This Privacy Policy describes the data protection practices of Noan Technology, Inc., Noan (“Noan,” “we,” “us,” or “our”). This Privacy Policy applies to information that we collect and use about you when you access or use the Noan website, mobile applications, or other online or mobile service that links to or otherwise presents this Privacy Policy to you. We refer to these products and services collectively as the “Services.”
Date of last revision: June 11,2024
PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.
Information We Collect
We collect information about you through the means discussed below. Please note that we need certain types of information so that we can provide the Services to you. If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use our Services.
1. INFORMATION YOU PROVIDE TO US
We collect a variety of information that you provide directly to us. For example, we collect information from you through:
The Services you use or processing your orders
Requests or questions you submit to us via online forms, email, or otherwise
Your participation in sweepstakes, contests, or surveys
Any reviews that you submit about the Services
Account registration and administration of your account
Uploads or posts to the Services
Requests for customer support and technical assistance
Information about you
While parts of the Services may not require you to provide any information that can directly identify you by name (such as if you choose to browse the website without logging in), the specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide. The types of data we collect directly from you includes:
Email address
Name, if you choose to provide it
Log-in credentials, if you create a Noan account
Billing information, such as shipping address of a gift card recipient, credit or debit card number, verification number, zip code, and expiration date
Information about purchases or other transactions with us
Information about your customer service interactions with us
Demographic information such as your gender or other information you choose to provide as part of your Noan profile
User-generated content you provide to us, such as when you comment on content on the Services, respond to a survey request, review a class, or participate in the public forums
Classes in which you enroll
Any other information you choose to directly provide to us in connection with your use of the Services
Information about others
If you request that your purchase be provided to someone other than yourself (such as a gift recipient or company staff member/employee), we use the information you provide about the other person to fulfill the shipment and may gather information on them through the means outlined in this policy.
2. INFORMATION WE COLLECT THROUGH AUTOMATED MEANS
When you use our Services, we collect certain information as described in this Section. As discussed further below, we and our service providers (which are third party companies that work on our behalf) may use a variety of technologies, including cookies and similar tools, to assist in collecting this information.
Websites
When you use our website, we collect and analyze information such as your IP address, browser types, browser language, operating system, software and hardware attributes (including device IDs) referring and exit pages and URLs, the number of clicks, pages viewed and the order of those pages, date and time of use, content watched, total minutes watched, error logs, and other similar information about how you use the website.
Mobile Applications
When you use a Noan mobile application or software ("app"), we automatically receive certain information about the mobile phone, tablet, or computer used to access the app, including device identifiers, IP address, operating system, version, Internet service provider, browser type, domain name and other similar information, whether and when you update the app, date and time of use, content watched, total minutes watched, error logs, and other similar information about how you use the app.
Location Information
When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state and/or postal code associated with an IP address, city/state) from your computer or mobile device.
3. INFORMATION WE COLLECT FROM SOCIAL MEDIA AND OTHER CONTENT PLATFORMS
If you access the Services through a third-party connection or log-in (e.g., through a social network like Facebook or Twitter or Google Auth), you may allow us to have access to and store certain information from your social network profile. This can include your name, gender, profile picture, your “likes” and check-ins, and your list of friends, depending on your settings on such services. If you do not wish to have this information shared, do not use a social networking connection to access the Services. For a description of how social networking sites handle your information, please refer to their privacy policies and terms of use, which may permit you to modify your privacy settings. You may also have the option of posting your Services activities to Social Networking Services when you access content through the Services (for example, you may post to Facebook that you enrolled in a class on the Service); you acknowledge that if you choose to use this feature, your friends, followers and subscribers on any Social Networking Services you have enabled will be able to view such activity.
4. INFORMATION WE COLLECT FROM OTHERS
We may receive additional information such as demographic and statistical information from third parties, such as business partners, marketers, researchers, analysts, and other parties that we may attribute to you based on your assignment to certain statistical groups. We use this information to supplement the information that we collect directly from you in order to derive your possible interests and to provide more relevant experiences for you and improve our products, analytics, and advertising.
