NotientAI ("NotientAI", "we", "us") operates the website notientai.com and the embedded social-proof widget script available at cdn.notientai.com. This Privacy Policy explains what data we collect when you use NotientAI as a customer or when a NotientAI widget is shown to you on a third-party website, why we collect it, and how it is stored.
1. Data we collect from NotientAI customers
When you sign up for an account, we store:
- Email address, name, and authentication identifiers (handled by Supabase Auth).
- Billing details collected by our payment processor (Dodo Payments). We never store full card numbers — we receive only the last four digits and a tokenised reference.
- Sites, widgets, and configuration you create inside the dashboard.
- Usage metrics (notification counts, event totals) needed to enforce plan limits.
2. Data we collect from end-visitors of customer sites
The NotientAI embed script (embed.js) runs on websites operated by our customers. When it loads, it may collect:
- Anonymous session identifier (random, no cookies set across domains).
- Approximate country and city derived from the visitor's IP via IPInfo. IPs are never stored.
- Page URL, device type (desktop / mobile), and timestamp of widget impressions and dismissals.
- Optional heatmap events (clicks and scroll depth, expressed as percentages — no pixel-perfect tracking).
- Email addresses voluntarily entered by visitors into spin-wheel or quiz widgets.
We do not collect personal names, IP addresses, browser fingerprints, or device identifiers from end-visitors. We do not sell or share this data with third parties.
3. How we use the data
- To deliver the service (display widgets, count notifications, generate analytics).
- To send transactional emails (welcome, trial reminders, payment receipts) via Resend.
- To generate AI insights via Anthropic Claude. Only aggregate, anonymous performance metrics are sent — never personally identifiable information.
- To prevent fraud and abuse (e.g. enforcing rate limits).
4. Data storage and security
All customer and event data is stored in Supabase (PostgreSQL, EU region)with row-level security. Backups are taken daily. Caching for widget configuration is handled by Upstash Redis with a 60-second TTL. Communication is end-to-end TLS-encrypted.
5. Data retention
- Account data: kept while your account is active and deleted within 30 days of cancellation.
- Widget impression events: kept for 90 days, then aggregated and anonymised.
- Heatmap events: kept for 30 days.
- Invoices: kept for 7 years for tax compliance.
6. Your rights
You can request access, correction, export, or deletion of your personal data at any time by emailing hello@notientai.com. We respond within 7 working days.
7. Cookies
NotientAI uses essential session cookies on app.notientai.com and notientai.com for authentication. The embed widget does not set cookies on customer websites — it uses sessionStorage only, scoped to the host page.
8. Third-party processors
- Supabase — database & authentication
- Vercel — hosting
- Anthropic — AI inference (Claude)
- Dodo Payments — global payment processing
- Resend — transactional email
- IPInfo — geo-IP lookup
- Upstash — Redis cache
9. Children
NotientAI is not intended for children under 16 years of age.
10. Changes to this policy
We may update this policy from time to time. Material changes will be announced via email at least 14 days before they take effect.
11. Contact
Questions? Write to hello@notientai.com.