Privacy Policy
Effective: March 29, 2026 · Last Updated: March 30, 2026
1. Introduction
This Privacy Policy (“Policy”) explains how Quant NexusAI Inc., operating as NovoQuantNexus (“NovoQuantNexus,” “we,” “our,” or “us”), collects, uses, and shares information connected to you or that could be used to identify you (“Personal Information”) when you use the NovoMCP cloud platform (including Novo at ai.novomcp.com and Novo Compute at compute.novomcp.com), the NovoWorkbench desktop application, our APIs, and any related services (collectively, the “Services”). Both Novo and Novo Compute operate within the same Azure infrastructure and follow identical data handling, encryption, and retention practices. A single organization account spans both services.
This Policy does not apply to information that is not legally considered Personal Information, such as fully anonymized or aggregated data that cannot be linked back to an individual.
By using the Services, you agree to the practices described here. If you do not agree, please stop using the Services.
2. Information We Collect
2.1 Information You Provide
You may provide personal details when you create an account, submit a support request, or communicate with us. This includes:
- Account information. Name, email address, and organization name (if applicable).
- Payment information. Billing details processed through Stripe. NovoQuantNexus does not directly store credit card numbers or financial account information.
2.2 Information We Collect Automatically
We collect usage and technical data to maintain a secure, stable experience and to understand how the Services are used:
- API usage data. API key identifier (hashed), timestamps, tool names invoked, request counts, credit consumption, and pipeline execution metadata for audit compliance.
- Technical data. IP address, device type, operating system, and browser type when accessing the NovoMCP web platform.
2.3 Query Data
We process but do not persistently store SMILES strings, molecular structures, search queries, or tool parameters submitted through the Services. Query data is handled in memory during computation and discarded upon completion. Query data is not used for model training, analytics, or any purpose beyond fulfilling your request.
2.4 NovoWorkbench Desktop Application
NovoWorkbench operates with a local-first architecture:
- Local features run entirely on your machine. No molecular data, workspace files, or computation results are transmitted to NovoQuantNexus servers.
- Cloud features (when explicitly invoked by you) transmit only the minimum data required for the request, such as SMILES strings or search queries, to NovoMCP cloud services.
- AI chat conversations are sent directly to the AI provider you configure (e.g., Anthropic, OpenAI, Azure). NovoQuantNexus does not intercept, store, or have access to these conversations.
- Workspace files are stored locally on your device and are never uploaded to NovoQuantNexus servers.
2.5 What We Do NOT Collect
- Conversation history with AI assistants
- Uploaded files or workspace contents
- Personal health information
- Social security numbers, financial account details, or government-issued identifiers
- Browsing history, search history, or cross-site tracking data
- Biometric information
- Geolocation data beyond IP-derived country for service routing
3. How We Use Information
We use the information we collect for the following purposes:
- Service operation. Authenticate API requests, enforce rate limits, route requests to appropriate compute services, and process billing.
- Service improvement. Aggregate, anonymized usage statistics for performance monitoring, capacity planning, and reliability improvements. We do not use individual query data for this purpose.
- Security. Detect and prevent unauthorized access, fraud, abuse, and other harmful activity.
- Communication. Service announcements, security notifications, billing communications, and responses to your support requests.
- Legal compliance. Meet applicable legal obligations, resolve disputes, and enforce our agreements.
We do not use your Personal Information for targeted advertising, behavioral profiling, or marketing to third parties.
4. Data Retention
We retain Personal Information only for as long as necessary to carry out the purposes described in this Policy.
| Data Type | Retention |
|---|---|
| Account information | Until account deletion |
| API key metadata | Until revocation + 30 days |
| Usage timestamps and audit logs | 90 days |
| Error logs | 30 days |
| Pipeline audit records (Enterprise) | Until account deletion |
| Query content (SMILES, parameters) | Not retained — processed in memory only |
| Payment records | As required by applicable tax and financial regulations |
When your Personal Information is no longer needed, we will either delete it or de-identify it so that it can no longer be linked back to you.
5. Data Sharing and Disclosure
We do not sell your Personal Information. We do not share your Personal Information with third parties for marketing purposes. We do not use third-party analytics services that track individual users.
We may share your Personal Information in the following limited circumstances:
- Service providers. Trusted infrastructure and service providers who help us operate the platform, subject to confidentiality agreements. Currently: Microsoft Azure (cloud hosting, East US region), Stripe (payment processing), and Resend (transactional email).
- Legal requirements. We may disclose information if required by law, subpoena, court order, or government request, or when necessary to detect, prevent, or respond to fraud, unauthorized activity, or other harmful or unlawful behavior.
