This Privacy Policy explains how Opennova AI Inc. (“Company,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects personal information in connection with our website, consulting services, AI implementation services, automation services, training programs, client portals, events, communications, and related business activities.
We are an AI implementation and consulting company based in California, United States. We help organizations design, deploy, integrate, and manage artificial intelligence systems, automation workflows, data processes, and related technology solutions.
This Privacy Policy applies to information we collect from website visitors, clients, prospective clients, client personnel, vendors, partners, event attendees, job applicants, and other individuals who interact with us.
This Privacy Policy does not replace any separate master services agreement, statement of work, data processing agreement, confidentiality agreement, or other written agreement between us and a client. Where we process data on behalf of a client, we generally do so as a service provider, processor, contractor, or similar role under applicable law, and the client’s privacy policy may also apply.
1. Information We Collect
We may collect the following categories of information, depending on how you interact with us.
A. Identifiers
This may include:
- Name
- Email address
- Phone number
- Business address
- Mailing address
- Company name
- Job title
- Account username
- IP address
- Device identifiers
- Online identifiers
B. Business and Contact Information
This may include:
- Employer or organization name
- Role or department
- Business email
- Business phone number
- Professional profile information
- Communication preferences
- Information submitted through forms, intake questionnaires, discovery calls, proposals, contracts, and client onboarding materials
C. Commercial Information
This may include:
- Services requested or purchased
- Project history
- Consulting engagement details
- Billing records
- Payment status
- Subscription or service plan information
- Customer support history
- Event or webinar registration information
We generally do not store full payment card numbers. Payment information may be processed by third-party payment processors.
D. Internet, Device, and Network Activity
When you visit our website or interact with our digital services, we may collect:
- IP address
- Browser type
- Device type
- Operating system
- Referring URLs
- Pages viewed
- Date and time of visit
- Clickstream data
- Cookie and tracking technology data
- Website analytics data
- Email engagement data, such as opens and clicks
E. Professional or Employment-Related Information
If you apply for a job, contractor role, partnership, or consulting opportunity with us, we may collect:
- Resume or CV
- Work history
- Education history
- Portfolio links
- References
- Interview notes
- Compensation expectations
- Work authorization information, where applicable
F. Audio, Visual, or Meeting Information
If you participate in calls, webinars, training sessions, workshops, or recorded meetings, we may collect:
- Meeting recordings
- Chat transcripts
- Voice recordings
- Video recordings
- Screenshare content
- Notes from meetings
- Training participation data
We will provide notice or obtain consent where required before recording meetings.
G. Client Data and Project Materials
In providing AI implementation and consulting services, we may receive, access, or process information provided by or on behalf of our clients, including:
- Business documents
- Spreadsheets
- CRM data
- Sales and marketing data
- Customer support records
- Operational workflows
- Internal policies
- Process documentation
- Training materials
- Prompt libraries
- Knowledge bases
- System architecture documents
- API documentation
- Database schemas
- Integration credentials
- Workflow logs
- Project files
- Other business data shared for implementation purposes
Client Data may include personal information about our clients’ customers, employees, contractors, vendors, or business contacts. We process Client Data only as permitted by our agreement with the client and applicable law.
H. Sensitive Personal Information
Depending on the project or interaction, we may collect or receive certain sensitive personal information, such as:
- Account login credentials, API keys, or access tokens
- Government identification information, if needed for contracting, hiring, or compliance
- Financial account information, if needed for billing or vendor administration
- Precise geolocation, only if required for a specific service and with appropriate notice
- Contents of communications, where provided to us for consulting, automation, or AI implementation work
We do not seek to collect sensitive personal information unless it is necessary for the requested service, required by law, or provided by a client in connection with a project.
I. Inferences
We may create limited inferences from the information we collect, such as:
- Service interests
- Likely business needs
- Preferred communication method
- Project fit
- Training needs
- Website usage patterns
We do not use inferences to make legally significant decisions about individuals without appropriate notice and, where required, consent or an opportunity to opt out.