How We Use Your Information
We, or our service providers, use your information for various purposes depending on the types of information we have collected from and about you, in order to:
Complete a purchase or provide the Services you have requested, including invoicing and accounting
Respond to your request for information and provide you with more effective and efficient customer service
Provide you with updates and information about classes in which you have enrolled
Contact you by email, postal mail, or phone regarding Noan and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you
Customize any advertising and content you see on the Services
Help us better understand your interests and needs, and improve the Services, including through research and reports, and test and create new products, features, services and matching you to service providers/consultants within our marketplace
Secure our websites and applications, and resolve app crashes and other issues being reported
Comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others
Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others
Combined Information
For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Policy.
Aggregate/Anonymous Data
We may aggregate and/or anonymize any information collected through the Services so that such information can no longer be linked to you or your device. We may use such anonymized information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors.
Cookies and Similar Technologies
To collect the information in the “Information We Collect Through Automated Means” section above, we and our service providers use Internet server logs, cookies, tracking pixels, and other similar tracking technologies. We use these technologies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.
Cookies are small text files that are placed on your computer or mobile device when you visit a site that enable us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand the web pages of the Services you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions. Some cookies are placed in your browser cache while those associated with Flash technologies are stored with your Adobe Flash Player files.
As we adopt additional technologies, we may also gather information through other methods. Please note that you can change your settings to notify you when a cookie is being set or updated or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). You can also manage the use of Flash technologies, including flash cookies and local storage objects, with the Flash management tools available at Adobe's website. Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services.
Online Analytics and Advertising
1. ANALYTICS
We may use third-party web analytics services (such as those of Google Analytics, Posthog or Sentry) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
2. ONLINE ADVERTISING
The Services may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising on the Services, as well as on other websites you visit and other applications you use. The ads may be based on various factors such as the content of the page you are visiting, information you enter such as your age and gender, your searches, demographic data, user-generated content, and other information we collect from you. These ads may be based on your current activity or your activity over time and across other websites and online services and may be tailored to your interests.
Third parties may also place cookies or other tracking technologies on your computer, mobile phone, or other device to collect information about you as discussed above. These third parties (e.g., ad networks and ad servers such as Google Analytics, DoubleClick and others) may also serve tailored ads to you as you use the Internet and Internet-connected applications, and access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Services to assist in this activity.
We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking technologies that may be placed on your device you use to access the Services by such non-affiliated third parties. To opt out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
Please note that if you exercise the choices above, you will still see advertising when you use the Services, but it will not be tailored to you based on your online behavior over time.
3. NOTICE CONCERNING DO NOT TRACK
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.
How We Share and Disclose your Information
Noan will share your information in the following ways:
Service Providers
We provide access to or share your information with select third parties who perform services on our behalf. They have access to perform these services but are prohibited from using your information for other purposes. They provide a variety of services to us, including billing, sales, marketing, product content and features, advertising, analytics, research, customer service, data storage, security, fraud prevention, payment processing, and legal services.
Protection of Noan and Others
By using the Services, you acknowledge and agree that we may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of Noan, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.
Business Transfers
As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
Public Forums
Certain features of our Services make it possible for you to share comments publicly with other users. Any information that you submit through such features is not confidential, and we may use it for any purpose (including in testimonials or other marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Accordingly, please take care when using these features.
Aggregate/Anonymous Information
From time to time, we may share Aggregate/Anonymous Information about use of the Services, such as by publishing a report on usage trends. The sharing of such data is unrestricted.
Retention of Your Information
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
How We Protect Your Information
Noan takes technical and organizational security measures to protect the information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Please keep this in mind when disclosing any information to Noan via the Internet.
Third Party Links and Features
The Services contain links to third-party websites such as social media sites, and also contain third-party plug-ins (such as the Facebook “like” button and Twitter “follow” button). If you choose to use these sites or features, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third-parties.
Children's Privacy
The Services are intended for general audiences and not for children under the age of 16. If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 16 without valid parental consent, we will take reasonable steps to delete it as soon as possible.
We do not knowingly process data of EU residents under the age of 16 without parental consent. If we become aware that we have collected data from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible. We also comply with other age restrictions and requirements in accordance with applicable local laws.
Data Subject Rights and Choices
Depending on your jurisdiction of residence, you may have certain rights with respect to your information as further described in this section.
1. YOUR LEGAL RIGHTS
If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” section below at any time. Your local laws (e.g., in the EU) may permit you to request that we:
provide access to and/or a copy of certain information we hold about you
prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
update information which is out of date or incorrect
delete certain information which we are holding about you
restrict the way that we process and disclose certain of your information
transfer your information to a third party provider of services
revoke your consent for the processing of your information
We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.