- Business transactions. If NovoQuantNexus is involved in a merger, acquisition, restructuring, or sale of assets, your Personal Information may be transferred as part of that process, subject to appropriate confidentiality protections. We will notify you of any such transfer and any choices you may have regarding your information.
6. Data Security
NovoQuantNexus maintains security measures designed to safeguard your data from unauthorized access, misuse, loss, or alteration:
- API keys are hashed (SHA-256) before storage. Plaintext keys are shown once at creation and never stored.
- Communications are encrypted via TLS.
- Authentication uses OAuth 2.0 with PKCE.
- Enterprise connector credentials are stored in Azure Key Vault.
- Network isolation between internal services.
- Admin access requires multi-factor authentication with principle of least privilege.
- NovoWorkbench is signed and notarized for macOS (Apple Team ID: 8N9K9B7Y69).
We regularly review and update our security protocols. When we engage with third-party service providers, we ensure they follow strong data protection practices.
While no system can be completely immune to all threats, we are committed to maintaining a secure environment. In the event of a data breach affecting your Personal Information, we will notify affected users within 72 hours of becoming aware of the breach.
7. Your Rights
You have certain rights regarding the Personal Information we hold about you, and we are committed to honoring those rights in accordance with applicable laws.
- Access and export. Request a copy of your Personal Information by contacting privacy@novoquantnexus.com.
- Correction. Request correction of any inaccurate account information.
- Deletion. Request account deletion at any time. API keys are revoked immediately, account information is deleted within 30 days, and usage records are deleted within 90 days.
- Objection and restriction. Object to how we process your Personal Information or ask us to restrict certain types of processing.
- Portability. Request that your Personal Information be provided to you or another organization in a portable format.
- Withdrawal of consent. If you have given us consent to process your Personal Information, you can withdraw that consent at any time. This will not affect any processing completed before your withdrawal.
We will respond to your requests in accordance with applicable laws. If we are unable to fulfill a request, we will inform you of the reason and your right to appeal.
8. Supplemental Terms for Certain Regions
8.1 European Economic Area, Switzerland, and United Kingdom
If you are located in the EEA, Switzerland, or the UK, our legal basis for collecting and using Personal Information depends on the information concerned and the context in which we collect it. We will normally collect Personal Information only where we have your consent, where we need it to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection rights.
When we transfer Personal Information outside the EEA, Switzerland, or UK, we use appropriate safeguards including European Commission-approved standard contractual clauses.
You have the right to lodge a complaint with your local data protection authority if you have concerns about how we handle your Personal Information.
8.2 California Consumer Privacy Act (CCPA) Notice
If you are a California resident, the following applies in addition to the rest of this Policy:
- We do not sell your Personal Information. NovoQuantNexus does not sell or share Personal Information for cross-context behavioral advertising, including any sensitive personal data.
- Categories collected. Identifiers (name, email, IP address) and account name. We do not collect protected classifications, commercial information, biometric information, geolocation data, sensory data, professional information, education information, or inferences.
- Your rights under CCPA. You may request access to Personal Information collected in the past 12 months, request correction or deletion of your Personal Information, and opt out of the sale or sharing of personal data (which we do not engage in). We will not deny you access to the Services or treat you unfairly for exercising your rights.
To exercise any of these rights, contact us at privacy@novoquantnexus.com. We may need to verify your identity before processing your request.
9. International Data Transfers
NovoMCP servers are located in the United States (Microsoft Azure, East US region). Your Personal Information may be transferred to, stored in, or processed at locations outside your jurisdiction. By using the Services, you acknowledge this transfer. We take appropriate steps to ensure your Personal Information is protected and will only transfer it where appropriate safeguards are in place, in line with this Policy.
10. Children's Privacy
The Services are not intended for individuals under the age of 18, and we do not knowingly collect Personal Information from anyone in this age group. If we become aware that we have unintentionally collected personal data from someone under 18, we will take steps to delete it promptly. If you believe a child under 18 may have provided us with Personal Information, please contact us at privacy@novoquantnexus.com.
11. Cookies and Tracking Technologies
The NovoMCP web platform may use essential cookies to support functionality such as authentication and session management. We do not use cookies for advertising, behavioral tracking, or cross-site analytics. We do not use web beacons, pixels, or third-party tracking scripts.
NovoWorkbench, as a desktop application, does not use cookies or web tracking technologies.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated via email to the address associated with your account and/or by notice on the documentation site. We will update the “Last Updated” date at the top of this Policy. Continued use of the Services after changes constitutes acceptance of the updated Policy.
13. Contact Us
If you have any questions or concerns regarding this Policy, please contact us:
Privacy: privacy@novoquantnexus.com
General: ari@novoquantnexus.com
Website: novoquantnexus.com