This Privacy Policy explains how Noah Life (“Noah”, “we”, “us”) collects, uses, stores, and shares your personal data when you use the Noah Life mobile application. We comply with the EU General Data Protection Regulation (GDPR – Regulation 2016/679), Spain’s LOPDGDD (Ley Orgánica 3/2018), and Spanish data-protection authority (AEPD) guidance.
1. Who is the data controller
The data controller (responsable del tratamiento) under GDPR Article 4(7) and Spanish LOPDGDD is:
- Pixpel LDA
- Rua das Merces 41, Funchal, Madeira, Portugal 9000-224
- Data Protection contact: contact@noahlife.io
- DPO: contact@noahlife.io
The competent supervisory authority is the Spanish Data Protection Agency (AEPD): aepd.es
2. What data we process
A. Account and identity data
- Device-generated user ID (UUID v4)
- Display name (you choose)
- Age (optional)
- Preferred language
- City / country (with permission, only at onboarding)
- Accessibility settings
B. Conversation data
- Text messages you send to the AI
- AI-generated responses
- Voice recordings in real-time mode (NOT retained as audio)
- Doctor-consultation recordings (audio on device; transcript in backend)
- “Memories” – facts you choose to save
C. Health data (GDPR Article 9)
- Medications (name, dose, schedule, indication)
- Medical appointments
- Doctor consultation transcripts and summaries
- Symptoms described in conversation
D. Contact data (third parties)
- Trusted emergency contacts: name, relationship, phone, optional email
E. Usage data
- App version, OS, device type
- Crash logs (opt-in)
- Aggregated usage counters (no message content)
F. Location data
- Approximate city/country at onboarding (one-time, with consent)
- GPS at emergency call trigger (with consent)
G. Payment data
None retained by us. Subscriptions processed by Google/Apple; we receive only subscription status.
3. Why we process your data
| Purpose | Legal basis (Art. 6) | Special category (Art. 9) |
|---|---|---|
| Provide AI assistant service | Contract – Art. 6(1)(b) | Explicit consent – Art. 9(2)(a) |
| Schedule reminders / medications | Contract – Art. 6(1)(b) | Explicit consent – Art. 9(2)(a) |
| Record + summarise consultations | Contract – Art. 6(1)(b) | Explicit consent – Art. 9(2)(a) |
| Emergency calls + location | Vital interests – Art. 6(1)(d) | Vital interests – Art. 9(2)(c) |
| Service quality (aggregated) | Legitimate interest – Art. 6(1)(f) | N/A |
| Legal compliance | Legal obligation – Art. 6(1)(c) | Legal obligation – Art. 9(2)(b) |
- Train public AI models
- Sell to third parties
- Run targeted advertising
- Profile you for unrelated purposes
5. International transfers
For transfers outside the EEA, we rely on:
- Standard Contractual Clauses (Commission Decision 2021/914)
- EU-US Data Privacy Framework for certified processors
- Encryption in transit (TLS 1.2+) and at rest
Request a copy of safeguards: contact@noahlife.io
6. How long we keep your data
| Data | Retention |
|---|---|
| Account data | Until deletion or 24 months inactivity |
| Chat history | Until cleared or 12 months |
| Voice transcripts | Same as chat history |
| Voice audio | NOT retained |
| Consultation recordings | Until deleted or 36 months |
| Medications, appointments | Until deleted |
| Memories | Until deleted |
| Emergency contacts | Until deleted |
| Emergency call logs | 12 months |
| Usage counters | Anonymised after 12 months |
| Crash logs | 90 days |
| Backups | Up to 30 days after deletion |
7. Your rights
Under GDPR Articles 15–22 and Spanish LOPDGDD:
Contact us – we respond within one calendar month: contact@noahlife.io
In-app controls
- Delete a memory: long-press → Delete
- Delete a chat: … menu → Clear conversation
- Delete a medication: detail screen → Delete
- Sign out + clear local data: Settings → Sign out
8. Security
- Transport: TLS 1.2+ for all traffic
- Storage: AES-256 at rest
- Access: role-based with audit logs
- Device: secure enclave (Keystore / Keychain)
- Admin: multi-factor authentication
- Testing: regular security reviews + pentesting
9. Children
Noah is designed for adults aged 50+. We do not knowingly collect data from children under 14 (Spain’s digital consent age). Contact contact@noahlife.io if you believe a child has used the app.
10. Automated decision-making
Noah uses AI to generate responses but does not make solely automated decisions with legal or significant effects (Article 22). The AI does not diagnose, score, or decide service access. You remain in control.
12. Changes to this Policy
Material changes are notified in-app and by email. Continued use after the change indicates acceptance.
13. Contact
- Privacy / GDPR rights: contact@noahlife.io
- DPO: contact@noahlife.io
- Postal: Rua das Merces 41, Funchal, Madeira, Portugal 9000-224
- AEPD: aepd.es