Legal

Privacy Policy

This Privacy Policy explains how Novella collects, uses, and protects personal data when you visit www.novellahq.com, use app.novellahq.com, or interact with our customer feedback platform.

Last updated: 12 December 2025
Contact: privacy@novellahq.com

Novella ("we", "our", or "us") values your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit www.novellahq.com, use our application at app.novellahq.com, or otherwise interact with Novella’s customer feedback platform (the "Services").

This policy is written in accordance with the EU General Data Protection Regulation (GDPR).

1. Who we are

Novella is a customer feedback platform that helps organizations collect, analyze, and act on feedback from their customers.

Data controller (for website visitors and Novella account users):

NovellaHQ
The Netherlands
Email: privacy@novellahq.com

For feedback submitted via Novella on behalf of one of our customers, the customer is the data controller and Novella acts as a data processor.

2. Personal data we collect

We collect different types of personal data depending on how you interact with Novella.

2.1 Website visitors

When you visit our website, we may collect:

  • IP address
  • Device and browser information
  • Pages visited and referring URLs
  • Cookie and tracking data (see section 6)

2.2 Account users (customers)

If you create or use a Novella account, we may collect:

  • Name
  • Business email address
  • Company name
  • Role or job title
  • Login credentials (encrypted)
  • Usage data within the application

2.3 Feedback respondents (end users)

When you submit feedback via Novella (for example via email surveys or website widgets), we may process:

  • Email address or other identifiers provided by the customer
  • Feedback responses (e.g. NPS, CSAT, CES, open text)
  • Metadata such as timestamp, page URL, device type

The exact data collected depends on how the customer configures their feedback surveys.

3. How we use personal data

We use personal data for the following purposes:

  • To provide and operate the Services
  • To authenticate users and manage accounts
  • To collect and display feedback results
  • To improve our platform and user experience
  • To communicate with users about service-related matters
  • To comply with legal and regulatory obligations

We do not sell personal data.

We process personal data based on one or more of the following legal grounds:

  • Performance of a contract – when data is required to deliver the Services
  • Legitimate interest – to improve and secure our platform
  • Consent – for marketing communications and certain cookies
  • Legal obligation – where required by law

For feedback respondents, the legal basis is determined by the Novella customer who collects the feedback.

5. Data sharing and subprocessors

We may share personal data with trusted third parties only where necessary to provide the Services, including:

  • Cloud hosting and infrastructure providers
  • Analytics and monitoring tools
  • Email delivery services
  • CRM and integration partners (e.g. HubSpot), when enabled by the customer

All subprocessors are bound by data processing agreements and comply with GDPR requirements.

A current list of subprocessors is available upon request.

6. Cookies and tracking

Novella uses cookies and similar technologies for:

  • Website functionality
  • Analytics and performance measurement
  • Marketing and advertising (where consent is given)

Where required, we ask for your consent before placing non-essential cookies. You can manage your cookie preferences at any time.

7. Data retention

We retain personal data only as long as necessary:

  • Account data: for the duration of the customer relationship
  • Feedback data: according to the customer’s subscription plan and configuration
  • Website analytics: according to our analytics retention settings

Customers can request deletion or anonymization of data via their account or by contacting us.

8. International data transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

9. Security measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encrypted data storage and transmission
  • Access controls and role-based permissions
  • Regular security updates and monitoring

Despite these measures, no system can be guaranteed to be 100% secure.

10. Your rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise your rights, contact us at privacy@novellahq.com.

If your data was collected via a Novella customer, you may also contact that organization directly.

11. Complaints

If you believe your rights have been violated, you may lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available at:

www.novellahq.com/legal/privacy-policy

Significant changes will be communicated where appropriate.

13. Contact

For questions about this Privacy Policy or our data practices:

📧 privacy@novellahq.com