Privacy Policy

Last Updated: October 2025

At NOARA we work to offer you the best possible experience through our products and services. In some cases, it is necessary to collect information to achieve this. We are concerned about your privacy and we believe that we must be transparent about it.

Therefore, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter “GDPR”), the Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), the Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI), and the EU Artificial Intelligence Act (AI Act), NOARA, S.L. informs the User that, as data controller, it will incorporate the personal data provided by Users into an automated processing system.

Such data will be processed in accordance with applicable data protection and AI regulations, ensuring lawful, transparent, and secure handling, and Users are informed of their rights to access, rectify, erase, restrict, and object to the processing of their data, as well as the right to withdraw consent where applicable.

1. Data Controller

NOARA AI (hereinafter referred to as “Noara” or the “Organization”) is the company that created this website and is responsible for the processing of the personal data you share with us. The following is general information about the Organization:

Identity: NOARA AI.

Address: Blai 37, 1º, 08004, Barcelona, Spain,

TAX ID: ESB67983791

Email: privacy@noara.ai

If you want to make a query regarding the processing of your personal data, you can contact us through the email indicated above.

2. Personal data collected and their processing

The following is an indication of the personal data that we may process on our website and the legal basis that justifies such data processing.

• Account Usage. In order to manage and provide access to your account on our platform, we will process personal data such as your name, email, password, and profile information. Likewise, we may process any data that the user voluntarily chooses to provide to our systems. This processing ensures proper authentication, account management, and access to the services you subscribe to.

• User Data Management. To manage and maintain the data you provide during your use of the Application, we may process information such as your name, email, preferences, usage data, and any content you generate. This allows us to provide a personalized experience, improve our services, and respond to your requests.

• Legal Obligations. In order to comply with applicable legal, regulatory, or contractual obligations, we may process personal data such as identification information, billing details, and correspondence records. This ensures compliance with tax, corporate, and data protection regulations.

• Cookies and Similar Technologies. To improve your browsing experience, analyze usage, we may collect information through cookies and similar technologies, including your IP address, browser type, device identifiers, and usage patterns. You can manage your cookie preferences at any time through our cookie settings.

• “Contact us” form. To manage this form will be processed data such as your name and surname, email as well as phone and text message is optional.

• Customer and/or User Service through instant messaging. In order to manage any kind of support in case of doubts related to the services we offer, we will process your data such as your email as well as any other information you decide to communicate to us through the chat enabled.

• “Work with us” form. In order to manage any job application, we will process your data such as your name and surname, e-mail, telephone number, curriculum vitae, as well as optionally your photograph. There is the option to manage your application through Linkedin, Indeed or any third providers, whose personal data will be processed by them.

• Marketing and Communications. If you provide your personal data when creating an account or subscribing to our newsletter, we may use it to send you marketing communications about our products, services, promotions, or events. You can opt out of receiving such communications at any time by following the instructions provided in each email or contacting us directly.

We do not knowingly collect or process special categories of personal data unless explicitly provided by the Customer under their responsibility.

3. Personal data legal basis

The legal basis that justifies the processing of your data mentioned above is:

• Consent of the data subject, for processing related to demo application forms, newsletter registrations, management of job applications, user support via chat, and optional cookies accepted by the user.

• Performance of a contract, to manage and provide access to your account, deliver the services you request, and fulfill obligations arising from your subscription or use of the platform.

• Legitimate interests of Noara, to improve our services, provide personalized experiences, maintain platform security, and ensure operational efficiency.

• Compliance with legal obligations, including fraud prevention, communication with public authorities, and responding to claims from third parties.

4. Use of Artificial Intelligence Systems

The Application uses Artificial Intelligence (AI) models, including both proprietary algorithms and third-party services (such as the OpenAI API), to provide contextual recommendations and guidance within our platform. These AI-generated outputs are intended to support and enhance user decision-making, rather than replace human judgment.

Noara’s approach to AI is guided by the following principles:

• Transparency: Users are clearly informed whenever AI is used to generate insights or recommendations.

• Human Oversight: AI outputs are designed to assist users, not to make autonomous or binding decisions regarding individual performance, employment, or evaluation.

• Fairness and Non-Discrimination: We continuously monitor AI outputs to identify and mitigate potential biases, ensuring equitable treatment for all users. We use moderation service of OpenAi and, if something is flagged, we act on it.

• Data Minimization: Only the essential data necessary for generating relevant guidance is processed by AI components.

• Explainability: Users may request information about the logic, factors, and processes influencing AI-generated guidance. These requests would be directed to our team or organization, rather than to the chat interface itself.

• Regulatory Compliance: Noara classifies its AI systems as limited-risk under the EU AI Act and maintains technical documentation, risk management measures, and monitoring procedures to comply with applicable regulations.

• Data Protection: All AI processing is conducted in accordance with GDPR, LOPDGDD, and other applicable data protection laws, ensuring the secure, lawful, and transparent handling of personal data.

