Privacy Policy

Last updated: Feb 17, 2026

This Privacy Policy explains how JOIDY OÜ (registry no. 17057004, VAT EE102772896, Kaupmehe tn 7-120, 10114 Tallinn, Estonia) — operating as Nobori.ai — collects, uses, and protects personal data when you visit or use Nobori.ai (the “Service”).

1. Controller and Contact

Controller: JOIDY OÜ (d/b/a Nobori.ai)
Email: privacy@nobori.ai
Phone: +372 669 2152

We comply with the EU General Data Protection Regulation (GDPR) and Estonian law.

2. Data We Collect and Purpose of Processing

We collect and process limited personal data necessary to provide and improve our Service:

  • Account and billing data (name, email, company, billing details, VAT number) — to manage your account, deliver invoices, and meet tax obligations.
  • Payment data — processed securely by Stripe Payments Europe Ltd; we never store card numbers.
  • Usage, analytics, and diagnostic data (for example: IP address, device type, pages visited, interactions with the Service, performance metrics, and error/diagnostic logs; and, where enabled, session recordings of your interactions with the Service interface) — to operate, secure, troubleshoot, and improve the Service.
  • Support communications — to respond to your inquiries.
  • Marketing emails (optional) — only if you consent to receive updates.

We do not intentionally collect sensitive personal data.

3. Legal Bases for Processing

Processing is based on:

  • Contract (Art. 6 (1)(b)) for account creation and Service delivery;
  • Legitimate interest (Art. 6 (1)(f)) for security, analytics, and improvement;
  • Legal obligation (Art. 6 (1)(c)) for billing and taxation;
  • Consent (Art. 6 (1)(a)) for marketing communications.

4. Use of Data

We use personal data to:

  • provide and maintain the Service: generate summaries, insights, and recommendations based on your inputs (where applicable);
  • process payments and subscriptions;
  • deliver customer support;
  • detect and prevent misuse;
  • send essential updates about the Service.

We do not sell or rent personal data.

5. Data Transfer

We share and transfer personal data only when necessary to deliver the Service, when you consent, or when another legal basis applies.

5.1 Transfers to Non-EU Countries

Some service providers (such as Stripe and Google) may process data in the USA or other countries.
Since these countries may not offer the same level of data protection, transfers rely on EU Standard Contractual Clauses and, where applicable, Art. 49 GDPR (performance of a contract or your consent).
These providers must ensure an adequate level of protection for your data.

6. Data Sharing and Processors

We share data only with trusted processors that support our operations, including:

  • payment and billing providers;
  • cloud infrastructure and hosting providers;
  • product analytics and session recording providers;
  • error monitoring and performance diagnostics providers;
  • communications providers (email and support tooling);
  • data acquisition providers (including proxy and web data retrieval infrastructure);
  • AI processing providers used to generate outputs, insights, or recommendations.

    • All processors operate under binding data-processing agreements.

    7. Cookies and Analytics

    We use essential cookies required for core website functionality. We also use analytics technologies to understand how the website and Service are used and to improve performance. These technologies may use cookies or similar identifiers. You can control cookies through your browser settings; some features may not work correctly if cookies are disabled.

    8. Data Retention

    We keep your data only as long as needed to provide the Service and meet legal requirements.
    When your account is deleted, related data is removed or anonymized within a reasonable period.
    Analytics, session recordings (if enabled), and diagnostic logs are retained only for a limited period and are then deleted or anonymized.
    Some records, like billing data, may be retained longer if required by law.

    9. Security

    We apply industry-standard security measures to protect personal data against unauthorized access, alteration, or loss.
    Access to systems is restricted to authorized personnel under confidentiality obligations.

    10. Your Rights

    You can ask us at any time to:

    • access, correct, or delete your personal data;
    • limit or object to how it’s processed;
    • withdraw any consent you’ve given.

    You may also contact the Estonian Data Protection Inspectorate or your local authority if you believe your rights are violated.
    Email privacy@nobori.ai — we’ll respond as soon as possible, usually within 30 days.

    11. Children

    The Service is intended for business use only.
    We do not knowingly collect data from anyone under 18.

    12. Changes to This Policy

    We may update this Policy periodically.
    Material changes will be announced by email or in-app notice.
    The “Last Updated” date shows the current version.

    13. Contact

    JOIDY OÜ — Nobori.ai
    Kaupmehe tn 7-120, 10114 Tallinn, Estonia
    VAT EE102772896
    Email: privacy@nobori.ai
    Phone: +372 669 2152