2. MARKETING COMMUNICATIONS AND SHARING
You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us using the information below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by applicable law. For example, you may not opt out of certain operational emails, such as those reflecting our relationship or transactions with you, or important notifications regarding classes in which you are enrolled.
Legal Bases for Use of Your Information
The legal bases for using your information as set out in this Privacy Policy are as follows:
Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with: the terms of service of our websites which you accept by browsing the websites/registering; and/or our contract to provide our Services to you);
Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our website and applications; operate our business and our Services; make and receive payments; comply with legal requirements and defend our legal rights; prevent fraud and to know the customer to whom we are providing Services);
Where we are required to process information in accordance with an EU Member State legal obligation; or
Where we have your consent, in accordance with applicable law.
International Transfer and Privacy Shield
The information discussed in this Policy is processed in the United States by Noan, whose principal office in the United States is located at Noan Technology, Inc, 8 The Green, STE 4000 Dover, DE 19901 USA.
Noan complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States, respectively. Noan has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
In compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles, Noan commits to resolve complaints about your privacy and our collection or use of your personal data. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Noan at privacy@getnoan.com. Noan has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Noan, please visit the JAMS EU Privacy Shield web site at https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Noan is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US and Swiss-US Privacy Shield.
If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. As described above, we also may subcontract the processing of your data to, or otherwise share your data with, other members within the Noan group of companies, service providers, and business partners in countries other than your country of residence, including the United States, in accordance with applicable law. Such third parties may be engaged in, among other things, the provision of Services to you, the processing of transactions and/or the provision of support services. By providing us with your information, you acknowledge any such transfer, storage or use. Noan will take reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data processor” under EU and Swiss terminology is processing the personal data we entrust to them in a manner that is consistent with the EU-US and Swiss-US Privacy Shield Principles. Noan is potentially liable in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, respectively.
If applicable, you may make a complaint to the data protection supervisory authority in the country where you reside. Alternatively you may seek a remedy through local courts if you believe your rights have been breached.
Changes to our Privacy Policy
We reserve the right to amend this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Privacy Policy accessible through the Services, so you should review the Privacy Policy periodically. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Date of Last Revision" included at the beginning of the document. If we make a material change to the Policy, you will be provided with appropriate notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.
Contact Information
Please feel free to contact us at legal@getnoan.com if you have any questions about Noan's Privacy Policy or the information practices of the Services.
| SUBPROCESSOR | PURPOSE | Data categories processed | Location of processing | Legal entity |
|---|---|---|---|---|
Amazon AWS
| Cloud storage
| Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA | Amazon Web Services Inc.
410 Terry Avenue North, Seattle, WA 98109-5210, aws-EU-privacy@amazon.com
|
Supabase | Cloud database storage & authorization
| Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA | Singapore, 970 Toa Payoh N, #07-04, Singapore
|
Netlify
| USA | Netlify, San Francisco, 44 Montgomery St STE 300, United States | ||
Storyblok | Marketing website | Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior) | Storyblok GmbH
Peter-Behrens-Platz 2 Bau 2, 2. Stock Linz, Oberösterreich 4020 Austria | |
Squarespace
| Marketing website | Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA
| 8 Clarkson St New York, NY 10014, USA
|
Stripe
| Payment provider | Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, billing address, Location – country, territory, city,
Payment – credit card details, subscription duration, Behavioral – product usage (page views, clicks, browsing behavior).
| USA
| South San Francisco, 354 Oyster Point Blvd, United States
|
OpenAI | LLM for content generation
| USA | San Francisco, 3180 18th St, United States
| |
Anthropic AI
| LLM for content generation
| USA
| Anthropic PBC.
548 Market Street, PMB 90375 San Francisco CA 94104
| |
Perplexity AI
| LLM for content generation
| USA | 341 Moultrie Street San Francisco, CA 94110 United States
| |
Sentry | Application monitoring
| Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA
| San Francisco, 45 Fremont Street, United States
|
Posthog | Application monitoring
| Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA | 2261 Market St #4008, San Francisco, United States
|
APPENDIX C SECURITY MEASURES
NOAN is an AI-powered business building platform for small businesses.
