NobleAI Privacy Policy

‍

I. Notice at Collection and Scope

This Privacy Policy describes how Noble Artificial Intelligence, Inc. (“NobleAI,” “we,” or “us”) processes Personal Data in connection with its websites, products, and business operations. At or before the time of collection, we gather specific categories of personal information for the business purposes described in Section 4. We collect this data from website visitors, prospective business contacts, and representatives of our Clients. This Policy applies regardless of whether an individual has an active customer relationship with NobleAI.

‍California Privacy Notice:

This section applies solely to California residents and is provided pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CPRA"). This notice supplements the information contained elsewhere in this Privacy Policy.

Categories of Personal Information Collected: Identifiers; professional or employment-related information; internet or network activity information; and, where applicable, account access credentials. NobleAI does not collect sensitive personal information for the purpose of inferring characteristics about California residents.

Purposes of Collection: Personal information is collected for business purposes including operating and securing our websites and services, communicating with business contacts, managing contractual relationships, complying with legal obligations, and preventing fraud and misuse.

Retention: Personal information is retained only for as long as reasonably necessary to fulfill the purposes described above, taking into account the nature of the information, legal and regulatory requirements, and operational needs.

Sales and Sharing: NobleAI does not sell personal information and does not share personal information for cross-context behavioral advertising.

II. Roles Under Data Protection Law

Depending on the context of the interaction, NobleAI acts as either a "Controller" (or "Business" under U.S. law) or as a "Processor" (or "Service Provider"). We act as a Controller when processing data for our own operational, administrative, security, marketing, or analytics purposes, such as when you access our websites or contact us for information. We act as a Processor when processing "Customer Data" on behalf of our Clients under a separate data processing agreement (DPA). In such cases, the Client’s privacy notice and policy governs the processing and you should contact the Client to exercise your rights.

III. Categories of Personal Information Collected

‍
We collect several categories of information to conduct our business, including:
‍
• Identifiers: Names, email addresses, and IP addresses.

• Commercial Information: Billing records and products considered.

• Internet or Network Activity: Browsing history and interactions with our website.

• Professional or Employment-related Information: Job titles and employer details.

• Sensitive Personal Information: Account log-in credentials provided to secure access to our services.

We do not use or disclose sensitive personal information for purposes other than those permitted by law.

IV. Purposes and Legal Bases for Processing

Under the GDPR and similar frameworks, we process your information based on the following legal foundations:

Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party, such as managing your account or providing technical support.

Legitimate Interests: We process information to fulfill our legitimate interests in improving our products, maintaining system security, and conducting business-to-business marketing, provided these interests do not override your fundamental rights.

Legal Obligation: We process data to comply with legal mandates, such as tax or regulatory requirements.

Consent: We process data based on your explicit consent, such as when you opt-in to marketing communications or accept non-essential cookies.

Where we rely on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

V. Disclosures to Third Parties

In the preceding 12 months, we have disclosed identifiers, commercial information, and internet activity to specific categories of third parties for business purposes. These recipients include Service Providers (and their Sub-Processors) who assist in our daily operations—such as cloud hosting, CRM platforms, and security vendors—under strict confidentiality obligations. We also engage Analytics Providers who help us optimize website performance and understand user engagement.

VI. No Sale or Sharing of Personal Information

NobleAI does not sell your personal information to third parties for monetary or other valuable consideration, nor do we "share" your personal information for cross-contextual behavioral advertising. We have no actual knowledge of any sales or sharing of personal information pertaining to individuals under the age of 16.

Because NobleAI does not sell or share personal information for these purposes, opt-out rights relating to such activities do not apply.

VII. International Data Transfers

NobleAI is based in the United States. When we transfer data from the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure a similar degree of protection is afforded to it. We utilize the EU-U.S. Data Privacy Framework or the European Commission’s Standard Contractual Clauses, which legally require the recipient to protect your data according to established international standards.

VIII. Your Global Privacy Rights

Whether you are a resident of California or the European Economic Area, you possess the right to request access to the specific pieces of personal information we hold, the right to request the deletion of your data, and the right to correct inaccuracies. European residents additionally have the right to data portability, the right to object to processing based on legitimate interests, and the right to restrict processing in certain circumstances.

Requests Regarding Customer Data. Please note that if your personal information is processed by NobleAI on behalf of one of our business Clients, we are acting as a "Processor" or "Service Provider". In these instances, the Client serves as the "Controller" and maintains primary responsibility for managing privacy requests. If you seek to exercise your rights regarding data processed in this capacity, you should direct your request to the relevant Client. If you contact us directly regarding such data, we will refer your request to the appropriate Client.

How to Exercise Your Rights. For data where NobleAI acts as a Controller, you may submit a request by emailing us at privacy@noble.ai. To protect your privacy, we will verify your identity by matching the information you provide in your request with the data we already maintain in our systems. When NobleAI is processing your data for one of our Clients, please contact that Client directly.

Authorized Agents. You may designate an authorized agent to submit a request on your behalf. We will require the agent to provide proof of your signed permission to act on your behalf, and we may also require you to verify your own identity directly with us.

IX. Security and Data Retention

NobleAI implements industry-standard physical, technical, and administrative safeguards designed to protect your Personal Data from unauthorized access or disclosure. We retain each category of information only for as long as is reasonably necessary to fulfill the purposes for which it was collected, to resolve disputes, or to comply with our legal, tax, and reporting obligations. We may also retain information based on the criteria used to determine such retention periods.

X. Contact Information and Complaints

For questions regarding this policy or to exercise your rights, please contact:

Noble Artificial Intelligence, Inc.

Attn: Privacy Department

2041 East St, PMB 412

Concord, CA 94520

Email: privacy@noble.ai

‍

If you are located in the EEA or UK, you also have the right to lodge a complaint with your local Data Protection Authority.

‍