Noumi Privacy Policy
Version 1.0 | Effective Date: April 7, 2026
AGENTWILL PTE. LTD. operates Noumi, an AI assistant platform. This Privacy Policy explains how we collect, use, store, share, and protect your information — including data obtained through third-party service integrations — when you use Noumi.
By using Noumi, you agree to the practices described in this policy. If you do not agree, please discontinue use.
1. Information We Collect
1.1 Account Information
- Name, email address, phone number, and password upon registration
- Profile information (avatar, display name)
- Authentication tokens for connected third-party services
1.2 Content You Provide
- Conversations and instructions you send to Noumi
- Documents, files, images, and spreadsheets you upload to your Workspace
- Notes, drafts, and other content you create within Noumi
- Skills and methodologies you configure in the Agent Training Studio
1.3 Data from Third-Party Services (Connectors)
When you choose to connect a third-party service, we access only the data necessary to perform the actions you request. See Section 3 for details on each connector.
1.4 Usage and Device Data
- Device type, operating system, browser type and version
- IP address and approximate geographic region
- Feature usage logs, error reports, session timestamps
1.5 Payment Information
Subscription and billing records. Full payment card details are processed by third-party payment providers and are never stored by us.
2. How We Use Your Information
| Purpose | Description |
|---|---|
Core AI Service | Process your requests, generate responses, manage Workspace files |
Connector Operations | Execute actions in connected third-party services on your behalf |
Personalization | Apply your configured Skills and methodologies to tailor AI responses |
Collaboration | Enable project sharing between owners and invited collaborators |
Security | Authenticate users, prevent fraud, detect abuse |
Product Improvement | Analyze aggregated usage patterns to improve features |
Customer Support | Respond to inquiries and resolve issues |
Legal Compliance | Meet applicable legal and regulatory obligations |
Billing | Process subscriptions and send billing notifications |
AI Model Training: We do not use your personal content (conversations, emails, uploaded files, or any data from connected services) to train or improve AI/ML models — whether our own or third-party models — without your explicit, opt-in consent.
3. Third-Party Service Integrations
When you authorize a connector, we act as your agent to interact with that service. The following describes exactly what data we access and why.
3.1 Google Services (Gmail, Google Drive, Google Docs, Google Calendar)
Noumi's use of information received from Google APIs will adhere to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
Gmail
| Permission Scope | Data Accessed | How Noumi Uses It |
|---|---|---|
`gmail.readonly` | Email content (subject, body, sender, recipients, dates), labels, thread structure | Read emails as context when you ask Noumi to summarize, search, or analyze your inbox |
`gmail.send` | Compose and send email on your behalf | Send emails only when you explicitly instruct Noumi to send a message you have reviewed |
`gmail.compose` | Create and save draft emails | Save AI-drafted emails to your Drafts folder for your review before sending |
Critical Restrictions for Gmail Data:
- We do NOT use Gmail data for advertising or ad targeting of any kind.
- We do NOT sell, rent, or transfer Gmail data to third parties.
- We do NOT allow any human to read your email content, except: (a) with your explicit permission (e.g., for customer support you initiate), or (b) when legally required, or (c) to investigate a specific security incident after obtaining your consent.
- Gmail data is used only to fulfill the specific action you request within the Noumi session. We do not retain email content beyond what is necessary for the active task.
- We access only the minimum necessary data to complete your requested task.
- You can revoke Gmail access at any time from your Google Account settings at myaccount.google.com/permissions or from Noumi's connector settings.
> Limited Use Compliance: Noumi's access to Gmail data is strictly limited to providing and improving user-facing features within the Noumi Service. We do not use Gmail data to develop, improve, or train generalized AI or ML models. Our use of data obtained from Gmail APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
Google Drive & Google Docs
| Data Accessed | How Noumi Uses It |
|---|---|
File metadata (name, type, modification date) | Display your Drive files for you to select as task inputs |
File content (documents, spreadsheets, presentations, PDFs) | Read file content as context when you ask Noumi to analyze, summarize, or edit a document |
Write access to files | Create or modify files only when you explicitly instruct Noumi to do so |
Google Calendar
| Data Accessed | How Noumi Uses It |
|---|---|
Calendar list and event details | Read your schedule when you ask Noumi to help plan, reschedule, or summarize your calendar |
Free/busy information | Suggest optimal meeting times when you request scheduling assistance |
Event creation and modification | Create or update calendar events only when you explicitly instruct Noumi to do so |
Google Data Retention: Data fetched from Google APIs is used in-session to fulfill your request. We do not maintain a persistent copy of your Google data outside of your Noumi Workspace unless you explicitly save a file there.