Our obligations to Subscriber are to ensure a continuous high quality delivery of our services, built on the highest level of security and resilience. We use the latest technology to make sure our infrastructure is reliable, and Subscriber data is protected.
Just as we put hard work into our product, we also put the same energy and enthusiasm into our security practices.
This document describes the technical and organizational security measures and controls implemented by Noan Technology Inc. to protect Personal Data and ensure the ongoing confidentiality, integrity and availability of Noan Technology Inc.' products and services. More details on the measures we implement are available upon request.
Noan Technology Inc. reserves the right to revise these technical and organizational measures at any time, without notice, so long as any such revisions will not materially reduce or weaken the protection provided for Personal Data that Noan Technology Inc. processes in providing its products and services.
How NOAN works: NOAN is a web-based AI-powered strategy development and business building platform. The platform is an all-in-one place for teams to build, share, and collaborate on go-to-market strategy. With NOAN, our users rapidly accelerate their ability to take a product or service to market digitally by using AI as a copilot to build and develop their brand.
Sub-processors
Noan Technology Inc. engages carefully vetted sub-processors for specific purposes to enhance NOAN for our Subscribers. For a list of sub-processors, please see Appendix B Pre-approved Sub-processors.
Business continuity management
Data backup is one of the pillars of Noan Technology Inc.' IT continuity plan. Trained personnel manage and follow up on backup execution to ensure the integrity, confidentiality, and accuracy of the backup data. Backups are taken daily. Personal Data is kept in backups for the first 10 days of the backup time, after which all Personal Data is scrubbed from the backup, and the scrubbed backup is stored indefinitely. Another pillar is the IT and management processes and routines that are carried out when a serious incident occurs. Noan Technology Inc. continually works on keeping processes and routines updated.
Noan Technology Inc. has a high degree of digitization and all the services and tools are digitally accessible remotely. As a result, all employees of Noan Technology Inc.' offices work remotely, insulating us from any potential business continuity risk that would be posed by having a single site office.
Supplier relationship management
Noan Technology Inc. ensures that identified security requirements are met by external suppliers during the procurement process. A contract with a chosen supplier addresses the demands on the supplier's IT environment and information security measures. The supplier shall present and account for their technology, routines, and processes as well as IT and information security policies. Non-disclosure agreements and other relevant regulatory agreements are signed by the supplier before the service is taken into service. Noan Technology Inc. conducts regular control of suppliers' access rights and other aspects of the agreement with the supplier. Suppliers agree to carry out assignments in accordance with the provisions specified in applicable laws and regulations in the country where the assignments are performed.
System access control
Measures that prevent unauthorized persons from using IT systems and processes:
● When provisioning access, Noan Technology Inc. adheres to the principle of least privilege and role-based permissions — meaning our employees are only authorized to access data that they reasonably must handle in order to fulfill their job responsibilities.
● Noan Technology Inc. utilizes multi-factor authentication for access to systems with highly confidential data, including our production environment which houses Personal Data. Physical access control Measures to prevent physical access of unauthorized persons to IT systems that handle Personal We Data:
● Noan Technology Inc. partners with industry-leading data center and cloud infrastructure providers. Access to all data centers is strictly controlled. All data centers are equipped with 24x7x365 surveillance and biometric access control systems. Additionally, all providers are ISO27001, ISO27017, ISO27018, SOC2 Type II, PCI DSS, and CSA STAR certified.
● Data centers are equipped with at least N+1 redundancy for power, networking, and cooling infrastructure.
Data access control
Measures to ensure that persons authorized to use NOAN have access only to the Personal Data pursuant to their access rights:
● Noan Technology Inc. utilizes the zxcvbn-estimator to validate passwords and only ensures strong passwords are used by users.
● Recovery of lost passwords is done by requesting a signed link to the user’s email account — no passwords are sent in plain text over email, chat, phone, or any other communication method.
● Noan Technology Inc. ensures passwords are hashed (and salted) securely using industry-standard best practices, and upon Subscriber request, requires single sign-on (SSO) powered by SAML 2.0, for secure user authentication.
● Noan Technology Inc. uses best-practice tools for vulnerability scanning, malicious activity detection, and blocks suspicious behavior automatically.
● Noan Technology Inc. utilizes firewalls to segregate unwanted traffic from entering the network. A DMZ is utilized using firewalls to further protect internal systems protecting sensitive data.
