NOAH is a cloud business management system (contacts, deals, tasks and communication). This policy explains what we collect, why, and how we protect it — in accordance with the Israeli Protection of Privacy Law, 1981.
Account data: name, email and a hashed password (or your Google identity if you sign in with Google).
Your business data: contacts, companies, deals, tasks, activities and messages you enter. This data belongs to you — we process it solely to provide the service.
Usage data: audit logs, AI feature usage metrics, and technical data required for security (IP addresses on sensitive operations).
Cookies: essential cookies only — session management and theme preference. No advertising cookies.
AI features (the CHIEF agent, deal scoring, email drafting) use Anthropic's Claude. When you use an AI feature, the data relevant to your request is sent for processing and is not used to train models. Actions the agent proposes require your explicit confirmation.
We rely on established infrastructure providers: Supabase (database), Vercel (application hosting), Anthropic (AI processing), Resend (transactional email), Google (sign-in and Gmail sync — only with your authorization), and Sentry (error monitoring; session replays are masked). All are bound by data processing agreements.
Each organization's data is isolated at the query level; every operation is validated against your permissions. Traffic is encrypted (TLS), sensitive tokens are encrypted at rest (AES-256-GCM), and a full audit log covers sensitive operations. Two-factor authentication is available and can be enforced org-wide.
Export: the organization owner can export all organization data at any time (Settings → Privacy).
Deletion: you can permanently erase all organization data. Deleted data cannot be recovered.
Access and correction: account details can be updated in profile settings.
Account and business data are kept while the account is active. If a trial ends without upgrading, your data is kept waiting for you. Account deletion permanently removes the data.
For privacy questions, reach us via the in-app contact form or on the home page.