Privacy Policy
Last updated July 10, 2026
NovaGate Solutions (“NovaGate”, “we”, “us”) operates the NovaGate Solutions Hub (the “Hub”) and the NovaGate Agent Browser extension (the “Extension”). This policy explains what information we handle, how we use it, and the choices you have. By using the Hub or the Extension, you agree to this policy.
1. Information we handle
- Account information. Your name, email address, and profile picture from Google Sign-In or email registration, plus your role within the workspace.
- Google Workspace data. With your permission (via Google OAuth), we access your Google Drive, Gmail, and Calendar so the Hub and your AI agent can read and act on your behalf for features you use. We request only the scopes those features need.
- Content you create in the Hub. Projects, tasks, notes and documents, meetings and transcripts, contacts, drafts, and your agent conversations.
- AI processing. Your prompts and the relevant content are sent to AI model providers to generate responses, summaries, and drafts.
- Extension data. When you run a browser task, the Extension sends the content of its dedicated agent tab — visible text, interactive elements, the tab’s URL and title, and screenshots — to your Hub. See section 4.
- Technical data. Minimal logs required to operate, secure, and debug the service.
2. How we use your information
- To provide and operate the Hub and Extension and the features you use.
- To let your AI agent complete tasks you request across email, calendar, Drive, outreach, records, and the browser.
- To secure the service, prevent abuse, and diagnose problems.
We do not sell your data and do not use it for advertising.
3. Google user data (Limited Use)
NovaGate’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide and improve the features you use; we do not transfer it to others except as needed to provide those features, for security, or to comply with law; we do not use it for advertising; and no human reads it except with your consent, for security, or where required by law. You can revoke our access at any time in your Google Account permissions.
4. Browser extension (NovaGate Agent Browser)
The Extension connects your browser to your Hub so your agent can perform tasks in a dedicated tab, using the sites you’re already signed in to.
- It does nothing until you link it to your account with a one-time pairing token.
- During a task it reads the dedicated agent tab’s visible text, interactive elements, URL and title, and captures screenshots, and transmits these to your Hub only so the agent can act and you can supervise each step.
- It communicates only with your Hub — never with third parties.
- Your pairing token is stored locally in your browser (
chrome.storage.local). - Actions that send, post, or spend require your explicit approval, and you can disconnect in the Extension or revoke a paired browser from Settings at any time.
5. Service providers
To deliver the service we rely on trusted third-party processors — including AI model providers (to generate responses), Google (Workspace access), and email and outreach providers. They process data only to perform services for us, under their own security and privacy obligations, and are not permitted to use it for their own purposes.
6. How your data is shared
We do not sell personal data. We share data only with the service providers who help us operate the service, when required by law, or to protect the rights and safety of our users and the public. Inside your workspace, visibility follows the Hub’s permission model: content is private by default, shared items are visible to those you share them with, and administrators have oversight only on specific governance surfaces (such as the outbound-approval queue).
7. Data retention and deletion
We keep your data for as long as your account is active or as needed to provide the service. You can delete content within the Hub — deleting a chat permanently removes it and its messages. Uninstalling the Extension removes the locally stored token. To request deletion of your account and associated data, contact us using the details below.
8. Security
We use industry-standard safeguards, including encrypted transport, scoped access tokens that are refreshed rather than stored in the clear where possible, and per-user permission checks on every read and write. No method of transmission or storage is perfectly secure, but we work continuously to protect your information.
9. Your choices
- Revoke Google access from your Google Account permissions page.
- Disconnect or revoke the browser Extension from Settings.
- Manage notification preferences in Settings.
- Request access to, correction of, or deletion of your data via the contact below.
10. Changes to this policy
We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice.
11. Contact us
Questions about this policy or your data? Email us at engineering@novagate-solutions.com.
