Approved March 2025

Introduction

This data security policy (Policy) relates to the protection and secure processing of personal information within the Noda services, including the Noda website (https://noda.ai/), Noda Apps, and any services provided by Noda (collectively, the Noda Services). We are dedicated to safeguarding personal information and ensuring compliance with applicable laws pertaining to data privacy and security, including but not limited to the UK General Data Protection Regulation (GDPR). 

Changes to this Policy

We regularly review this Policy and may modify it to reflect changes in legal requirements or our data processing practices. It is your responsibility to check this Policy periodically for updates.

Data Security Principles

We implement a range of technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, secure data transfer mechanisms, and regular security assessments.

Access Controls

Access to personal information is strictly limited to authorized personnel who require it to perform their job functions. We enforce access controls and regularly review access rights.

Data Encryption

Personal information is encrypted during transmission and when stored on our systems. We use best practices encryption technologies to protect data against unauthorized access. 

Data Retention and Disposal

We retain personal information and other customer data only for as long as necessary to fulfill the purposes for which it was collected. We have established secure disposal procedures for when data is no longer needed.

Incident Response Plan

We maintain an incident response plan to address data breaches promptly. In the event of a breach, we will notify affected individuals and relevant authorities as required by law.

Regular External Security Assessments

We conduct annual external security assessments, audits, and penetration testing to identify and mitigate risks to personal information.

Employee Training

All employees receive annual training on data security and are required to adhere to our data security policy and procedures.

Vendor Management

We carefully select and monitor third-party vendors to ensure they meet our data security standards.

Record Keeping

We maintain records of third party processing activities and relevant security measures as mandated by the GDPR.

Data Protection by Design and by Default

We integrate data protection into our processing activities and system design from the outset.

Policy Review and Update

We review and update this Policy annually to ensure it remains effective and compliant with applicable laws.

Certification

We are certified ISO 27001 compliant, and will provide documentation on request.

Contact Us

For any questions or concerns regarding this Policy or our data security practices, please contact us at security@noda.ai.