  • Data processing agreements with all third-party vendors

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information in the following limited circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our business and providing services to you. These providers have access to personal information only to perform specific tasks on our behalf and are contractually obligated to maintain confidentiality and security.

Legal Requirements

We may disclose information when required by law, such as in response to valid legal process, government requests, or to protect our rights, privacy, safety, or property.

Business Transfers

In the event of a merger, acquisition, or sale of business assets, user information may be transferred as part of the transaction, subject to equivalent privacy protections.

5. Your Rights and Choices

You have significant control over your personal information and how we use it:

Access and Portability

  • Request access to your personal data and information about how we process it
  • Obtain a copy of your data in a structured, machine-readable format
  • Transfer your data to another service provider where technically feasible

Correction and Deletion

  • Update or correct inaccurate personal information
  • Request deletion of your personal data (subject to legal retention requirements)
  • Withdraw consent for processing where consent is the legal basis

Communication Preferences

  • Opt out of marketing communications at any time
  • Choose your notification preferences for service updates
  • Manage cookie preferences through browser settings

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframes required by applicable law.

6. Data Retention

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  • Account information: Retained while your account is active and for up to 7 years after account closure
  • Email and calendar data: Processed and retained only as long as necessary for service delivery
  • Usage data and analytics: Retained for up to 3 years for service improvement purposes
  • Communication records: Retained for up to 5 years for customer support and legal compliance

7. International Data Transfers

Our services are operated from the United States, and your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses for transfers to countries without adequacy decisions
  • Certification under applicable privacy frameworks
  • Implementation of appropriate technical and organizational measures

8. Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on our website with a new "Last updated" date
  • Notify you via email or through our services if the changes are significant
  • Provide a summary of key changes where appropriate

Your continued use of our services after the effective date of the updated policy constitutes acceptance of the changes.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Support: support@intake44.com

For EU residents, you also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.