Noibu is committed to protecting your personal information

Last Updated: May 12 2026

Noibu Privacy Policy

Welcome to Noibu Technologies Inc. (“Noibu”, “We”, “Us”, or the “Company”). We prioritize your privacy and are committed to protecting and handling your personal information with the utmost care. This Privacy Policy explains how we collect and use your personal information in relation to Noibu products, services, events, and websites or applications that link to this Policy (together, the “Noibu Products”). It also describes how you can control or exercise your rights related to your personal information.

Noibu adheres to high privacy standards and complies with applicable international and local regulations, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Law 25, the EU’s General Data Protection Regulation (GDPR), relevant laws in the UK and Switzerland, and applicable U.S. state privacy laws such as the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and Virginia Consumer Data Protection Act (VCDPA).

1. What does this policy cover?

This Policy covers our collection, use, and disclosure of information about identifiable individuals (“Personal Information”), particularly those individuals who complete transactions with our e-commerce clients (our “Clients”).

This Policy does not apply to the practices of companies that we do not own or control, including those practices of our Clients. For example, if you purchase from one of our e-commerce Clients, your transaction data is managed by the Client, not by Noibu directly. We cannot accept liability for the actions or policies of these independent sites, and we are not responsible for the content or privacy practices of such sites. You should review the applicable privacy policy of any company with which you do business. We do not knowingly collect or solicit Personal Information from anyone under the age of 16.

This Privacy Policy applies when you interact with us by doing any of the following:

• Make use of our application and services as an authorized user
• Visit any of our websites that link to this Privacy Policy
• Visit any of our branded social media pages
• Visit our physical offices
• Attend any of our branded or sponsored events
• Receive any communication from us including newsletters, emails, calls, or texts
• Register for, attend, and/or take part in our events, webinars, or contests

2. Collection and use of personal information and other data

2.1 Client Account Information

In order to use certain aspects of the Service, representatives of our Clients may be required to have a valid Noibu account to log in to the Service (“Account”). When our Clients register for the Service, we generally collect only business contact information, including the company name and address. Noibu may also collect credit card billing information in order to process payments for the Noibu Service and Professional Services.

2.2 End User Data

When end users of our Clients, including online shoppers (“End Users”), engage in a transaction with the e-commerce Client of Noibu, Noibu records de-identified behavior, such as pages visited and time spent on the site.

Purpose and Legal Basis for the Processing of Personal Data

We collect and use personal data about you with your consent to provide, maintain, and develop our products and services and understand how to improve them.

These purposes include:

Building a Safe and Secure Environment

• Verify or authenticate your identity
• Investigate and prevent security incidents such as breaches, attacks, and unauthorized access

Providing, Developing, and Improving our Products and Services

• Deliver, maintain, debug, and improve our products and services
• Enable you to access Noibu services and set up accounts
• Provide the cloud services necessary to access, configure, administer, and monitor Noibu’s ecommerce error detection, session monitoring, and digital experience optimization features
• Provide you with technical and customer support

Organize and Deliver Advertising and Marketing

• Aggregate your information in an anonymized form to generate usage statistics
• Send you newsletters and other marketing communications about current and future products, programs and services, events, competitions, surveys, and promotions held by us or hosted on our behalf
• Organize events or register attendees and schedule meetings for events

Where we process your personal data to provide a product or service, we do so because it is necessary to perform contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services, to maintain our relationship with you, and to protect our business (for example, against fraud). Consent will be required to initiate services with you. New consent will be required if any changes are made to the type of data collected. Within our contract, if you fail to provide consent, some services may not be available to you.

2.3 Interactions with Noibu.com

When you interact with our website, Noibu.com, we automatically collect specific information related to your device and your activities. This includes details such as your web browser type, IP address, time zone, and cookies that are installed on your device. As you navigate through Noibu.com, we gather data on the web pages you visit, the search terms that brought you to our site, and your interactions with the site. This information is used to enhance your user experience, optimize website navigation, promote products or services tailored to your interests, and improve overall site security.

