Legal

Privacy Policy

Last updated: May 2026

1. Data Controller

The data controller for novitor.com is Novitor, founded and operating from Barcelona, Spain. For all data protection enquiries, contact us at info@novitor.com.

2. Data We Collect

We collect the following categories of personal data:

  • Contact and enquiry data: name, email address, company name, and message content submitted via our contact and enterprise enquiry forms.
  • Newsletter subscription data: email address submitted via our Novitor Insights subscription form.
  • Waitlist data: email address submitted via our Platform early access waitlist.
  • Payment data: payment and billing information processed by Stripe when purchasing a paid Novitor Insights subscription. Novitor does not store payment card data — this is handled entirely by Stripe.
  • Usage data: anonymised analytics data collected via Google Analytics 4, subject to your cookie consent.

3. Legal Basis for Processing

  • Contract performance: processing necessary to fulfil a subscription or respond to an enquiry.
  • Legitimate interests: sending transactional emails, maintaining security, and preventing fraud.
  • Consent: analytics tracking via Google Analytics 4, where you have provided explicit consent via our cookie banner.

4. Cookies and Consent

We use Cookiebot to manage cookie consent. When you first visit novitor.com, you will be presented with a cookie banner. Analytics cookies are only activated after you provide explicit consent. You can withdraw or modify your consent at any time via the Cookie Preferences link in the footer.

We use the following cookie categories:

  • Necessary: cookies required for the site to function. These cannot be disabled.
  • Statistics: Google Analytics 4 cookies used to understand how visitors interact with the site. Only activated with your consent.

5. Third-Party Services

We use the following third-party services that may process your personal data:

  • Google Analytics 4— web analytics, subject to consent. Data processed in the EU under Google's data processing terms.
  • Cookiebot (Usercentrics) — cookie consent management. Data processed in the EU.
  • Resend — transactional email delivery. Processes email addresses for the purpose of delivering emails you have requested.
  • Beehiiv — newsletter platform. Processes email addresses and subscription data for Novitor Insights subscribers.
  • Stripe — payment processing. Processes payment and billing data for paid subscriptions. Stripe is PCI DSS compliant.
  • Sentry — error monitoring. May process technical data including IP addresses for the purpose of diagnosing application errors.
  • Axiom — structured logging. Processes anonymised request data for operational monitoring.
  • Vercel — hosting and infrastructure. Processes request data as part of serving the website.

6. Data Retention

  • Contact and enquiry data: retained for 24 months from the date of submission.
  • Newsletter subscription data: retained until you unsubscribe.
  • Payment data: retained by Stripe in accordance with their data retention policy and applicable financial regulations.
  • Analytics data: retained for 14 months in Google Analytics 4.

7. Your Rights

Under the EU General Data Protection Regulation (GDPR), you have the following rights:

  • Access: the right to obtain a copy of the personal data we hold about you.
  • Rectification: the right to correct inaccurate personal data.
  • Erasure: the right to request deletion of your personal data.
  • Portability: the right to receive your personal data in a structured, machine-readable format.
  • Objection: the right to object to processing based on legitimate interests.
  • Restriction: the right to request that we restrict processing of your personal data.

To exercise any of these rights, contact us at info@novitor.com. We will respond within 30 days.

8. Supervisory Authority

You have the right to lodge a complaint with the Spanish data protection authority, the Agencia Española de Protección de Datos (AEPD), at aepd.es. You may also lodge a complaint with the supervisory authority in your country of residence within the EU.

9. Governing Law

This Privacy Policy is governed by the laws of Spain and the EU General Data Protection Regulation (GDPR). Any disputes arising under this policy shall be subject to the jurisdiction of the courts of Barcelona, Spain.

10. Contact

For all data protection enquiries: info@novitor.com