NovixChat
中文Coming Soon

Privacy Policy

Last updated: April 2025

1. Introduction

Novix Star Limited ("the Company", "we") operates the NovixChat platform (including novixchat.ai and app.novixchat.ai). This Privacy Policy explains how we collect, use, store, and protect personal data processed through our platform.

This Privacy Policy serves as a Personal Information Collection Statement ("PICS") pursuant to Data Protection Principle 1 of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong). The purposes of collection are set out in Section 3 below. Collection of each category of data in Section 2 is necessary for those stated purposes and is not excessive in relation to them.

By using our platform, you consent to the data processing practices described in this Privacy Policy.

2. Data We Collect

We collect the following categories of data:

2.1 Merchant Data

  • Account information: email address, business name, contact number
  • Business information: product catalogue, business hours, payment methods
  • Payment information: processed via Stripe; we do not directly store credit card numbers

2.2 End User (Customer) Data

  • WhatsApp phone number and display name
  • Conversation content (text, images, voice messages)
  • Order and booking records
  • AI-extracted customer preference memories

2.3 Automatically Collected Data

  • Device information (browser type, operating system)
  • IP address
  • Usage logs and analytics data

3. Data Controller & Processor Roles

With respect to Merchant Data (Section 2.1) and Automatically Collected Data (Section 2.3), Novix Star Limited is the data user (controller).

With respect to End User Data (Section 2.2), the merchant is the data user (controller) and Novix Star Limited acts as a data processor on the merchant's behalf. Merchants are responsible for providing their own privacy notices to their end users and for ensuring a lawful basis for the collection and processing of End User Data.

4. How We Use Your Data

We use the collected data to:

  • Provide and maintain the NovixChat platform
  • Automatically process customer conversations, orders, and bookings via AI
  • Improve AI response quality and platform features
  • Process payments and billing
  • Send service-related notifications (e.g. order confirmations, booking reminders)
  • Detect and prevent fraud or abuse

5. Automated Decision-Making

Our platform uses AI to automatically generate replies to customer messages, process orders, and manage bookings. These automated processes are based on rules and information configured by the merchant. No automated decisions are made that produce legal effects or similarly significant effects on end users without human oversight by the merchant.

6. Data Storage & Security

  • All data is stored in encrypted cloud databases
  • Each merchant's data is fully isolated and inaccessible to other merchants
  • Media files (images, voice) are automatically deleted after 90 days
  • All data in transit is encrypted via HTTPS
  • Payment data is handled by Stripe in compliance with PCI DSS standards

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Active account data: Retained for the duration of the merchant's subscription and deleted within 90 days of account termination, unless otherwise required by law.
  • Conversation text and AI memories: Retained for the duration of the merchant's subscription unless earlier deletion is requested.
  • Media files (images, voice): Automatically deleted after 90 days.
  • Billing and financial records: Retained for 7 years as required by the Inland Revenue Ordinance (Cap. 112).
  • System logs: Retained for up to 12 months for security and debugging purposes.

8. Data Sharing

We do not sell your personal data. We only share data in the following circumstances:

Service providers: We use third-party services to operate the platform. These providers only receive the minimum data necessary. Key providers include:

  • Meta / WhatsApp — messaging channel (phone numbers, conversation content, media files)
  • Stripe — payment processing (email address, payment details, subscription records)
  • Cloud database and hosting providers — account and business data storage
  • AI language model providers — conversation content is transmitted to generate AI replies; conversation content sent to AI providers is used solely for generating replies and is not used for model training purposes by us or, to the extent within our control, by the AI provider
  • Error monitoring providers — system error logs (no personal data)
  • Merchants: Messages and related data sent by customers via WhatsApp are provided to the respective merchant.
  • Legal requirements: When required by law or to protect the rights and safety of the Company, users, or the public.

9. Cross-Border Data Transfers

Data processed through our platform may be transferred to, and stored at, servers located outside of Hong Kong, including but not limited to the United States and other jurisdictions where our service providers operate. By using the platform, you acknowledge and consent to such transfers. We take reasonable steps to ensure that any third-party recipients of personal data provide a level of data protection comparable to that required under the PDPO.

10. Direct Marketing

In accordance with Sections 35A–35C of the PDPO, we will not use your personal data for direct marketing unless we have obtained your prior written consent (or, in the case of electronic communications, your indication of no objection). Before seeking your consent, we will inform you of the types of personal data to be used and the classes of marketing subjects.

You may withdraw your consent or opt out of direct marketing communications at any time by contacting contact@novixchat.ai or using the unsubscribe mechanism provided in each communication.

11. Your Rights

Under the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong), you have the right to:

  • Access your personal data held by us (Section 18, PDPO)
  • Request correction of inaccurate data (Section 22, PDPO)
  • Request that we cease using your personal data for direct marketing purposes (Section 35C, PDPO)

You may also withdraw any consent previously given for data processing purposes not required for the provision of our services, subject to our right to cease providing services where such consent is necessary for service delivery. To exercise these rights, please contact contact@novixchat.ai.

12. Children's Data

Our platform is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that personal data from a child under 16 has been collected without parental consent, we will take steps to delete such data promptly.

13. Cookies

Our platform uses essential cookies to maintain login sessions and ensure proper service operation. We do not use tracking or advertising cookies.

14. Policy Updates

We may update this Privacy Policy from time to time. Any material changes will be posted on this page with an updated "Last updated" date.

15. Contact Us

For any questions regarding this Privacy Policy, or to exercise your data rights, please contact:

Novix Star Limited Address: Rm 1805-06, 18/F, Hollywood Plaza, 610 Nathan Road, Kowloon, Hong Kong Tel: +852 5291 5382 Email: contact@novixchat.ai