2. Sources of Personal Information
We may collect personal information from the following sources:
- Directly from you
- From your employer or organization
- From our clients
- From forms you submit
- From emails, calls, meetings, webinars, or events
- From our website and analytics tools
- From CRM, scheduling, payment, support, and communication platforms
- From publicly available sources, such as company websites, LinkedIn, business directories, or public records
- From referral partners
- From vendors and service providers
- From third-party platforms you use to interact with us
- From systems or applications that clients authorize us to access
3. How We Use Personal Information
We may use personal information for the following business and commercial purposes.
A. To Provide Services
We may use information to:
- Deliver AI consulting services
- Design and implement AI workflows
- Build automations and integrations
- Configure AI tools, agents, assistants, or systems
- Provide implementation support
- Conduct technical discovery
- Create documentation
- Train client teams
- Troubleshoot systems
- Manage projects
- Provide client support
- Monitor service performance
B. To Manage Client Relationships
We may use information to:
- Respond to inquiries
- Schedule calls
- Prepare proposals
- Negotiate contracts
- Manage accounts
- Send project updates
- Provide customer support
- Process payments
- Maintain business records
C. To Improve Our Services
We may use information to:
- Improve our website
- Improve our consulting methods
- Develop templates, playbooks, and internal processes
- Analyze service performance
- Understand client needs
- Improve training materials
- Debug technical issues
- Develop new service offerings
When we use project learnings to improve our services, we aim to use aggregated, anonymized, or de-identified information where practical.
D. To Communicate With You
We may use information to:
- Respond to messages
- Send administrative notices
- Send service updates
- Send event information
- Send newsletters or marketing emails
- Provide educational content
- Invite you to webinars, workshops, or community programs
You may opt out of marketing emails at any time by using the unsubscribe link or contacting us.
E. For AI Implementation and Testing
We may use information to:
- Configure AI systems
- Test prompts
- Evaluate AI output quality
- Build retrieval-augmented generation systems
- Connect AI tools to approved business systems
- Test automations
- Validate workflows
- Monitor accuracy and reliability
- Create client-specific documentation and training assets
Unless a client expressly authorizes otherwise in writing, we do not use Client Data to train public AI models or unrelated third-party AI systems.
F. For Security and Fraud Prevention
We may use information to:
- Protect our systems
- Detect unauthorized access
- Prevent fraud
- Monitor suspicious activity
- Enforce access controls
- Protect client environments
- Investigate security incidents
- Maintain audit logs
G. For Legal, Compliance, and Business Purposes
We may use information to:
- Comply with laws
- Enforce contracts
- Resolve disputes
- Respond to lawful requests
- Protect rights and safety
- Maintain tax, accounting, and business records
- Support a merger, acquisition, financing, restructuring, or sale of assets
4. How We Use AI and Automated Systems
Because we are an AI implementation and consulting company, we may use AI tools in our business and service delivery. This may include:
- Drafting internal notes, documentation, and summaries
- Analyzing business processes
- Creating workflow recommendations
- Generating implementation plans
- Summarizing client-provided documents
- Assisting with coding, testing, and technical configuration
- Creating training content
- Supporting research and analysis
- Improving productivity and service delivery
We take steps designed to protect confidential and personal information when using AI tools. These steps may include limiting the information shared with AI vendors, using enterprise-grade AI accounts where appropriate, disabling model training where available, using redaction or anonymization, applying access controls, and following client-specific restrictions.
We do not intentionally submit sensitive Client Data to AI tools unless it is necessary for the project, permitted by the client, and handled according to the applicable agreement.
AI-generated outputs may be inaccurate, incomplete, or require human review. We do not rely solely on AI-generated outputs for decisions that have legal, financial, employment, housing, credit, healthcare, or similarly significant effects unless appropriate safeguards are in place.
5. Client Data
When we receive Client Data in connection with our consulting or implementation services, we use it only to provide the services requested by the client, comply with our legal obligations, protect our rights, and as otherwise authorized by the client.
We do not sell Client Data.
