NovaBod

Privacy Policy

Effective Date: April 1, 2025  |  Last Updated: April 1, 2025

This Privacy Policy explains how Rex Ventures Group LLC (“Company,” “we,” “us,” or “our”), the operator of NovaBod (novabod.io), collects, uses, shares, and protects your personal information when you use our website and subscription services (collectively, the “Service”). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you register, subscribe, or contact us, we may collect:

  • Name and email address
  • Billing and payment information (processed by third-party payment processors — we do not store full card numbers)
  • Health and wellness data you voluntarily provide during onboarding (e.g., age, weight, height, dietary preferences, health goals)
  • Communications you send to our support team

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information, including:

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages visited, time spent on pages, and referring URLs
  • Clickstream data and interaction events

1.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to operate and improve our Service. These include:

  • Strictly Necessary Cookies: Required for core functionality such as session management and secure login.
  • Functional Cookies: Remember your preferences and settings across visits.
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
  • Advertising/Targeting Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (e.g., Meta Pixel, Google Ads).

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and personalize the NovaBod Service
  • Process payments and manage your subscription
  • Send transactional emails (receipts, renewal notices, account updates)
  • Send marketing communications where you have opted in (you may opt out at any time)
  • Analyze usage patterns to improve our products and user experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the Service you subscribed to.
  • Legitimate Interests: Analytics, fraud prevention, and service improvement.
  • Consent: Marketing communications and non-essential cookies (you may withdraw consent at any time).
  • Legal Obligation: Compliance with applicable laws and regulations.

4. Sharing Your Information

We do not sell your personal information. We may share your data with:

  • Payment Processors: To securely process subscription payments (e.g., Stripe). These processors are PCI-DSS compliant.
  • Analytics Providers: Such as Google Analytics, to help us understand usage patterns.
  • Email Service Providers: To send transactional and marketing emails on our behalf.
  • Advertising Platforms: Such as Meta and Google, for targeted advertising (subject to your cookie preferences).
  • Legal Authorities: When required by law, court order, or to protect our legal rights.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or part of our business.

All third-party service providers are contractually required to protect your data and use it only for the purposes we specify.

5. Your Privacy Rights

5.1 Rights Under GDPR (EEA/UK Users)

If you are located in the EEA or UK, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your personal data (“right to be forgotten”)
  • Restrict or object to certain processing activities
  • Data Portability — receive your data in a structured, machine-readable format
  • Withdraw Consent at any time where processing is based on consent

5.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

California residents may also submit a “Shine the Light” request to learn about personal information shared with third parties for their direct marketing purposes.

5.3 How to Exercise Your Rights

To exercise any of the rights above, please contact us at [email protected]. We will respond to verifiable requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We may also retain certain information as required by law or for legitimate business purposes such as fraud prevention and dispute resolution. When data is no longer needed, we securely delete or anonymize it.

7. International Data Transfers

Rex Ventures Group LLC is based in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate. We implement appropriate safeguards (such as Standard Contractual Clauses) to protect your data during such transfers.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take steps to delete it.

9. Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last Updated” date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: