Privacy Policy

2.1 Specifically, this Privacy Policy applies to the following categories of data subjects:

(a) Website Visitors: Individuals who access, browse, or otherwise interact with the Novagates website, including informational pages, marketing content, and contact forms. (b) SaaS Subscribers: Individuals or legal entities that subscribe to, purchase, or otherwise access Novagates' SaaS products, plans, bundles, or digital services, whether on a trial, paid, or enterprise basis. (c) Demo and Proposal Requesters: Individuals or representatives of legal entities who submit requests for product demonstrations, proof-of-concept engagements, quotations, or commercial proposals. (d) Enterprise and Large-Scale Technology Clients: Corporate clients, governmental entities, or organizations engaging Novagates for customized, large-scale, or enterprise-level AR, AI, or VR solutions, including integrations, deployments, and bespoke implementations. (e) Authorized End Users: Individuals authorized by Novagates' clients to access, use, or interact with the Services under a valid subscription, license, or contractual arrangement. (f) Business Contacts, Partners, and Prospects: Representatives of current or prospective customers, strategic partners, vendors, resellers, distributors, contractors, and other business counterparties. 2.1.1 This Privacy Policy governs Personal Data processed by Novagates in its capacity as a data controller, and where applicable, as a data processor, in accordance with contractual obligations.

2.2 This Privacy Policy does not apply to:

(a) Mobile applications, plugins, APIs, or third-party platforms that are integrated with or linked to the Services but operated by independent third parties; (b) Services, tools, or applications governed by separate privacy notices, data processing agreements, or contractual arrangements explicitly referenced at the point of collection. 2.2.1 Where such separate privacy notices apply, they shall govern the processing of Personal Data for those specific services, and Novagates shall not be responsible for the privacy practices of third parties outside its control.

2.3 Legal Compliance Statement

2.3.1 This Privacy Policy is intended to ensure compliance with: Applicable data protection laws and regulations of the State of Kuwait; and Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), where applicable, including with respect to international data subjects and cross-border processing. 2.3.2 Novagates applies GDPR principles as a baseline standard across its operations, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

3.1 Information You Choose to Provide

Novagates may collect Personal Data that you voluntarily submit through the website, platforms, subscription flows, contractual engagements, demo requests, or communications, including but not limited to: (a) Identification and Professional Information - Full name; - Company name, job title, and organizational role. (b) Contact Information - Email address; - Telephone or mobile number; - Business address (where applicable). (c) Commercial and Transactional Information - Billing and invoicing details; - Subscription selections and service configurations; - Payment-related information (processed exclusively through secure third-party payment processors; Novagates does not store full payment card details). (d) Account Information: Usernames, passwords, authentication credentials, and access permissions. (e) Sales, Demo, and Contractual Information: Demo requests, requests for proposals (RFPs), scope descriptions, commercial negotiations, executed contracts, and related correspondence. (f) Communications: Customer support inquiries; Email, chat, ticketing system communications, and recorded calls (where permitted by law and with notice). All Personal Data provided under this Clause is supplied voluntarily, and failure to provide certain data may limit access to specific Services or functionalities.

3.2 Technical Information

Novagates automatically collects certain technical and usage data when users access or interact with the Services, including through server logs, analytics tools, and security systems. Such data may include: Internet Protocol (IP) address; Browser type, version, and language settings; Internet service provider; Date and time stamps; Referring and exit pages; Files accessed, features used, session duration, and interaction logs; Device identifiers, including MAC addresses and unique device IDs. 3.2.1 This data is collected for system administration, security monitoring, service optimization, analytics, and fraud prevention purposes.

3.3 Device and Location Information

When accessing the Services through computers, mobile devices, tablets, AR/VR headsets, or other electronic devices, Novagates may collect: Device type, operating system, and version; Hardware model and configuration; Unique device identifiers; Approximate geographic location derived from IP address or network data. 3.3.1 Precise location data is not intentionally collected unless explicitly enabled by the user. Users may disable location permissions through their device or browser settings, subject to potential limitations in certain functionalities.

3.4 Biometric and AR/AI-Generated Data

Where required to deliver AR, AI, and VR functionalities, Novagates and/or its authorized service providers may process limited biometric-related or sensor-generated data, strictly for functional and technical purposes, including: Facial mapping vectors; Spatial recognition and depth-mapping points; Body, object, or environmental geometry simulation data; Motion, gesture, or interaction data generated by AR/VR devices. 3.4.1 Important Clarifications (a) Novagates does not perform facial recognition, identity verification, or biometric identification of individuals; (b) Biometric-related data is processed solely for visualization, simulation, analysis, or functionality of AR/AI/VR services; (c) Such data is not used for marketing, profiling, or surveillance purposes; (d) Biometric-related data is never sold, leased, licensed, or monetized; (e) Processing of such data is limited, secured, and subject to strict access controls and retention limits. Where biometric data qualifies as "special category data" under GDPR, processing shall occur only where lawfully permitted and subject to enhanced safeguards.

3.5 Account and Transaction Data

Where users create an account or purchase Services, Novagates may process: Account registration details; Subscription and service usage history; Transaction confirmations and payment status; Invoices, receipts, and accounting records. Such data is processed for contractual performance, billing, compliance, and audit purposes.

3.6 Customer Support Data

When users contact Novagates' support or technical teams, Novagates may process: Contact and identification details; Content of communications; Technical diagnostics, screenshots, logs, or error reports. 3.6.1 Customer support data is accessed strictly on a need-to-know basis and retained only for the duration necessary to resolve the request, comply with legal obligations, or maintain service quality.

3.7 Business Prospect and Enterprise Contact Data

Where individuals act as business prospects, enterprise representatives, or commercial contacts, Novagates may process Personal Data for legitimate business purposes, including: Follow-up communications and relationship management; Preparation and delivery of proposals, presentations, and commercial offers; Coordination with regional partners, affiliates, or authorized representatives. 3.7.1 Such data is processed in accordance with applicable marketing, consent, and data protection requirements and may be subject to opt-out rights.

4.1 Categories of Third-Party Sources

Personal Data may be received from the following categories of third parties: (a) Payment and Financial Service Providers: Including payment gateways, billing platforms, and financial institutions that process transactions on behalf of Novagates and provide transaction confirmations, payment status, fraud indicators, or compliance-related data. (b) Cloud Infrastructure and Hosting Providers: Including data hosting, storage, content delivery networks (CDNs), backup, and disaster recovery service providers supporting Novagates' infrastructure. (c) Analytics and Performance Providers: Including providers of website analytics, product usage analytics, error tracking, performance monitoring, and security analytics. (d) Business Partners, Resellers, and Affiliates: Including authorized distributors, integration partners, referral partners, or resellers who introduce prospective clients, manage accounts, or support regional deployment of the Services. (e) Public, Regulatory, or Lawful Sources: Including public registries, regulatory authorities, or lawful disclosures where such data is made publicly available or lawfully accessible without restriction.

4.2 Lawfulness and Responsibility

(a) Novagates relies on third parties to represent and warrant that any Personal Data shared with Novagates has been collected and transferred in compliance with applicable data protection laws and contractual obligations. (b) Novagates does not independently control the data collection practices of third parties and is not responsible for the accuracy, legality, or processing practices of such third parties prior to receipt of the data. (c) Once Personal Data is received by Novagates, it shall be processed in accordance with this Privacy Policy and applicable data protection laws.

4.3 Limitation of Liability for Third-Party Processing

To the fullest extent permitted by applicable law: (a) Novagates shall not be liable for any unauthorized processing, misuse, disclosure, or breach of Personal Data that occurs within the systems, platforms, or infrastructure of third parties outside Novagates' reasonable control; (b) Novagates shall not be responsible for any acts or omissions of third parties acting as independent data controllers; (c) Users acknowledge that third-party privacy practices are governed by their respective privacy notices and contractual arrangements. 4.3.1 This Clause does not limit any mandatory rights or remedies available to data subjects under applicable data protection laws.

5.1 Use of Cookies and Similar Technologies

Novagates uses cookies, web beacons, pixels, software development kits (SDKs), log files, and other similar tracking technologies (collectively, "Tracking Technologies") to operate, maintain, secure, and improve its website and Services. 5.1.1 These Tracking Technologies may be placed directly by Novagates or by authorized third-party service providers acting on Novagates' behalf.

5.2 Purposes of Processing

Tracking Technologies are used for the following purposes: (a) Strictly Necessary Purposes: To enable core website and platform functionality, including authentication, security, load balancing, session management, fraud prevention, and system integrity. (b) Performance and Analytics Purposes: To collect aggregated and statistical information regarding usage patterns, traffic sources, system performance, error reporting, and feature optimization. (c) Functional Purposes: To remember user preferences, language settings, and configuration choices to enhance user experience. (d) Marketing and Advertising Purposes: Where permitted by law and subject to explicit consent where required, to measure the effectiveness of marketing campaigns, retarget users, and deliver relevant communications.

5.3 Legal Basis and Consent

(a) Tracking Technologies that are strictly necessary for the operation of the Services are processed on the basis of legitimate interests and/or contractual necessity. (b) All non-essential Tracking Technologies, including analytics and marketing cookies, shall be deployed only where legally required consent has been obtained in accordance with applicable data protection and ePrivacy laws. (c) Users may withdraw or modify their consent at any time through cookie management tools, browser settings, or other available mechanisms.

5.4 Cookie Management and User Controls

5.4.1 Users may manage, restrict, or delete cookies and Tracking Technologies through their browser or device settings. Instructions for managing cookies are available through the relevant browser provider. 5.4.2 Please note that disabling or restricting certain cookies may result in limited functionality, degraded performance, or inability to access certain features of the Services.

5.5 Third-Party Cookies

5.5.1 Some Tracking Technologies may be placed by third-party service providers, including analytics, advertising, or infrastructure partners. Such third parties may act as independent data controllers and process data in accordance with their own privacy notices. 5.5.2 Novagates does not control third-party cookie technologies and disclaims responsibility for third-party data processing practices beyond its contractual obligations.

5.6 Updates

Novagates reserves the right to modify its use of Tracking Technologies in response to legal, technical, or business developments. Any material changes shall be communicated in accordance with this Privacy Policy.

6.1 Provision and Operation of Services

To operate, administer, maintain, and deliver the Services, including access to the website, SaaS platform, user accounts, subscriptions, and contractual deliverables.

6.2 Delivery of AR, AI, and VR Functionalities

To enable, configure, process, and deliver augmented reality (AR), artificial intelligence (AI), and virtual reality (VR) features, simulations, visualizations, and analytics in accordance with user instructions and selected service plans.

6.3 Subscription Management and Payment Processing

To process subscriptions, pricing plans, invoices, payments, refunds (where applicable), and related financial transactions through authorized third-party payment service providers.

6.4 Sales, Demo, and Enterprise Engagements

To respond to demo requests, proposals, requests for quotation (RFQs), requests for proposals (RFPs), enterprise inquiries, and negotiations relating to large-scale or customized technology deployments.

6.5 Customer Support and Communications

To communicate with users and business contacts, respond to inquiries, provide technical support, resolve complaints, manage service issues, and maintain operational continuity.

6.6 Analytics, Performance Monitoring, and Product Development

To monitor usage patterns, analyze performance metrics, conduct statistical analysis, improve platform functionality, enhance security, develop new features, and optimize user experience, primarily through aggregated or anonymized data where feasible.

6.7 Security, Fraud Prevention, and Risk Management

To detect, prevent, investigate, and mitigate fraud, unauthorized access, misuse of the Services, security incidents, and other activities that may compromise system integrity, data security, or business continuity.

6.8 Legal, Regulatory, and Contractual Compliance

To comply with applicable laws and regulations, enforce contractual rights, respond to lawful requests from public authorities, resolve disputes, protect legal interests, and maintain records required under applicable legal or regulatory frameworks.

