Privacy Policy

At Norabase, we take your privacy seriously. This Privacy Policy explains how Cilvian Ltd. ("Norabase," "we," "our," or "us") collects, uses, discloses, and safeguards your information when you visit our website and use our business intelligence platform and related services (collectively, the "Service").

This Privacy Policy applies to all users of our Service and is incorporated into our Terms of Service. By using our Service, you consent to the data practices described in this Privacy Policy.

1. Information We Collect

Personal Information You Provide to Us

We collect personal information you voluntarily provide to us when you:

• Create an account: Name, email address, company name, job title, phone number, billing address
• Use our Service: Search queries, saved searches, contact lists, notes, and preferences
• Make payments: Billing information, payment method details (processed securely by third-party payment processors)
• Contact us: Communications with our support team, feedback, and correspondence
• Participate in surveys or promotions: Responses, preferences, and feedback
• Integrate third-party services: Data from connected CRMs, email systems, and sales tools (with your permission)
• Attend events or webinars: Registration information and participation data

Information We Collect Automatically

When you use our Service, we automatically collect certain information about your device and usage patterns:

• Device and browser information: IP address, browser type, operating system, device identifiers
• Usage data: Pages visited, features used, time spent, click-through rates, session duration
• Performance data: Load times, errors, API usage, and system performance metrics
• Location data: General geographic location based on IP address
• Referral information: Website or application that referred you to our Service
• Communication data: Metadata about emails and messages sent through our platform

Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our Service. These technologies help us:

• Remember your preferences, settings, and login status
• Analyze platform performance, usage patterns, and user behavior
• Provide personalized content, recommendations, and features
• Deliver targeted advertising and marketing communications
• Ensure platform security and prevent fraud
• Comply with legal and regulatory requirements

Business Intelligence Data We Provide

Our platform contains publicly available business information about companies worldwide, including but not limited to:

• Company names, addresses, and contact information
• Industry classifications and business descriptions
• Employee counts, revenue estimates, and company size indicators
• Funding information, financial data, and growth metrics
• Executive and employee information available in public sources
• Technology usage, web presence, and digital footprint data
• News mentions, press releases, and public announcements
• Social media presence and engagement data

2. How We Use Your Information

Primary Uses

We use the information we collect for the following purposes:

• Service provision: Provide, maintain, and improve our platform services and features
• Account management: Create and manage your account, process transactions, and handle billing
• Customer support: Respond to inquiries, provide technical support, and resolve issues
• Communication: Send important updates, security alerts, and service-related notifications
• Personalization: Customize your experience and provide relevant content and recommendations
• Analytics and improvement: Analyze usage patterns to enhance user experience and develop new features
• Security and fraud prevention: Protect against unauthorized access, fraud, and security threats
• Legal compliance: Comply with applicable laws, regulations, and legal processes
• Business operations: Conduct internal business analysis, planning, and operations

Marketing and Communications

With your consent or as permitted by law, we may use your information to:

• Send marketing emails about new features, product updates, and promotional offers
• Provide customer success communications and best practice guidance
• Invite you to events, webinars, and educational content
• Conduct market research and gather feedback about our Service
• Display targeted advertising on third-party platforms

You can opt out of marketing communications at any time by using the unsubscribe link in emails or updating your account preferences.

3. Legal Bases for Processing (EU Users)

If you are located in the European Union, our legal bases for processing your personal information include:

• Contract performance: Processing necessary to provide our Service under our Terms of Service
• Legitimate interests: Improving our Service, security measures, and business operations
• Consent: Marketing communications and optional features (where consent is obtained)
• Legal obligation: Compliance with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in:

• Cloud hosting and data storage services
• Payment processing and billing management
• Customer support and communication tools
• Analytics and performance monitoring
• Marketing and advertising platforms
• Security and fraud prevention services
• Data enrichment and verification services

Legal and Regulatory Requirements

We may disclose your information when required by law, court order, government regulation, or to:

• Comply with legal processes and law enforcement requests
• Protect our rights, property, or safety, or that of our users or the public
• Enforce our Terms of Service and other agreements
• Investigate and prevent fraud, security threats, or illegal activities
• Respond to government or regulatory inquiries

Business Transfers

If Norabase is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transfer, your information may be transferred as part of the transaction. We will provide notice of such transfer and any choices you may have regarding your information.

Aggregated and De-identified Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you. This includes usage statistics, industry trends, and benchmark data that helps us improve our Service and provide market insights.

With Your Consent

We may share information with third parties when you provide explicit consent for such sharing, including integrations with your CRM systems, marketing tools, or other business applications.

