Privacy Notice

Privacy Notice

1. Introduction

This Privacy Policy explains how Nevo (“we”, “us”, “our”) collects, uses, stores and protects information about you when you use the Nevo platform, our website at nevo.ai, our mobile and desktop apps, our APIs, and any related services (collectively, the “Services”).

We are committed to protecting your privacy. We never train AI models on your prompts, conversations, or files, and we never sell your data to third parties.

By using Nevo you agree to this Policy. If you do not agree, please do not use the Services. We may update this Policy from time to time — the latest version is always available at nevo.ai/privacy.

2. Information we collect

We collect information that you provide directly, information collected automatically when you use the Services, and information from third-party sources we work with.

  • Account information: name, email address, company name, role, profile picture, and account credentials provided when you sign up or log in.
  • Usage data: prompts, completions, files, conversations, projects, prompt library entries, and metadata about your activity inside Nevo.
  • Device & technical data: IP address, browser type, operating system, device identifiers, language preferences, and approximate location.
  • Billing information: company billing address, VAT/tax ID, plan tier, billing cycle, and invoice history.

We do not collect special categories of personal data (race, religion, health, biometrics) and we ask that you do not submit such data through the Services.

  • Payment instrument data: card number, expiry, security code and billing postal code — collected and stored by our payment processor (Solidgate). Nevo does not store your full card details on our servers.
  • Communications: messages you send to our support team, feedback, and survey responses.
  • Cookies and similar technologies: identifiers stored in your browser to keep you logged in, remember preferences, and measure usage. See “Cookies and tracking” below.
  • Third-party data: information from identity providers (Google, Microsoft, Okta) when you log in via SSO, and from analytics tools that help us understand product usage.

3. How we use your information

We process information so the Services work, billing is accurate, and our team can help when you reach out. We rely on contractual necessity, legitimate interest, and your consent as legal bases under GDPR.

  • Provide the Services: route prompts to AI providers, store conversations, run search, generate images, and apply per-team policies you configure.
  • Manage your account and subscription: send sign-up confirmations, plan-change notices, invoices, and security alerts.
  • Customer support: respond to your questions, troubleshoot issues, and improve the help center.
  • Marketing: send product updates, tips and event invitations — only with your consent and only via channels you choose. You can opt out of marketing emails at any time using the unsubscribe link or in your account settings.
  • Security & abuse prevention: detect fraud, enforce our Acceptable Use Policy, and protect your account from unauthorized access.

Product analytics: understand how teams use Nevo so we can improve onboarding, performance, and reliability. We aggregate and de-identify analytics wherever possible.

We never use your prompts, files, or conversations to train AI models — neither ours nor those of our model providers. Model providers (OpenAI, Anthropic, Google, Mistral and others) operate under Zero Data Retention agreements that prevent training on your data.

4. Sharing your information

We share your information only with the parties listed below, and only to the extent necessary to provide the Services. We do not sell or rent your personal data to third parties.

With service providers

We share information with vendors who help us operate the Services — cloud hosting (AWS, Google Cloud), AI model providers (OpenAI, Anthropic, Google, Mistral), payment processing (Solidgate), email delivery, analytics, customer support, and error monitoring.

Each provider operates under a written Data Processing Agreement (DPA) that requires confidentiality, security controls, and limits the use of data to the services they provide to us. A list of our current sub-processors is available below.

With your team and admins

If you use Nevo as part of a workspace owned by your employer or organization, your workspace administrators may be able to view your activity, billing details, and content you created within the workspace.

Workspace owners are also data controllers in some scenarios — please review your organization’s internal privacy and acceptable use policies.

5. Payment data

Nevo uses Solidgate as our primary payment processor. When you pay for a Nevo subscription, your card details are submitted directly to Solidgate’s PCI-DSS-compliant systems and are never stored on Nevo’s servers.

Payment processor (Solidgate)

Solidgate stores card numbers, expiry dates, and security codes in tokenized form. Nevo only receives a payment token, the last four digits of your card, and the card brand for display in your billing settings.

If you’d prefer to pay by invoice (annual contracts and Enterprise plans), we will share your billing email with our finance team and invoicing tools to issue and track payments.

Refunds and chargebacks

If you request a refund or initiate a chargeback, we share the necessary transaction information with Solidgate, your card issuer, and our finance team to investigate and resolve the dispute.

Refund processing typically takes 5–10 business days. See our Terms of Service for the full refund policy.

6. Cookies and tracking

Nevo uses cookies and similar technologies (web beacons, pixels, local storage) to operate the Services, remember your preferences, secure your account, and measure how features are used. You can manage cookies via the cookie banner on first visit and at any time via the cookie settings link in our footer.

Essential cookies

Required to keep you logged in, route requests, prevent fraud, and load the application. These cannot be disabled.

Examples: session ID, CSRF protection token, workspace selector preference.

Analytics & functional cookies

Help us understand how teams use Nevo so we can improve the product. Loaded only after you give consent in regions where consent is required (EU/EEA/UK).

We do not run advertising cookies or third-party tracking pixels for advertising. For details on each cookie we use, see our Cookies Policy at nevo.ai/cookies.

7. Your rights & data retention

Depending on your location, you have rights over the personal data Nevo holds about you. You can exercise these rights at any time by emailing privacy@nevo.ai or via the in-app Settings → Privacy section.

GDPR rights (EU/UK)

Right to access, correct, delete, restrict, port, or object to processing of your personal data; right to lodge a complaint with your supervisory authority.

We respond to verified requests within 30 days. Workspace administrators can also export and delete user data via the admin console.

CCPA / CPRA rights (California)

Right to know what personal information we collect, the right to delete it, the right to opt out of sale (we never sell), and the right to non-discrimination for exercising your rights.

Retention: we keep account data for as long as your account is active. After deletion, backup copies are purged within 30 days. Aggregated, de-identified data may be kept longer for analytics.

8. Sub-processors

We engage trusted vendors to operate the Nevo Services. Each is bound by a Data Processing Agreement and uses information only as instructed. Updates to this list are published at nevo.ai/sub-processors.

We notify customers of new sub-processors at least 30 days in advance via email and in-app banner. Enterprise customers can object to new sub-processors per their Data Processing Agreement.

9. Security & contact

We use industry-standard security controls to protect your data — encryption in transit (TLS 1.2+) and at rest (AES-256), SSO, MFA, audit logs, and regular penetration testing. Nevo is SOC 2 Type II certified and ISO 27001 in progress.

Data location: by default Nevo stores customer data in EU (Frankfurt). US and APAC regions are available on Enterprise plans.

Incident response: if we detect a security incident affecting your data, we will notify affected customers within 72 hours and publish a post-mortem within 14 days at status.nevo.ai.

If you have questions about this Privacy Policy or want to exercise any of your rights, contact us at:

Privacy & data requests

Email privacy@nevo.ai for any privacy-related question, data access request, or to revoke consent. Our Data Protection Officer responds within 30 days.

For Enterprise customers, your dedicated Customer Success Manager can route requests internally — see your account-team contact in the admin console.

Book a demo