2.4 Noibu MCP and Connected Data Sources

If you choose to use Noibu's MCP features ("Noibu MCP"), Noibu MCP enables your AI model service ("AI Provider", such as Anthropic Claude, OpenAI GPT, Google Gemini, or another AI platform you have connected) to access two categories of data: (a) data from third-party platform accounts you connect ("Connected Platform Data"), and (b) data from your own Noibu account ("Noibu Account Data"), on a read-only basis. The architecture, sub-processors, and data flows for each path are different and are described separately below.

2.4(a) Connected Platform Data

Connections to third-party platforms are established exclusively via each platform's own OAuth 2.0 authorization flow, facilitated by a third-party integration provider ("Integration Provider"; currently Composio). You authorize each connection directly through the applicable platform's consent screen, and Noibu does not receive, see, or store your platform login credentials or OAuth tokens. OAuth tokens and Connected Platform Data are received and stored by the Integration Provider, not by Noibu. Noibu MCP acts as a proxy that routes tool calls from your AI Provider through the Integration Provider to the connected platform; Connected Platform Data retrieved in response is returned by the Integration Provider directly into your AI Provider's session and does not transit or reside on Noibu's servers.

Depending on the platforms you connect and the scopes you authorize, Noibu MCP may enable access to the following categories of Connected Platform Data:

• Advertising data: campaign performance, budget and spend, ad account structure, ad group and keyword performance (Google Ads)
• Email marketing data: subscriber lists, audience information, contact records, campaign performance, and events (Klaviyo, Mailchimp)
• Search performance data: top search queries and site details (Google Search Console)
• Social and content data: page posts, media, post engagement, and related interactions (Facebook, Instagram)
• Customer support data: support team and ticket overview (Gorgias)

Access is limited to the scopes you authorize through each platform's OAuth flow. You may revoke access to any connected platform at any time by revoking the OAuth authorization through that platform's account settings.

2.4(b) Noibu Account Data

Noibu MCP also enables your AI Provider to retrieve data from your own Noibu account on a read-only basis. Authorization is established via an OAuth 2.0 flow into your Noibu account, facilitated by a third-party authentication service ("Auth Provider"; currently Stytch). The Auth Provider handles only the OAuth authorization handshake and does not store OAuth tokens, Noibu Account Data, or Connected Platform Data. Noibu Account Data is served by Noibu's own systems directly to your AI Provider's session in response to AI Provider tool calls.

Noibu Account Data may include:

• Session recordings and replay data captured by Noibu's session monitoring features
• Error data, performance metrics, and diagnostic information
• Heatmaps and user behavior data
• Analytics, insights, and dashboards
• Account configurations, masking rules, and settings

Noibu Account Data is your data, which you have authorized Noibu to capture and store in connection with your use of the Noibu Service. When you use Noibu MCP to route Noibu Account Data to your AI Provider, you are instructing Noibu, on your behalf, to make your own Noibu Account Data available to your chosen AI Provider.

Important Note for Customers: End User Personal Data

Noibu Account Data, particularly session recordings and behavioral data, may contain Personal Data relating to your End Users (such as form inputs, click trails, navigation paths, or other signals), including information that may not have been masked under your session-capture configuration. When you enable Noibu MCP and route Noibu Account Data to your AI Provider, such End User Personal Data may be transmitted to and processed by the AI Provider. You are responsible for: (i) ensuring your session-capture and data-masking configurations are appropriate for transmitting Noibu Account Data to your AI Provider; (ii) ensuring your own privacy notices, terms of service, and End User consents adequately disclose and authorize such onward processing; (iii) determining whether the AI Provider's training, retention, and security practices are acceptable for the categories of data being transmitted; and (iv) complying with all applicable data protection laws in connection with such transmission.

Purpose of Processing via Noibu MCP

Connected Platform Data and Noibu Account Data accessed through Noibu MCP are used to generate AI-powered diagnostics, recommendations, and insights within your AI Provider's session; to help identify and diagnose errors and performance issues affecting your digital commerce operations; and to surface analytics and optimization suggestions. Because the AI Provider processes data within its own service, the AI Provider's privacy policy, terms of service, training practices, and retention policies govern how that data is handled during and after your session. You are responsible for reviewing and complying with the applicable AI Provider's privacy and data processing terms prior to connecting your AI Provider to Noibu MCP. Noibu does not use your data, Connected Platform Data, or Noibu Account Data to train AI models.