We do not use Client Data to train our own general-purpose AI models unless the client expressly agrees in writing.
We may process Client Data through approved vendors, cloud platforms, AI providers, automation tools, analytics systems, and infrastructure providers where necessary to deliver the services. Where appropriate, we use contractual, technical, and organizational safeguards to protect Client Data.
Clients are responsible for ensuring that they have the necessary rights, notices, consents, and lawful bases to provide Client Data to us.
6. Cookies and Tracking Technologies
We may use cookies, pixels, tags, scripts, and similar technologies to operate our website and understand how visitors interact with us.
These technologies may help us:
- Remember preferences
- Improve website performance
- Analyze traffic
- Measure marketing effectiveness
- Understand visitor behavior
- Secure the website
- Personalize content
You can control cookies through your browser settings. Some features may not work properly if cookies are disabled.
We may use third-party analytics and marketing tools, such as Google Analytics, CRM tracking tools, email marketing platforms, advertising platforms, or similar services. These third parties may collect information about your use of our website and other online services over time.
7. How We Disclose Personal Information
We may disclose personal information to the following categories of recipients.
A. Service Providers and Vendors
We may share information with vendors who help us operate our business, such as:
- Cloud hosting providers
- AI platform providers
- Automation platforms
- CRM systems
- Email providers
- Payment processors
- Analytics providers
- Scheduling tools
- Customer support tools
- Security providers
- Accounting and legal service providers
- Contractors and consultants
These parties are authorized to use information only as necessary to provide services to us or as otherwise permitted by law.
B. Clients
Where our services are provided to a client, we may share project-related information with the client, including information about client personnel, project status, usage, implementation details, and service deliverables.
C. Business Partners
We may share information with business partners, referral partners, integration partners, or implementation partners where necessary to provide services, pursue a business opportunity, or deliver a joint offering.
D. Legal and Compliance Recipients
We may disclose information to courts, regulators, law enforcement, government authorities, or other parties when we believe disclosure is necessary to comply with law, enforce agreements, protect rights, prevent harm, or respond to legal process.
E. Business Transfers
If we are involved in a merger, acquisition, financing, restructuring, bankruptcy, sale of assets, or similar business transaction, information may be transferred as part of that transaction.
8. Sale or Sharing of Personal Information
We do not sell personal information in the traditional sense of exchanging it for money.
However, certain privacy laws define “sale” or “sharing” broadly and may treat some advertising, analytics, or cross-context behavioral advertising activities as a sale or sharing of personal information.
If we use advertising or analytics technologies that constitute a “sale” or “sharing” under applicable law, you may have the right to opt out.
Where required, we will provide a “Do Not Sell or Share My Personal Information” link or another legally recognized method for submitting opt-out requests.
We do not knowingly sell or share personal information of individuals under 16 years of age.
9. Sensitive Personal Information
We use sensitive personal information only for purposes that are reasonably necessary and proportionate to provide our services, secure our systems, comply with law, or as otherwise permitted by applicable privacy laws.
We do not use sensitive personal information to infer characteristics about individuals unless permitted by law or with appropriate authorization.
Where required by California law, individuals may have the right to limit certain uses or disclosures of sensitive personal information.
10. Data Retention
We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention periods may depend on:
- The nature of the information
- The purpose for collection
- Contractual requirements
- Legal and regulatory obligations
- Tax, accounting, and audit requirements
- Security and fraud prevention needs
- Dispute resolution needs
- Client instructions
Client Data is retained according to the applicable client agreement, statement of work, data processing agreement, or documented client instructions.
When information is no longer needed, we may delete, anonymize, de-identify, or securely archive it.
11. Data Security
We use reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, loss, misuse, disclosure, alteration, and destruction.
These safeguards may include:
- Access controls
- Password protections
- Multi-factor authentication
- Encryption where appropriate
- Secure cloud infrastructure
- Vendor review
- Confidentiality obligations
- Employee and contractor access restrictions
- Logging and monitoring
- Secure file-sharing practices
- Incident response procedures
No system is completely secure. We cannot guarantee absolute security of personal information.
