Privacy Policy

This Privacy Policy explains how The Launch Pad LLC (“we,” “us,” “our,” or the “Company”), operating under the Noli AI brand (“Noli” or “Noli AI”), collects, uses, stores, and shares information when you use our websites, our applications, our AI agents, and any related services (the “Services”).

By accessing or using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services. This Privacy Policy is incorporated into our Terms & Conditions by reference.

1. Who we are

Noli AI is a product offered by The Launch Pad LLC. Contact: privacy@noliai.com for privacy matters; hello@noliai.com for general inquiries; security@noliai.com for security matters.

2. Information we collect

2.1 Account information

When you create an account, we collect information necessary to authenticate you and provision the Services: your name, email address, password (stored only as a salted hash, or not stored at all if you use a third-party identity provider such as Google or Apple), workspace name, and any organization details you provide.

2.2 Subscription and billing information

To purchase a subscription, our payment processor (currently Stripe) collects billing information on our behalf, including card or bank details, billing address, and tax identifiers. We don't store full card numbers on our servers; we keep a token plus the last four digits for receipts and renewals. We also store the tier you selected, the subscription start date, the renewal date, and your invoice history.

2.3 Workspace content

To do its job, your AI team needs context about your business. The Services collect, store, and process the content you choose to upload, capture, generate, or connect — including:

• Notes, documents, voice memos, and transcripts captured in Noli KB;
• Customer records, deal pipelines, calls, and follow-ups in Noli CRM;
• Marketing assets, drafts, campaigns, and analytics in Noli AMS;
• Goals, projects, milestones, and reflections in Noli PM;
• Briefings synthesized by the Chief of Staff agent;
• Content from third-party integrations you authorize (e.g., Slack messages, Google Drive files, Gmail, Notion pages, calendars), strictly within the scope you grant.

We refer to the above collectively as “Workspace Content.” Workspace Content is treated as your User Content under our Terms.

2.4 AI interaction data

When you (or another agent) ask an AI agent to do something, we collect and process the prompt, the relevant context retrieved from your Workspace Content, the model's response, and metadata about the interaction (timestamp, tokens used, latency, error states). This allows us to provide the Services, enforce usage limits, debug, and improve quality.

2.5 Usage data

We automatically collect basic information about how you use the Services, including device, browser, IP address, pages and features accessed, performance metrics, and crash diagnostics. We use this to debug, improve performance, prioritize what to build, and detect abuse.

2.6 Communications

When you contact us (email, support form, in-app chat), we keep the communication, your contact details, and any attachments you send, so we can respond and improve our support.

2.7 Cookies and similar technologies

We use cookies and similar technologies for authentication, session management, security, preference storage, and limited analytics. See Section 7 below for details.

3. How we use your information

We use the information we collect to:

• Provide, maintain, secure, and improve the Services;
• Operate AI agents on your behalf, scoped to your own workspace data;
• Route relevant Workspace Content to AI agents through the cross-product memory layer so the agents can coordinate;
• Process payments, manage subscriptions, and send transactional and account communications (which you can't opt out of while your account is active);
• Send product updates, tips, and offers you can opt out of via the unsubscribe link in any such email;
• Enforce our Terms, prevent fraud and abuse, and respond to legal process;
• Comply with legal obligations.

Legal bases under GDPR (if you are in the EEA/UK): performance of a contract (to deliver the Services you purchased); legitimate interests (security, abuse prevention, basic analytics, and improvement of the Services); consent (for marketing emails and non-essential cookies); and legal obligation (compliance, tax, and accounting).

4. AI models and training

4.1 We do not use your data to train AI models

We do not use your User Content, Workspace Content, prompts, or AI Output to train, fine-tune, or otherwise improve any AI model owned or operated by us, nor do we permit our model providers to do so under our enterprise API contracts.

4.2 Third-party model providers

To generate AI Output, the Services route prompts and the relevant context to large language model providers, currently including OpenAI and Anthropic, and may include other comparable providers in the future. We use API tiers under which the provider contractually disallows training on data submitted through the API. If a provider changes those terms in a way that would permit training, we will (a) notify affected customers and (b) seek a comparable alternative provider where commercially feasible.

4.3 Bring Your Own API Key (BYO API Key)

If you elect to provide a BYO API Key, your prompts and context are sent directly to that provider under your account, governed by the provider's terms — not ours. Please review your provider's data-handling and training policies before enabling BYO.

4.4 Aggregated and anonymized data

We may use aggregated and anonymized data — data from which all personal and identifying details have been removed — to publish benchmarks, improve the Services, and report on platform-level trends.

5. When we share information

We don't sell your personal information. We share it with:

5.1 Service providers (sub-processors)

We use trusted vendors to operate the Services. They process personal data only on our behalf, only for the purposes we direct, and under written contracts that include confidentiality and security obligations. We may add or replace sub-processors without notice and at our sole discretion.

5.2 Other workspace members

Information you put into a shared workspace is accessible to other members of that workspace at the access level you grant.