Transmission access control
Measures to ensure that Personal Data cannot be read, copied, altered, or deleted by unauthorized persons during electronic transmission or during transport or storage on data media and that those areas can be controlled and identified where transmission of Personal Data is to be done via data transmission systems:
● Subscriber data at rest is encrypted with AES-128 and AES-256, and data in transit is encrypted with TLS 1.2.
● Noan Technology Inc. attests that the key for the encryption (for data in rest and data in transit) is kept within the EU.
Entry control
Measures to ensure that it can be subsequently reviewed and determined if and from whom Personal Data was entered, altered, or deleted in the IT system:
● Systems are monitored for security events to ensure quick resolution.
● Logs are centrally stored and indexed. Critical logs, such as security logs, are retained for at least 2 months. Logs can be traced back to individual unique usernames with timestamps to investigate nonconformities or security events. Availability control Measures to ensure that Personal Data are protected against accidental destruction or loss:
● Noan Technology Inc. saves a full backup copy of production data daily to ensure rapid recovery in the event of a large-scale disaster. Incremental/point-in-time recovery is available for all primary databases. Backups are encrypted-in-transit and at rest using strong encryption.
● Noan Technology Inc.'s patch management process ensures that systems are patched at least once every month. Monitoring, alerting, and routine vulnerability scanning occurs to ensure that all product infrastructure is patched consistently.
● When necessary, Noan Technology Inc. patches infrastructure in an expedited manner in response to the disclosure of critical vulnerabilities to ensure system uptime is preserved.
● Subscriber environments are logically separated at all times. Subscribers are not able to access accounts other than those given authorization credentials.
Separation control
Measures to ensure that Personal Data collected for different purposes can be processed separately:
● Noan Technology Inc. employs different data processing systems for different purposes. These systems are architecturally (logical and physically) separated. All systems require valid authorization to be accessed.
● To ensure against the unintentional amalgamation of data, Noan Technology Inc. separates development, testing, staging, and production environments.
Risk management
Measures to ensure that the appropriate risk management and security risk management in place include but are not limited to:
● Noan Technology Inc. conducts periodic reviews and assessments of risks, monitoring and maintaining compliance with Noan Technology Inc.' policies and procedures.
● Noan Technology Inc. ensures periodic, effective reporting of information security conditions and compliance to senior internal management. Operations security
Measures to ensure that the appropriate operations security safeguarding against malicious code in place include but are not limited to:
● Noan Technology Inc. has different systems and methods to protect the IT infrastructure against malicious code, including various antivirus scanners, spam filters, security updates, and training.
● Noan Technology Inc. uses active monitoring to ensure that antivirus scanners and spam filters are active and updated.
● Noan Technology Inc. actively installs the latest security updates on systems and applications to minimize the risk for exploitation of vulnerabilities.
● Noan Technology Inc., as part of basic training, ensures all employees and contractors take periodic training covering the identification of malicious code.
Measures to ensure that the appropriate operations security safeguarding email in place include but are not limited to:
● Noan Technology Inc. utilizes world-class email security to protect all inbound and outbound emails from malware.
● Noan Technology Inc. leverages email spam filtering services to guard against spam, virus, and phishing attacks.
● Employees of Noan Technology Inc. immediately notify staff of email identified as infected or harmful and ensure that the email sender is blocked and quarantined. The verification and assessment of whether an email is malicious or not is automated and based on the rules but rather based on the competency of each Noan Technology Inc. employee — educated on a periodic basis to identify harmful emails.
Security regarding personnel
Measure to ensure that Noan Technology Inc.' personnel comply with the laws and regulations of the country, and ensuring that personnel abides by the relevant terms and conditions of supplier and customer agreements:
● Noan Technology Inc.' personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Noan Technology Inc. conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
● Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Noan Technology Inc.' confidentiality and privacy policies. Personnel is provided with security training. Noan Technology Inc.' personnel will not process customer data without authorization.
Retention of Personal Data
During the term of the DPA, the Personal Data processed by Noan Technology Inc. will be subject to the retention requirements instructed from time to time by Subscriber. After the termination or expiration of the DPA, Section 13 of the DPA shall apply.
Subscribe to our Newsletter
We respect your privacy and will never sell your data.