5. Data Security and Protection

We implement comprehensive technical, administrative, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

Technical Safeguards

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest using industry-standard algorithms
• Regular security assessments, vulnerability testing, and penetration testing
• Secure software development practices and code reviews
• Network security controls, firewalls, and intrusion detection systems
• Multi-factor authentication for administrative access
• Regular security updates and patch management

Administrative Safeguards

• Access controls and role-based permissions
• Employee background checks and security training
• Incident response and breach notification procedures
• Regular security audits and compliance assessments
• Data handling and processing procedures
• Vendor security requirements and assessments

Physical Safeguards

• Secure data centers with environmental and access controls
• Physical access restrictions and monitoring
• Secure disposal of physical media and equipment

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

6. Data Retention and Deletion

We retain your personal information for as long as necessary to provide our Service, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention practices include:

Account Information

• Active account data is retained while your account remains active
• Account data is typically deleted within 90 days after account termination
• Billing and transaction records are retained for tax and legal compliance purposes
• Some data may be retained longer if required by law or for legitimate business purposes

Usage and Analytics Data

• Aggregated usage data may be retained indefinitely for business analytics
• Individual usage logs are typically retained for 12-24 months
• Security logs may be retained longer for fraud prevention and investigation

Communication Records

• Customer support communications are retained for quality assurance and training
• Marketing communication preferences are retained until you opt out
• Legal correspondence may be retained for compliance and dispute resolution

7. Your Rights and Choices

Access and Control

You have the following rights regarding your personal information:

• Access: Request access to your personal information and details about our processing
• Correction: Request correction or updating of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal and business requirements)
• Portability: Request a copy of your data in a portable, machine-readable format
• Restriction: Request restriction of certain processing activities
• Objection: Object to certain types of processing, including marketing communications
• Withdrawal of consent: Withdraw previously given consent for specific processing activities

How to Exercise Your Rights

To exercise these rights, you can:

• Update your account settings and preferences within the Norabase platform
• Contact us directly at contact@cilvian.com
• Use the unsubscribe links in marketing emails

We will respond to your requests within the timeframes required by applicable law, typically within 30 days for most requests.

8. Cookies and Tracking Technologies

Types of Cookies We Use

We use several types of cookies and similar technologies:

• Essential cookies: Required for basic platform functionality and security
• Performance cookies: Help us understand how you interact with our Service
• Functional cookies: Remember your preferences and personalize your experience
• Advertising cookies: Used for targeted advertising and marketing campaigns

Managing Cookie Preferences

You can control cookie settings through:

• Your browser settings and preferences
• Our cookie preference center (where available)
• Third-party opt-out tools and industry initiatives
• Mobile device settings for app-based tracking

Note that disabling certain cookies may affect the functionality of our Service.

9. International Data Transfers

Norabase operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your country.

When we transfer your personal information internationally, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by relevant data protection authorities
• Standard contractual clauses approved by data protection authorities
• Binding corporate rules and internal data transfer agreements
• Certification schemes and codes of conduct
• Other lawful transfer mechanisms as available

10. Children's Privacy

Our Service is designed for business use and is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without verifiable parental consent, we will delete that information as quickly as possible.

If you believe that a child under 16 may have provided us with personal information, please contact us immediately at contact@cilvian.com.

11. Third-Party Services and Integrations

Our Service may integrate with or contain links to third-party websites, applications, and services. We are not responsible for the privacy practices of these external services and encourage you to review their privacy policies.

CRM and Sales Tool Integrations

When you connect third-party services (such as Salesforce, HubSpot, or other CRMs) to Norabase, we may access and process data from these services as necessary to provide our integration features. This data processing is governed by both this Privacy Policy and the privacy policies of the integrated services.

Analytics and Advertising Partners

We work with third-party analytics and advertising partners who may collect information about your use of our Service and other websites or applications. These partners include:

• Google Analytics and Google Ads
• Social media advertising platforms
• Email marketing and automation services
• Customer support and communication tools

12. Data Processing Activities

Automated Decision-Making

We may use automated systems and algorithms to:

• Score and rank business opportunities and leads
• Provide personalized recommendations and content
• Detect and prevent fraud or security threats
• Optimize platform performance and user experience

These automated processes are designed to enhance our Service quality and do not typically result in significant decisions affecting your legal rights. If you have concerns about automated decision-making, please contact us.

Data Enrichment and Enhancement

We may enhance our business intelligence database using additional public sources, third-party data providers, and machine learning techniques to improve data quality, accuracy, and completeness.

13. Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: Information about the categories and specific pieces of personal information we collect
• Right to delete: Request deletion of your personal information (subject to exceptions)
• Right to opt-out: Opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination: Not be discriminated against for exercising your privacy rights
• Right to correct: Request correction of inaccurate personal information
• Right to limit: Limit the use and disclosure of sensitive personal information

To exercise these rights, contact us at contact@cilvian.com.

14. European Union Privacy Rights (GDPR)

If you are a resident of the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of access: Obtain confirmation of processing and access to your personal data
• Right to rectification: Correct inaccurate or incomplete personal data
• Right to erasure: Request deletion of personal data under certain circumstances
• Right to restrict processing: Limit how we process your personal data
• Right to data portability: Receive your personal data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making: Not be subject to purely automated decisions with significant effects

For GDPR-related inquiries and to exercise your rights, please contact our Data Protection Officer at contact@cilvian.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date
• Sending email notification to your registered email address
• Providing notice through our platform or mobile applications
• Other reasonable means of notification as appropriate

Your continued use of our Service after such changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Additional Information

Data Controller and Processor Roles

For personal information you provide directly to us (account information, usage data), Norabase acts as a data controller. For personal information contained in business intelligence data we provide, the relationship may vary depending on the specific use case and applicable law.

Cross-Border Data Transfers

Our global operations require international data transfers to provide our Service effectively. We maintain appropriate safeguards and comply with applicable data localization requirements where required by law.

Industry-Specific Considerations

If you operate in a regulated industry (healthcare, financial services, etc.), you are responsible for ensuring that your use of our Service complies with industry-specific privacy and data protection requirements.