3. Storage Location and Transfer of Personal Information

Noibu stores its data, including Personal Information, on servers located in the United States and Canada, including through the use of our Sub-Processors. Your personal data may also be transferred to, and maintained on, servers residing outside of your state, province, country, or other governmental jurisdiction where the data laws may differ from those in your jurisdiction. We will take appropriate steps to ensure that your personal data is treated securely and in accordance with this Privacy Policy as well as applicable data protection law. We will enter into EU Standard Contractual Clauses (or equivalent measures) with parties outside the EEA and ensure adequate controls are in place for the security of your data.

4. Disclosure of personal information with third parties

4.1 Disclosure of Results to Clients

We do not share or sell your personal data to third parties, including to third-party advertisers.

4.2 Disclosure of Statistical Data

Noibu discloses aggregate statistical data to its partners and clients, such as advertisers and other third parties, who may use the data for business purposes. This information does not include any Personal Information or otherwise identify any individual End Users.

4.3 Service Providers and Business Partners

We may from time to time employ other companies and people to perform tasks on our behalf and need to share Personal Information with them to provide the Service. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. This includes third-party companies and individuals employed by us to facilitate our Service. Our current list of Sub-Processors is available here.

4.4 Business Transfers

If we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law.

4.5 With Your Consent

If we need to use or disclose any Personal Information in a way not identified in this Privacy Policy, we will notify you and/or obtain your express consent as required under applicable privacy laws.

4.6 Noibu MCP and Sub-Processor Disclosure

When you use Noibu MCP features, the following sub-processors may process personal data on your behalf:

Integration Provider (currently Composio): facilitates OAuth authorization, stores OAuth tokens, and retrieves Connected Platform Data from your connected third-party platform accounts. Connected Platform Data is returned by the Integration Provider directly to your AI Provider's session.

Auth Provider (currently Stytch): facilitates the OAuth authorization flow into your Noibu account. The Auth Provider does not store OAuth tokens or Noibu Account Data; Noibu Account Data is served by Noibu's own systems.

AI Provider (chosen by you, such as Anthropic, OpenAI, or Google): receives Connected Platform Data and/or Noibu Account Data within your AI Provider session and processes it under the AI Provider's own terms of service, privacy policy, training, retention, and security practices.

Your acceptance of the Noibu MCP Terms of Service constitutes your authorization of the Integration Provider and the Auth Provider as sub-processors for the purposes described above. Noibu may change the Integration Provider or Auth Provider, or use additional sub-processors, with reasonable notice and by updating its Sub-Processors list. You are responsible for reviewing and complying with the applicable AI Provider's, Integration Provider's, and Auth Provider's privacy policy and terms of service prior to connecting your AI Provider or any platform to Noibu MCP.

5. Security

The security of your Personal Information is important to us. We use commercially reasonable efforts, including encryption and access controls, to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you. Where Personal Information is processed by a Sub-Processor, Integration Provider, Auth Provider, or AI Provider on our behalf or at your instruction, we perform reasonable due diligence on the security practices of our own sub-processors but do not warrant the security practices of any third party.

6. Retention

We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained Personal Information will remain subject to the terms of this Privacy Policy.

7. Access, Correction, and Accuracy

7.1 Your Rights for Your Personal Data

Depending on your geographical location and citizenship, your rights are subject to local data privacy regulations. These rights may include:

Right to Access (GDPR Article 15, CCPA, PIPEDA)

You have the right to request a copy of the personal data we are processing about you.

Right to Rectification (GDPR Article 16, PIPEDA)

You have the right to have incomplete or inaccurate personal data that we process about you rectified.

Right to be Forgotten (Right to Erasure) (GDPR Article 17, CCPA, Law 25)

You have the right to request that we delete personal data that we process about you, except where we are not obliged to do so because we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.

Right to Restriction of Processing (GDPR Article 18)

You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or if we no longer need to process such data for a particular purpose, unless we are not able to delete the data due to a legal or other obligation or because you do not wish us to delete it.

