N
Niovex

Privacy Policy

Last updated: April 15, 2026

1. Introduction

Niovex ("we", "us", or "our") operates the document screening service available at niovex.io (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using Niovex, you agree to the practices described here.

Niovex is developed and operated by Innova RE IT Services. If you have questions about this policy, contact us at privacy@niovex.io.

2. Information We Collect

2.1 Google Account Information

When you sign in using Google OAuth, we receive and store your Google account email address, name, and profile picture. We use this information solely to identify your account within Niovex.

2.2 Google Drive Access

Niovex requests read-only access to Google Drive (https://www.googleapis.com/auth/drive.readonly). We use this permission exclusively to:

  • List files in the Google Drive folder you explicitly connect to Niovex.
  • Read the content of those files in order to extract text and generate search embeddings.
  • Check for changes to those files so your index stays up to date.

We do not access any Google Drive files outside the folder you explicitly connect. We do not read, modify, create, delete, or share any files in your Google Drive. We do not access your Google Calendar, Gmail, Contacts, or any other Google service.

2.3 OAuth Tokens

To maintain your session and refresh Drive access without requiring you to re-authenticate each visit, we store your Google OAuth access token and refresh token encrypted in our database. Tokens are encrypted at rest using AES-256-GCM and are accessible only by the Niovex backend services operating on your behalf. We do not share tokens with any third party.

2.4 Document Content

To provide AI-powered search, we extract text from your documents and generate vector embeddings (numerical representations of meaning). We store:

  • Text chunks extracted from your documents, encrypted at rest with AES-256-GCM.
  • Vector embeddings of those text chunks (these cannot be reversed back into readable text).
  • Metadata such as file name, file ID, and modification date.

Original document files are never copied or stored on Niovex servers. All document reading happens directly from Google Drive via the Google Drive API.

2.5 Usage Data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This information is used to diagnose technical issues, improve the Service, and detect security threats. Logs are retained for a maximum of 30 days.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Niovex Service.
  • Authenticate you and maintain your account.
  • Index your Google Drive documents and answer your queries.
  • Refresh your Drive access tokens to keep your session active.
  • Send you service-related communications (e.g., security alerts).
  • Detect, prevent, and respond to fraud, abuse, or security incidents.
  • Comply with applicable laws and legal obligations.

We do not use your data to train AI models. We do not sell your data to third parties. We do not use your data for advertising.

4. Google API Services — Limited Use Disclosure

Niovex's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained via Google APIs is used only to provide and improve user-facing features of the Niovex Service. We do not:

  • Transfer Google user data to third parties except as necessary to provide the Service.
  • Use Google user data for serving advertisements.
  • Allow humans to read Google user data unless you explicitly request support and grant permission, or it is required for security purposes.
  • Use or transfer Google user data for any purpose that is not disclosed in this policy.

5. Data Storage and Security

Your data is stored on servers hosted by DigitalOcean in the United States. We implement technical and organizational security measures including:

  • AES-256-GCM encryption for document chunks and OAuth tokens at rest.
  • TLS 1.2/1.3 encryption for all data in transit.
  • Access controls limiting data access to authenticated services only.
  • Regular security reviews and vulnerability patching.

While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Sharing and Third Parties

We share data with the following third-party service providers solely to operate the Service:

  • OpenAI — We send document text chunks to OpenAI's API to generate vector embeddings and answer your queries. OpenAI processes this data under their Privacy Policy. API calls are not used to train OpenAI models per their data usage policy.
  • Google LLC — We use Google OAuth for authentication and the Google Drive API to access your documents.
  • DigitalOcean — Our hosting provider. Servers are located in the United States.
  • Cloudflare — CDN and DDoS protection. Cloudflare may cache static assets but does not have access to your document content or personal data.

We do not sell, rent, or trade your personal information with any other parties.

7. Data Retention

We retain your account data and document index for as long as your account is active or as needed to provide the Service. You may request deletion of your data at any time by contacting privacy@niovex.io. Upon verified deletion request, we will remove your document chunks, embeddings, OAuth tokens, and account data within 30 days.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Revoke Google Drive access at any time via your Google Account permissions page.
  • Export your data in a portable format.

To exercise any of these rights, email privacy@niovex.io. We will respond within 30 days.

9. Children's Privacy

Niovex is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related questions or requests, contact:

Innova RE IT Services / Niovex
HomeTermsSupport