Through these measures, Noara ensures that AI remains a supportive tool while respecting user rights, safety, and regulatory obligations.

5. Data Retention

We only keep your Personal Data for as long as necessary for the purposes for which they were collected with your express consent, to meet your needs or to comply with our legal obligations.

To determine how long we keep your Personal Data, we use the following criteria:

• Personal Data obtained when you contact us regarding an inquiry or request: for the time necessary to resolve your inquiry;

• Personal Data obtained when you have given us consent to send communications or because it is necessary to comply with regulations: until the end of the period for which it has been requested.

We may retain some of your Personal Data to comply with our legal or regulatory obligations, as well as to administer our rights or for statistical or historical purposes.

If we no longer need to use your Personal Data, it will be deleted from our systems and records or anonymized so that you can no longer be identified.

For further information, please contact us by e-mail at privacy@noara.ai.

6. Conservation of your personal data

In general, data is stored within the EU. However, in the event that the processing of your data involves an international transfer of data outside the European Economic Area (EEA) Noara undertakes to implement the necessary security measures to ensure an adequate level of safeguarding of such transfers by means of data processor contracts and, where appropriate, will ensure that they offer an adequate level of protection, either because they have Binding Corporate Rules (BCR) or because we have signed up to the European Commission’s model clauses.

7. Data subject’s rights

You can address your communications and exercise your rights by sending a request to the following email address: privacy@noara.ai, or by sending it by post to the address indicated above. In both cases, you must include a copy of your valid identification document (DNI, passport, or equivalent) to verify your identity.

Under the GDPR you can request:

• Right of information: you can request information about those personal data we have about you.

• Right of rectification: you can communicate any change in your personal data.

• Right to erasure and to be forgotten: you can request the prior blocking of the deletion of personal data.

• Right to limitation of processing: this is to restrict the processing of your personal data.

• Right to data portability: in some cases, you may request a copy of the personal data in a structured, commonly used and machine-readable format for transmission to another data controller.

• Right to object and automated individual decision-making: you may request that decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect the data subject not be made.

In some cases, the request may be denied if you request the deletion of data necessary for compliance with legal obligations. Also, if you have a complaint about data processing, you can file a complaint with the competent data protection authority: https://www.aepd.es/.

8. Responsible for the accuracy and veracity of the data provided

The user is solely responsible for the truthfulness and accuracy of the data included, exonerating Noara from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user undertakes to provide complete and correct information in the registration or subscription form. Noara reserves the right to terminate the services contracted with users, in the event that the data provided is false, incomplete, inaccurate or not up to date.

Noara is not responsible for the veracity of the information that is not of its own elaboration and of which another source is indicated, so it does not assume any responsibility for hypothetical damages that may arise from the use of such information.

Noara reserves the right to update, modify or delete the information contained in its web pages and may even limit or deny access to such information to Noara if the claimants are exonerated.

9. Recipients to whom we communicate your data

In some cases, only when necessary, Noara will provide your data to third parties. However, the data will never be sold to third parties. The external service providers that Noara relies on to provide auxiliary services for the processing of your data may have access to your data in accordance with the instructions given by Noara and for the sole purpose of properly performing the contractual relationship that exists between Noara and its providers.

To obtain information regarding the providers that access your personal data, you can e-mail us to privacy@noara.ai.

Noara seeks to ensure the security of personal data when it is sent outside the company, and ensures that third party service providers respect confidentiality and have adequate measures in place to protect personal data. These third parties have an obligation to ensure that the information is handled in accordance with data privacy regulations. In order to comply with these safeguards, Noara enters into data processor agreements with these providers in accordance with Article 28 of the GDPR.

These subprocessors act solely under Noara’s instruction and include:

  • Amazon Web Services (AWS)
    • Purpose: Hosting infrastructure
    • Location: EU (Frankfurt)
  • MongoDB Atlas
    • Purpose: Data storage and management
    • Location: EU (Frankfurt)
  • Google Amplitude
    • Purpose: Product analytics
    • Location: EU (Ireland)
  • OpenAI
    • Purpose: AI processing (prompt handling and response generation)
    • Location: EU endpoint (where available)
  • Google Workspace
    • Purpose: Email, document creation, storage, calendar, and communication services for collaboration and productivity
    • Location: EU endpoint (where available)
  • Slack
    • Purpose: Messaging, file sharing, and team collaboration within channels and direct messages
    • Location: EU endpoint (where available)
  • Atlassian
    • Purpose: Software development project management, bug tracking, and workflow management
    • Location: EU endpoint (where available)
  • Attio
    • Purpose: CRM
    • Location: London, UK

Noara does not sell, rent, or otherwise disclose personal data to third parties for marketing purposes.

In some cases, the law may require that personal data be disclosed to public administrations or other parties, only what is strictly necessary for the fulfillment of such legal obligations will be disclosed.

10. Modification of the Policy

This privacy policy may be modified. We recommend that you review the privacy policy from time to time.

Customers will be notified of significant updates with reasonable advance notice prior to their effective date.