3.2 Notion
| Data Accessed | How Noumi Uses It |
|---|---|
Pages and database content | Read Notion content as context when you ask Noumi to search, summarize, or analyze your Notion workspace |
Blocks and page structure | Understand document hierarchy for accurate content generation |
Write access to pages/databases | Create or edit Notion pages and database records only on your explicit instruction |
We do not access Notion data outside of your active task requests. No Notion content is shared with third parties.
3.3 Slack
| Data Accessed | How Noumi Uses It |
|---|---|
Channel messages and threads | Read Slack conversations you specify when you ask Noumi to summarize discussions or extract action items |
Direct messages | Access only when you explicitly include them in a task |
Send messages | Post to channels or DMs only when you explicitly instruct Noumi to do so |
We do not store Slack message history. Content is processed in-session only.
3.4 GitHub
| Data Accessed | How Noumi Uses It |
|---|---|
Repository content (code, README, etc.) | Read code and documentation when you ask Noumi to review, explain, or analyze |
Issues and Pull Requests | Read and create issues/PRs only on your explicit instruction |
Commit history | Reference commit context when requested |
3.5 Linear / Jira (Project Management)
| Data Accessed | How Noumi Uses It |
|---|---|
Issues, projects, and team data | Read task and project data when you ask Noumi to summarize, prioritize, or draft issues |
Write access | Create or update issues only on your explicit instruction |
3.6 Lark
Lark connector permissions cover messaging, cloud documents, calendar, meetings, and organizational contacts. Data is accessed and used only to execute the specific task you instruct Noumi to perform. See our Lark-specific permissions disclosure for the full scope list.
4. Data Storage and Retention
4.1 Storage Location
Primary servers are located in the People's Republic of China. For users in other regions, data may be processed via infrastructure in those regions. All cross-border data transfers comply with applicable law (including China's PIPL, GDPR, etc.).
4.2 Retention Periods
| Data Type | Retention Period |
|---|---|
Account information | Duration of account; deleted within 30 days of account cancellation |
Workspace files and conversations | Duration of account; deleted within 30 days of cancellation |
Third-party connector session data | Processed in-session; not retained beyond task completion unless you save content to your Workspace |
Payment records | As required by applicable financial regulations |
Aggregated usage analytics | Up to 24 months, in anonymized form |
5. Data Sharing and Disclosure
We do not sell your personal data. We may share data only in the following circumstances:
- Infrastructure Providers: Cloud hosting, database, and CDN providers who process data only as instructed by us under strict confidentiality agreements.
- AI Model Providers: Your conversation inputs are sent to third-party LLM API providers solely to generate responses to your requests. These providers do not use your data for model training (per our contractual agreements).
- Legal Requirements: When required by law, court order, or government authority.
- Business Transfers: In the event of a merger or acquisition, with prior notice to you.
- Collaborators: Content within a shared Noumi Project is visible to users you explicitly invite.
6. Security
- TLS encryption for all data in transit
- Encryption at rest for stored data
- Role-based access control; only authorized personnel access sensitive systems
- Regular security audits and vulnerability scanning
- Incident response procedures aligned with applicable breach notification laws
7. Your Rights
You have the right to:
- Access: Request a copy of personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Portability: Export your Workspace data in a standard format
- Revoke Third-Party Access: Disconnect any connector at any time from Noumi Settings or directly from the third-party service's account settings
- Withdraw Consent: Where processing is based on consent, withdraw at any time without affecting prior processing
- Account Cancellation: Cancel your account; data deleted within 30 days
To exercise these rights, contact us at official@noumi.ai. We respond within 15 business days.
8. Children's Privacy
Noumi is intended for users 18 years of age and older. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information, we will delete it promptly.
9. International Users
For users in the European Economic Area: Our legal bases for processing are contract performance, legitimate interests, and consent (as applicable). You may lodge a complaint with your local data protection authority. We comply with GDPR requirements for data subject rights and cross-border transfers.
10. Updates to This Policy
We will notify you of material changes via in-app notification or email at least 15 days before changes take effect. Continued use of Noumi after the effective date constitutes acceptance.
11. Contact Us
AGENTWILL PTE. LTD.
Contact: official@noumi.ai
*This policy applies to Noumi's use of Google APIs and is compliant with the Google API Services User Data Policy and Limited Use requirements.*