Privacy Policy
Effective: January 17, 2026 · Last Updated: March 12, 2026
1. Information We Collect
Account Information. Email address, name, and organization name (if applicable).
API Usage Data. API key identifier (hashed), timestamps, tool names, request counts, and pipeline execution metadata for audit compliance.
Query Data. We process but do not persistently store SMILES strings, search queries, or tool parameters. Query data is not used for training or analytics.
NovoWorkbench. Local features run entirely on your machine — no data transmitted. Cloud features transmit only SMILES strings or search queries. AI chat conversations go directly to the provider you configure. Workspace files are never uploaded.
What We Do NOT Collect. Conversation history with AI assistants, uploaded files, workspace contents, personal health information, or financial information.
2. How We Use Information
Service Operation. Authenticate API requests, enforce rate limits, and route requests.
Service Improvement. Aggregate usage statistics, performance monitoring, and security monitoring.
Communication. Service announcements, security notifications, and billing communications.
3. Data Retention
| Data Type | Retention |
|---|---|
| Account information | Until account deletion |
| API key metadata | Until revocation + 30 days |
| Usage timestamps | 90 days |
| Error logs | 30 days |
| Pipeline audit records | Until account deletion |
| Query content | Not retained |
4. Data Sharing
We do not sell or share your personal information with third parties for marketing purposes.
Service Providers. Microsoft Azure (cloud hosting, East US), Azure SQL Database, Azure Redis Cache.
Legal Requirements. We may disclose information if required by law, subpoena, or legal process.
We do not use third-party analytics services that track individual users.
5. Data Security
API keys are hashed (SHA-256) before storage. All communications encrypted via TLS 1.3. OAuth 2.0 with PKCE for authentication. Network isolation between services.
Admin access requires multi-factor authentication with principle of least privilege.
In the event of a data breach, we will notify affected users within 72 hours.
6. Your Rights
Access and Export. Request a copy of your data at privacy@novoquantnexus.com.
Deletion. Request account deletion at any time. API keys revoked immediately, account info deleted within 30 days, usage records within 90 days.
Correction. Contact us to correct any inaccurate account information.
7. International Users
NovoMCP servers are located in the United States (Azure East US). For EU/EEA users: we process data under legitimate interest. You have rights under GDPR including access, rectification, erasure, and data portability.
8. Children's Privacy
NovoMCP is not intended for use by individuals under 18 years of age.
9. Changes to This Policy
Material changes will be communicated via email and notice on the documentation site. Continued use constitutes acceptance.
10. Contact Us
Privacy: privacy@novoquantnexus.com
General Support: ari@novoquantnexus.com