Privacy Policy
Nova is in pre-launch. This page reflects the current production user-facing application and server behavior, not a placeholder legal template. The operating legal entity, formal Brazilian representative, and any regulated partner notices must be completed before broader public launch. Until then, privacy requests go to hello@novadao.app.
1. Scope
This Privacy Policy covers novadao.app, the Nova app under /app, public checkout, the Nova API, the pre-launch waitlist, and Nova’s server-side services.
Nova is built as a self-custodial wallet. That matters for privacy: the application is designed so Nova does not receive your plaintext password, your .novakey, your BIP39 seed words, or an unencrypted wallet key. Nova can help operate the app, payment rails, account access, fraud review, and support, but it cannot recover or move wallet funds for you.
This policy does not cover third-party sites, blockchain explorers, webhook endpoints you configure, or payment partners acting under their own terms and policies.
2. Controller and contact
The product is published under the Nova name. The final operating legal entity and local representative details are not published in this repository yet. That is why this policy names the missing item instead of inventing a legal entity.
For privacy requests, legal notices, and security questions, contact hello@novadao.app. Use the subject Privacy request when you are asking to access, correct, delete, export, object to, withdraw consent for, or review use of your personal data.
3. Data Nova does not receive
Nova does not receive or store:
- your plaintext password;
- your decrypted
.novakey; - your BIP39 seed words or wallet entropy after wallet setup, except temporary browser-only setup state on your own device;
- private keys capable of signing wallet transactions;
- advertising identifiers from Google, Meta, TikTok, or similar ad networks;
- analytics cookies or third-party marketing pixels in the current implementation.
Because Nova does not hold wallet keys, deleting your Nova account does not erase public blockchain history and does not give Nova a way to recover lost wallet access.
4. Data Nova processes
| Area | Data | Purpose |
|---|---|---|
| Website and waitlist | Email submitted to the waitlist, email hash, locale, IP hash, consent timestamp, Turnstile result | Run the waitlist, prevent abuse, send confirmation email when email delivery is enabled |
| Account signup and login | Email, username when set, client-derived auth secret hash, invite code, consent versions, locale, failed-login count, lock state | Create accounts, authenticate users, record acceptance of terms and privacy versions |
| Email flows | Hashed verification and password-reset tokens, token expiry, IP hash, transactional email metadata | Verify email addresses, reset passwords, reduce account takeover risk |
| Sessions | Opaque session identifier hash, user id, creation time, last seen time, absolute expiry, IP hash, user agent | Keep users signed in and detect session abuse |
| Auth fraud telemetry | IP hash and network classification, FingerprintJS visitor id and component JSON, keystroke timing categories, mouse timing, paste/backspace counts, form duration, risk signals, scores, clusters | Detect duplicate accounts, credential stuffing, bots, invite abuse, and suspicious access patterns |
| Optional app diagnostics | Only if you turn it on: error type, short scrubbed message and stack, route path, app version, build, locale, viewport size, online/visibility state, and small event details. Nova strips emails, tokens, wallet addresses, long secrets, and does not attach a user id in the telemetry log | Find and fix bugs, crashes, and reliability problems |
| Wallet data on your device | Encrypted wallet record, owner stamp, encrypted .novakey backup, query cache, setup draft, display settings, service-worker app shell cache | Let the wallet work in your browser without sending private keys to Nova |
| Wallet server requests | Liquid scriptPubKeys or addresses queried, UTXOs returned by explorers, raw transaction hex submitted for broadcast, txid, asset id, amount, recipient address for recorded sends | Show balances, build transactions, broadcast transactions, provide account history and support |
| PIX and DePix flows | Deposit and withdrawal records, amount, status, external id, nonce, DePix address, PIX key for withdrawals, QR code/copy-paste data, receipt URL, bank/payment-institution fields returned by the provider | Create PIX deposits, DePix settlement, withdrawals, reconciliation, support, and dispute handling |
| Payment links and checkout | Merchant handle, profile display data, link name, amount limits, sales limit, payer name/email when the merchant asks for it, checkout status | Run public payment links and merchant checkout pages |
| API and webhooks | API key hash, key label, allowed domains/IPs, usage counters, idempotency request hash and response body, webhook URL, events, signing-secret hash, delivery payload and status | Provide authenticated API access, prevent duplicate API actions, deliver webhooks, troubleshoot failures |
| Account settings | Name, phone number, CPF hash if collected by a flow, plan, collateral fields, notification preferences, biometric-enabled preference, TOTP encrypted secret and backup-code hashes, profile photo bytes and metadata if uploaded | Run account features, security settings, notifications, profile display, and public checkout identity |
| Support | Messages sent to Nova, email address, attachments or details you choose to provide | Respond to requests and document support history |
5. Local browser storage
Nova uses browser storage for app functionality. This includes:
nova-lang: locale cookie, about 1 year, readable by JavaScript;__Host-nova_session: account session cookie, HttpOnly, Secure, SameSite=Lax;nova_display_ccy: display-currency cookie, about 1 year;nova.telemetry.enabled.v1: localStorage flag for optional app diagnostics;nova:wallet_v1andnova:wallet_v1_ownerin localStorage;nova-walletIndexedDB database and an OPFS wallet file when the browser supports it;nova:setup_entropy_hex,nova:setup_entropy_ts, and setup draft values in sessionStorage during wallet setup or same-tab recovery;nova:qcache:*localStorage entries for wallet, transaction, and quote cache;- app shell and static assets in the browser Cache API through Nova’s service worker.