5.3 Aggregated information

We may share aggregated and anonymized data that doesn't identify you with partners, advertisers, or the public.

5.4 Business transfers

If we're involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We'll notify you (e.g., by email and a prominent notice on the Services) of any change in ownership or use of your information.

5.5 Legal requirements

We may disclose information if we believe in good faith it's necessary to: comply with a law, regulation, legal process, or governmental request; enforce our Terms; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, or safety of the Company, our users, or the public.

6. International transfers

The Company, the Platform, and the Services are operated in the United States. Your information may be transferred to, processed, and maintained on servers and systems located outside of your state, province, or country, where the privacy laws may not be as protective as those in your jurisdiction. By using the Services, you consent to such transfer, processing, and storage in the United States and elsewhere.

For transfers from the EEA/UK to the United States, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) where required.

7. Cookies and similar technologies

We use the following categories of cookies and similar technologies:

• Essential — required for authentication, session management, security, and core functionality. These cannot be disabled.
• Preferences — remember your settings (theme, language).
• Analytics — measure how users interact with the Services so we can improve them. Where required, we ask for consent before setting these.

Most browsers let you block or delete cookies via their settings. Blocking essential cookies will break the Services. Authentication cookies are scoped to .noliai.com so a single sign-in works across all our subdomains.

We do not currently respond to the “Do Not Track” browser setting. We do honor opt-outs you make through our preference controls and unsubscribe links.

8. Your choices and rights

8.1 Email preferences

You can unsubscribe from marketing emails at any time using the unsubscribe link in any such email or by contacting privacy@noliai.com. You will continue to receive transactional and account communications (e.g., receipts, security alerts, service notices) while your account is active.

8.2 Access, correction, and deletion

You can access and update most account information directly within the Services. To request a copy, correction, or deletion of personal information beyond what you can change yourself, email privacy@noliai.com. We may need to verify your identity. After deletion, some information may remain in our archives and back-up systems until overwritten or deleted in the ordinary course of business.

8.3 EEA/UK (GDPR) rights

If you are in the EEA/UK, you have the right to: access the personal data we hold about you; correct inaccurate data; request deletion; restrict or object to certain processing; data portability; and where we rely on consent, withdraw your consent at any time. You also have the right to lodge a complaint with your local data protection authority. To exercise these rights, contact privacy@noliai.com.

8.4 California (CCPA / CPRA) rights

California residents have the right to request: (a) access to the categories and specific pieces of personal information we collect; (b) deletion of personal information; (c) correction of inaccurate personal information; (d) information about the categories of third parties with whom we share personal information; and (e) to opt out of any “sale” or “sharing” of personal information for cross-context behavioral advertising. We do not sell personal information as defined by the CPRA, nor do we share it for cross-context behavioral advertising. If this changes, we will update this policy and provide a “Do Not Sell or Share My Personal Information” link.

To exercise California rights, email privacy@noliai.com with “California Privacy Request” in the subject line. We may need to verify your identity. You may use an authorized agent if they provide proof of authorization and we can verify your identity. You will not be discriminated against for exercising these rights.

8.5 Other U.S. state privacy rights

Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others as enacted) may have rights similar to those described above. Contact us at privacy@noliai.com to exercise applicable rights under your state's law.

9. Security

We use industry-standard technical and organizational safeguards designed to protect your information, including encryption in transit (TLS) and at rest, role-based access controls, audit logging, secret management, vendor due diligence, and routine security review. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. We will notify affected users promptly if we become aware of a breach involving their personal information, in accordance with applicable law.

10. Data retention

We retain your information for as long as your account is active or as needed to provide the Services. After you cancel or terminate your account: (a) Workspace Content is retained for thirty (30) days so you may export it, then deleted from active systems; (b) account and billing information is retained for the period required by tax, accounting, and regulatory rules; (c) communications and support records are retained as needed to resolve disputes, enforce agreements, and comply with legal obligations; (d) backups containing your information are deleted in the ordinary course of business as backup tiers expire.

You can request earlier deletion of certain categories of information by emailing privacy@noliai.com; we'll honor the request to the extent we're not required to retain the information by law.

11. Children's privacy

The Services are not intended for, or directed to, anyone under 16 (and, in any event, not under 13). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@noliai.com and we will delete it.

12. External websites and integrations

The Services may contain links to, or allow you to connect, external websites and services not operated by us. We don't control and are not responsible for the privacy practices or content of those third parties. When you authorize an integration (e.g., Slack, Google Drive, Notion, calendar), the third party's privacy policy and terms govern its handling of your data; we receive only the scope of access you grant and use it as described in this Privacy Policy.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, operational, or regulatory reasons. If we make material changes, we will update the “Last updated” date and, where required, provide additional notice (in-app banner, email, or both). Your continued use of the Services after the change takes effect constitutes acceptance.

14. Contact us

Questions, requests, or concerns? Email privacy@noliai.com.

© 2026 Noli AI. All rights reserved. Noli AI is a product offered by The Launch Pad LLC.