How we handle your account, tracking, billing, and support data inside the Noctra platform.
Last update: March 6, 2026
This Policy describes how Noctra collects, uses, and protects information when you access the platform, create an account, integrate marketing services, and use tracking resources.
We do not sell personal data. We process data only to deliver the contracted service, maintain operational security, and comply with legal obligations.
Account data: name, email, password hash, and email verification status.
Usage and tracking data: IP, user agent, visited URLs, click/pageview/sale events, campaign parameters (such as UTM and gclid), device data, and event timestamps.
Billing data: plan, subscription status, customer/subscription identifiers in payment providers, and payment attempt records.
Integration data: identifiers and channel settings such as Telegram and OneSignal, including registered devices for notifications.
We use data to authenticate users, enable features according to plan, consolidate performance metrics, send alerts, provide support, and prevent abuse/fraud.
We also use technical information for platform stability, event auditing, and continuous improvement of the experience.
We may share data with providers necessary for operation, such as hosting services, transactional email, payment processing, and notifications.
This sharing occurs only to the extent necessary to deliver the service and with compatible security controls.
When you connect your Google account, we process only the data necessary for integration authentication and sending conversion events to your Google Ads account.
Data obtained via Google Ads APIs is used exclusively to upload conversions and corresponding conversion adjustments to the account configured by the user.
We do not use Google Ads account data for sale, our own ad profiling, or any purpose unrelated to technical integration operation.
The use and transfer of this information follows the Google API Services User Data Policy, including applicable limited-use requirements.
We retain data for the period necessary for account operation, legal compliance, and protection against misuse of the platform.
We adopt technical and organizational measures to reduce the risk of unauthorized access, loss, or unauthorized data changes.
Under Brazil's General Data Protection Law (Law No. 13,709/2018), you may request confirmation of processing, access, correction, anonymization, portability, deletion, information on sharing, and consent withdrawal, when applicable.
In the Privacy and data section of your account you can export a copy of your data and request account deletion. We also accept requests by email to the officer listed below, with a response time of up to 15 days.
We process your account data based on: contract performance (registration, plan, essential support); legal obligation (tax/payment records); legitimate interest (security, fraud prevention, technical improvement, with balancing measures); and consent when required (e.g., optional referral cookies on the Noctra site).
To exercise your rights or ask privacy questions, contact our officer: support@noctra.org.
General support channel: support@noctra.org.
We use processors to operate the platform, including, as applicable: Stripe (payments), Resend (transactional email), OpenAI (AI support and tools), Google (login and Google Ads), Telegram and OneSignal (notifications), Cloudflare (security and storage). Some providers may process data outside Brazil, with contractual and technical safeguards compatible with LGPD.
Account and subscription data: while the account is active and as long as needed after closure for legal obligations.
Operational logs (email, errors, payment events): automatic purge per internal policy (generally 90 to 365 days, depending on record type).