Right to Portability (GDPR Article 20)

You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) we are processing that data on the basis of your consent or to perform a contract with you or the third party that subscribes to Noibu’s services.

Right to Objection (GDPR Article 21)

Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise, or defense of a legal claim.

Right Not to Be Discriminated (CCPA)

You have the right not to be denied service or have an altered experience based on having executed any of your CCPA rights.

7.2 Withdrawing Consent

If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge, such as where you wish to opt out from marketing messages that you receive from us. If you wish to withdraw your consent, please contact us at privacy@noibu.com.

7.3 How to Exercise Your Rights

You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail or by email to the Noibu Privacy Compliance Officer as listed below. For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information.

8. Changes to This Policy

We may amend this Policy from time to time. Use of Personal Information we collect is subject to the Policy in effect at the time such information is collected, used, or disclosed. If we make material changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our App or Services or sending you an email prior to the change becoming effective. You are bound by any changes to the Policy when you use the App after such changes have been first posted.

9. Contact Us

If you would like to access, correct, amend, or delete any personal information we have about you, register a complaint, or simply want more information, contact our Privacy Officer (Alex Bernier) at privacy@noibu.com or by mail at:

Privacy Officer, Alex Bernier

979 Bank Street, Suite 500

Ottawa, ON, Canada K1S 5K5

‍

Noibu Cookie Policy

Cookies and similar technologies are standard features on websites that allow us to store small amounts of data on your computer about your visit to and use of Noibu.com (“the Service”). Cookies help us determine which areas of the Service are useful and which need improvement.

Understanding Cookies and Site Data Collection

When you interact with Noibu.com, we automatically collect specific information related to your device and your activities. This includes your web browser type, IP address, time zone, and cookies that are installed on your device. As you navigate through Noibu.com, we gather data on the web pages you visit, the search terms that brought you to our site, and your interactions with the site.

Use of Cookies and Similar Technologies

In addition to the data collected as described above, when you visit or log in to our website, Noibu and our online data partners or vendors use cookies and similar technologies. These technologies help us associate your activities on our website with other personal information they or others have about you, including your email or home address, which may have been collected in previous interactions.

Types of Cookies Used on Noibu.com

• Necessary Cookies: Enable you to navigate the Site and use its services and features. Without these cookies, the Site will not perform smoothly.
• Analytics Cookies: Collect information about your use of the Service and enable us to improve the way it works.
• Performance Cookies: Help us understand and analyze the key performance indexes of the website which enhances your user experience.
• Advertising Cookies: Display targeted promotions or advertisements based on your interests on the Site or to manage our advertising.

Managing Your Cookie Preferences

You can choose whether to accept the use of cookies and similar technologies in general by changing the settings on your browser, or by adjusting specific settings for our Service. However, if you disable cookies, your experience with the Service may be diminished, and some features may not function as intended.

Opting Out of Targeted Advertising

If you prefer not to receive targeted advertising based on the information collected via cookies, you may opt out at any time by visiting https://app.retention.com/optout.

Usage of R2b2 Cookies (U.S. Residents Only)

The use of R2b2 cookies and related data tracking technologies applies specifically to residents of the United States. These technologies link the activities on our site with other personal information held about you by third parties, primarily for the purpose of delivering targeted advertising based on this information. If you are a U.S. resident and prefer not to receive targeted advertising based on this information, you may opt out at any time by visiting https://app.retention.com/optout.

Other Tracking Technologies

• Google Analytics: Uses cookies and similar technologies to collect and analyze information about use of the Site and report on activities and trends.
• Pixel Tags: Track actions of users of the Service and measure the success of our marketing campaigns.

Physical Location and Browser Information

We may collect physical location data to provide personalized services. We also collect browser or device information to ensure the Service functions properly.

How to Manage and Delete Cookies

You can manage your cookie preferences at any time through your browser settings or via our Service’s settings. Instructions for managing cookies can be found on your browser provider’s website or at All About Cookies.

For detailed instructions on deleting cookies from your browser:

• Deleting cookies in Microsoft Edge

• Deleting cookies in Firefox

• Deleting cookies in Chrome

• Deleting cookies in Opera

• Deleting cookies in Safari

For more information or any concerns, please contact us at privacy@noibu.com.