7.1 Performance of a Contract

Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract, including but not limited to: Account creation and management; Provision and operation of SaaS, AR, AI, and VR Services; Processing subscriptions, payments, and service deliverables; Responding to demo requests, proposals, and enterprise engagements.

7.2 Legitimate Interests

Processing is necessary for the purposes of the legitimate business interests pursued by Novagates or a third party, provided that such interests are not overridden by the fundamental rights and freedoms of the data subject. Legitimate interests include, without limitation: Platform security, fraud detection, and abuse prevention; Service optimization, analytics, and performance monitoring; Internal administration, reporting, and business continuity; Sales, marketing, and business development activities directed at business contacts; Protection of legal rights and enforcement of agreements.

7.3 Compliance with Legal Obligations

Processing is necessary for compliance with legal, regulatory, or statutory obligations to which Novagates is subject, including: Accounting, tax, and financial reporting requirements; Regulatory inquiries, audits, and lawful requests by competent authorities; Record-keeping and compliance obligations under applicable laws.

7.4 Consent

Where required by applicable law, processing is based on the data subject's freely given, specific, informed, and unambiguous consent, including for: Marketing communications; Certain cookies and tracking technologies; Optional features involving biometric or advanced AR/AI functionalities.

7.5 Withdrawal of Consent

Data subjects may withdraw consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.

8.1 Novagates may disclose or make available Personal Data strictly on a need-to-know basis to the following categories of recipients, solely for the purposes described in this Privacy Policy:

(a) Cloud hosting, infrastructure, and storage providers, including providers of SaaS, IaaS, and PaaS solutions; (b) Payment service providers and financial institutions for payment processing, billing, fraud prevention, and accounting purposes; (c) Analytics, monitoring, CRM, and customer engagement providers used to operate, improve, and secure the Services; (d) Professional advisors, including legal, financial, accounting, and compliance advisors, subject to professional secrecy obligations; (e) Regulatory, governmental, judicial, or law enforcement authorities, where disclosure is required by applicable law, regulation, court order, or lawful request; (f) Affiliates, successors, or acquiring entities in connection with a merger, acquisition, reorganization, asset sale, or similar corporate transaction.

8.2 Novagates does not sell, rent, or trade Personal Data to third parties for independent commercial or marketing purposes.

8.3 All third parties processing Personal Data

on behalf of Novagates act as data processors (where applicable) and are bound by written agreements imposing: Confidentiality obligations; Appropriate technical and organizational security measures; Restrictions on further processing; Compliance with applicable data protection laws.

8.4 Novagates shall not be responsible

for any processing conducted by third parties acting as independent controllers outside Novagates' reasonable control or instructions.

9.1 In order to operate and provide the Services, Personal Data may be transferred to, processed, and stored in jurisdictions outside the State of Kuwait.

9.2 Where such transfers occur, Novagates ensures that appropriate safeguards are implemented in accordance with applicable data protection laws, including, where required:

Contractual confidentiality and data protection commitments; Technical and organizational measures ensuring an adequate level of data protection; Other lawful transfer mechanisms recognized under GDPR or applicable Kuwaiti regulations.

9.3 By using the Services and submitting Personal Data, data subjects acknowledge and consent, where required by law, to such international transfers, subject to the safeguards described herein.

10.1 Novagates retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including:

Performance of contractual obligations; Provision and operation of the Services; Compliance with legal, regulatory, accounting, and tax requirements; Establishment, exercise, or defense of legal claims; Dispute resolution and enforcement of agreements.

10.2 Upon expiration of the applicable retention period, Personal Data shall be securely deleted, anonymized, or irreversibly de-identified, unless further retention is required or permitted by law.

10.3 Retention periods may vary depending on: The nature of the data; The type of Service provided; Applicable legal or regulatory obligations.

10.4 Biometric and AR/AI-related data are subject to specific retention, deletion, and destruction rules set out in Section 12 (Biometric and AR/AI Data Processing) and shall not be retained beyond the stated purposes.