You are responsible for maintaining the confidentiality of any account credentials, API keys, passwords, or access tokens you provide or use in connection with our services.
12. International Data Transfers
We are based in the United States. If you access our website or services from outside the United States, your information may be transferred to, stored in, or processed in the United States or other jurisdictions where we or our service providers operate.
These jurisdictions may have data protection laws that differ from those in your location.
Where required, we use appropriate safeguards for international transfers of personal information.
13. Your Privacy Rights
Depending on where you live and the laws that apply, you may have certain rights regarding your personal information.
These rights may include the right to:
- Know what personal information we collect, use, disclose, sell, or share
- Access your personal information
- Request correction of inaccurate personal information
- Request deletion of personal information
- Request a copy of your personal information
- Opt out of the sale or sharing of personal information
- Limit certain uses of sensitive personal information
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
- Appeal a denied request, where applicable
- Not be discriminated against for exercising privacy rights
To exercise your rights, contact us using the information in the “Contact Us” section below.
We may need to verify your identity before responding to your request. Verification may require matching information you provide with information we maintain.
Authorized agents may submit requests on behalf of individuals where permitted by law. We may require proof of authorization and may also require the individual to verify their identity directly with us.
14. California Privacy Notice
This section applies to California residents and supplements the rest of this Privacy Policy.
California law may provide California residents with specific rights regarding personal information. This section describes our practices during the preceding 12 months.
A. Categories of Personal Information Collected
We may collect the following categories of personal information:
| Category | Examples |
|---|---|
| Identifiers | Name, email, phone number, business address, IP address, online identifiers |
| Customer records information | Contact details, billing information, account information |
| Commercial information | Services purchased, project history, payment status |
| Internet or network activity | Website usage, browser data, device data, analytics data |
| Professional or employment information | Job title, employer, work history, resume information |
| Audio, electronic, or visual information | Meeting recordings, call notes, webinar recordings |
| Sensitive personal information | Login credentials, API keys, financial information, confidential project data where applicable |
| Inferences | Service interests, project fit, communication preferences |
B. Purposes for Collection
We collect personal information for the purposes described in this Privacy Policy, including to provide services, communicate with you, manage projects, process payments, improve our offerings, secure our systems, comply with law, and conduct normal business operations.
C. Categories of Sources
We collect personal information from the sources described in the “Sources of Personal Information” section above.
D. Categories of Personal Information Disclosed for Business Purposes
We may disclose the following categories of personal information for business purposes:
- Identifiers
- Customer records information
- Commercial information
- Internet or network activity
- Professional or employment information
- Audio, electronic, or visual information
- Sensitive personal information, where necessary
- Inferences
We may disclose this information to service providers, contractors, clients, business partners, professional advisors, legal authorities, and parties involved in business transactions.
E. Sale or Sharing
We do not sell personal information for money.
We may use analytics or advertising technologies that could be considered “sharing” or “sale” under California law. Where applicable, California residents may opt out by using our “Do Not Sell or Share My Personal Information” link or contacting us.
F. Sensitive Personal Information
We use sensitive personal information only as necessary to provide services, secure systems, comply with law, or as otherwise permitted by California law.
G. California Privacy Rights
California residents may have the right to:
- Know the categories and specific pieces of personal information we have collected
- Know the categories of sources from which personal information is collected
- Know the purposes for collecting, selling, or sharing personal information
- Know the categories of third parties to whom personal information is disclosed
- Request deletion of personal information
- Request correction of inaccurate personal information
- Opt out of sale or sharing
- Limit certain uses of sensitive personal information
- Not receive discriminatory treatment for exercising privacy rights
H. How to Submit a California Privacy Request
You may submit a request by:
- Email: support@opennova.co
- Web Form: [Insert Link]
- Phone: [Insert Toll-Free Number, if applicable]
- Mailing Address: [Insert Mailing Address]
We will respond to verified requests as required by applicable law.