Nova requests persistent browser storage when supported. You can clear browser storage, but doing so can remove the local encrypted wallet copy and app cache from that browser.
6. Third parties
Nova currently uses or can call these services:
- Cloudflare Turnstile for bot protection on auth and waitlist forms;
- Resend for transactional email such as verification and reset messages;
- Have I Been Pwned’s Pwned Passwords API from the browser, sending only the SHA-1 prefix needed for k-anonymity password breach checks;
- Eulen/DePix API for PIX-to-DePix deposits and withdrawals where available through Nova;
- Blockstream and
liquid.networkEsplora endpoints for Liquid address, UTXO, and broadcast operations; - SideSwap PayJoin API for PayJoin fee assistance where available;
- webhook URLs that you configure in your Nova account;
- public authorities or courts when Nova receives a valid request and can comply within its technical control.
Nova does not currently run Google Analytics, Meta Pixel, TikTok Pixel, or data-broker advertising integrations in the production implementation reviewed for this update.
7. Legal bases
For users in Brazil, Nova maps processing to LGPD legal bases:
- contract or pre-contract steps for account access, wallet operation, deposits, withdrawals, checkout, API, webhooks, and support;
- consent for waitlist, optional app diagnostics, or optional marketing-style communications where used;
- legitimate interest for security, abuse prevention, fraud review, rate limiting, service records, and service integrity;
- legal or regulatory obligation when Nova must preserve or disclose records, respond to valid legal process, or maintain incident and security records;
- protection of credit or fraud prevention where applicable to risk controls.
Where a feature is optional, refusing the related data can make that feature unavailable.
8. Retention
Nova keeps data only as long as needed for the relevant purpose, unless law, security, disputes, or accounting require more time.
- Account sessions expire after 30 days of inactivity and no later than 90 days after creation.
- Email verification tokens expire after 24 hours; password-reset tokens expire after 1 hour; TOTP sign-in challenges expire after 5 minutes.
- API idempotency records are designed to expire after 24 hours.
- Some risk signals expire by type, commonly 7, 14, 30, or 365 days; stronger account-linkage signals such as shared fingerprint, CPF reuse, or duplicate-account cluster may remain until account deletion or manual cleanup because they protect against repeat abuse.
- Optional app diagnostic logs are kept only while needed to investigate bugs, reliability, and product quality, then deleted or aggregated.
- Waitlist raw email is not stored in Nova’s database in the current implementation; Nova stores a hash, locale, IP hash, and consent timestamp. The email provider may process the raw address to deliver confirmation email.
- Browser wallet data stays in your browser until you remove it, the browser clears it, or the app overwrites it.
- Transaction, payment, API, webhook, audit, and support records are kept while needed for account operation, reconciliation, security, dispute handling, legal obligations, or fraud prevention.
- Account deletion uses the configured deletion flow and may include a grace period. Some records can remain where Nova must keep them for security, legal, accounting, dispute, or abuse-prevention reasons.
9. Security
Nova uses production controls including Argon2id hashing for the client-derived auth secret, hashed auth tokens, HttpOnly session cookies, SameSite cookie settings, CSRF same-origin checks, rate limits, Cloudflare Turnstile, disposable-email blocking, TOTP support, encrypted TOTP secrets, hashed backup codes, API key hashing, webhook signing, server-side audit logging for account/payment/API activity, and browser-side encrypted wallet storage.
These measures reduce risk but do not make any internet service risk-free. Nova will not ask for your password, seed words, or decrypted .novakey.
10. Automated review
Nova uses automated and semi-automated risk controls. They can reject disposable email signup, rate-limit activity, lock repeated failed logins, flag suspicious accounts for human review, or affect fraud-review queues. You may request a human review by emailing hello@novadao.app.
11. Your rights
Depending on the law that applies to you, including the LGPD for people in Brazil, you can ask Nova to:
- confirm whether Nova processes your data;
- access a copy of data linked to you;
- correct incomplete or inaccurate data;
- delete, anonymize, or block data that is unnecessary, excessive, or processed unlawfully;
- receive portability where applicable;
- withdraw consent for consent-based processing;
- object to processing where the law allows;
- request review of decisions made only through automated processing that affect your interests.
Brazil’s LGPD gives a full access response deadline of up to 15 days for the complete statement. Some requests may be limited by security, legal obligations, trade secrets, fraud prevention, accounting, dispute handling, or public blockchain immutability.
12. Children
Nova is for users who are at least 18 years old. Nova does not knowingly offer accounts to children or teenagers.
13. Changes
Nova may change this policy at any time, as allowed by applicable law. Check this page regularly. The version published here is the valid version. Nova will notify significant changes by email to the registered address.
Nova will update this policy before enabling materially different data collection, analytics, advertising pixels, a new payment partner flow, or broader public launch entity details.