11.1 Novagates implements appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including:

Secure cloud infrastructure and network protections; access controls and authentication mechanisms; Regular monitoring, logging, and security assessments.

11.2 Access to Personal Data is limited to authorized personnel, contractors, and service providers who require such access for legitimate business purposes and who are subject to confidentiality obligations.

11.3 While Novagates takes reasonable and industry-standard measures to safeguard Personal Data, no system, network, or transmission method can be guaranteed to be completely secure. To the fullest extent permitted by law, Novagates disclaims liability for unauthorized access beyond its reasonable control.

11.4 Users acknowledge that they are responsible for maintaining the confidentiality of their account credentials and for any activity conducted through their accounts.

12.1 Definition

For the purposes of this Privacy Policy, "Biometric Information" means any data derived from facial geometry, spatial recognition vectors, body or object physical simulations, or other AR/AI-generated mappings that can be associated with a natural person, whether directly or indirectly.

12.2 Purpose of Processing

Novagates processes Biometric Information solely to: (a) Enable augmented reality (AR) and virtual reality (VR) simulations; (b) Perform AI-driven visual analyses for functional or personalized output; (c) Deliver personalized visual or analytical outputs in the Services.

12.3 Prohibition on Identification

Novagates does not process Biometric Information for any of the following purposes: (a) Identity verification or authentication; (b) Facial recognition or biometric matching; (c) Surveillance, tracking, or law enforcement profiling.

12.4 Retention

(a) Biometric Information is processed temporarily and deleted immediately after completion of the associated session, unless a longer period is required to fulfill a specific Service explicitly consented to by the user. (b) Certain feature-based outputs (e.g., demo exports, email delivery of AR/AI-generated images) may retain Biometric Information for a limited period not exceeding six (6) months, after which it is permanently deleted. (c) Retention periods are regularly reviewed and comply with applicable Kuwaiti and European data protection requirements.

12.5 Disclosure

Biometric Information is disclosed only to the extent strictly necessary and solely to: (a) Authorized service providers or processors acting on behalf of Novagates; (b) Enterprise clients where explicitly required to deliver contracted Services; (c) Regulatory, judicial, or law enforcement authorities when disclosure is legally mandated.

13.1 Under the GDPR and applicable Kuwaiti personal data protection laws, data subjects have the following rights with respect to their Personal Data, including Biometric Information:

(a) Right of access; (b) Right to rectification; (c) Right to erasure ("right to be forgotten"); (d) Right to restriction of processing; (e) Right to data portability; (f) Right to object to processing.

13.2 Requests to exercise any of these rights must be submitted to Novagates at: support@novagates.com or via the contact mechanisms provided on the Service.

13.3 Novagates will respond to requests without undue delay and in accordance with applicable legal timelines, typically within 5 calendar days or extended to 7 days in complex cases, subject to applicable law.

13.4 Novagates may require verification of the identity of the requestor prior to fulfilling a request to prevent unauthorized access or disclosure.

14.1 The Services are not intended for children under the age of sixteen (16).

14.2 In the event Novagates becomes aware that Personal Data of a child under sixteen has been collected, such data will be immediately deleted from our systems.

14.3 Parents or legal guardians may contact support@novagates.com to request deletion of data associated with a child.

15.1 This Privacy Policy, its interpretation, and any related processing of Personal Data are governed by the laws of the State of Kuwait.

15.2 Any dispute, controversy, or claim arising from or relating to this Privacy Policy shall be submitted exclusively to the competent courts of Kuwait for final resolution.

16.1 Novagates reserves the right to modify or update this Privacy Policy at any time to reflect changes in legal obligations, business practices, or technological developments.

16.2 Material changes will be communicated through the Service website or via email to affected users where applicable.

16.3 Continued use of the Services after notification of any modifications constitutes express consent and agreement to the updated Privacy Policy.

16.4 Users are responsible for reviewing the Privacy Policy periodically to remain informed of updates.