I. Authorized Agents
California residents may use an authorized agent to submit privacy requests. We may require the agent to provide proof of authorization and may require the resident to verify their identity directly with us.
J. Non-Discrimination
We will not discriminate against you for exercising your California privacy rights. This means we will not deny services, charge different prices, provide a different level of service, or retaliate against you because you exercised your rights, except as permitted by law.
15. Automated Decision-Making and Profiling
We may use automated tools to support business operations, such as lead scoring, marketing segmentation, website analytics, workflow recommendations, and project planning.
We do not use automated decision-making to make decisions that produce legal or similarly significant effects about individuals unless we provide appropriate notice and rights required by applicable law.
Where required by law, you may have the right to request information about certain automated decision-making practices and to opt out of certain automated decision-making uses.
16. De-Identified and Aggregated Information
We may use de-identified, anonymized, or aggregated information for business purposes, including research, analytics, benchmarking, service improvement, and marketing.
Where we maintain de-identified information, we will take reasonable measures designed to prevent the information from being used to identify an individual, and we will not attempt to re-identify the information except as permitted by law.
17. Children’s Privacy
Our website and services are intended for business users and are not directed to children under 13.
We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete it.
If you believe a child has provided us with personal information, contact us using the information below.
18. Third-Party Websites and Services
Our website, emails, or services may link to third-party websites, platforms, tools, or services. We are not responsible for the privacy practices of third parties.
Your use of third-party services is governed by their own privacy policies and terms.
This may include third-party AI platforms, automation tools, CRM systems, cloud providers, analytics platforms, payment processors, scheduling tools, and communication services.
19. Confidentiality and Client Responsibilities
Our consulting engagements may involve confidential business information, trade secrets, proprietary workflows, technical documentation, and operational data.
We handle confidential information according to our agreements with clients.
Clients are responsible for:
- Providing only data they are authorized to share
- Removing unnecessary sensitive personal information before sharing files, where practical
- Notifying their own employees, customers, vendors, or users as required
- Obtaining required consents
- Reviewing AI outputs before use
- Managing access permissions in their own systems
- Complying with laws that apply to their business and data
20. Email and Marketing Communications
We may send marketing emails, newsletters, event invitations, educational content, and service updates.
You can opt out of marketing emails at any time by clicking the unsubscribe link in the email or contacting us.
Even if you opt out of marketing emails, we may still send transactional or administrative messages, such as project updates, invoices, legal notices, or security alerts.
21. Data Processing Agreements
Where required, we may enter into a data processing agreement or similar privacy addendum with clients.
A data processing agreement may address:
- Processing instructions
- Confidentiality
- Security measures
- Subprocessors
- International transfers
- Data subject requests
- Return or deletion of data
- Audit rights
- Breach notification
- Assistance with compliance obligations
If there is a conflict between this Privacy Policy and a signed agreement with a client, the signed agreement will control with respect to that client engagement.
22. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
When we make changes, we will update the “Last Updated” date at the top of this page. If we make material changes, we may provide additional notice, such as by posting a notice on our website or sending an email.
Your continued use of our website or services after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.
23. Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at:
Opennova AI Inc. Email: support@opennova.co Mailing Address: 501 Folsom St, San Francisco, CA 94105, United States Website: https://www.opennova.co
For privacy requests, please include your name, contact information, the nature of your request, and any information necessary for us to verify and process the request.
24. Optional Notice at Collection Summary
At or before the point of collection, we may provide the following short-form notice:
We collect personal information, including identifiers, business contact information, commercial information, internet or network activity, professional information, communications, project materials, and, where necessary, sensitive personal information. We use this information to provide AI consulting and implementation services, communicate with you, manage projects, improve our services, secure our systems, comply with law, and conduct business operations. We may disclose information to service providers, clients, business partners, professional advisors, and legal authorities. We do not sell personal information for money. We may use analytics or advertising technologies that may be considered “sharing” under California law. You may have rights to access, delete, correct, opt out, limit certain uses, and appeal certain decisions. For more information, please review our full Privacy Policy.