Privacy Policy

Last updated: April 17, 2026

This Privacy Policy describes how NovexERP ("Company", "we", "us") collects, uses, and protects information through the NovexERP platform and its connected integrations ("Service").

1. Information We Collect

We collect the following types of information in the course of providing the Service:

Account Information:

• Name, email address, and role as provided during account setup.
• Authentication data managed through our identity provider (Keycloak).

Business Data:

• Inventory records, orders, shipments, manufacturing data, and related business information entered into the Service.
• Customer and vendor contact information managed within the Service.
• Financial data exchanged with connected accounting platforms (e.g., QuickBooks Online).

Usage Data:

• Access logs including timestamps, IP addresses, and pages visited.
• API request logs for security monitoring and debugging.

2. How We Use Information

We use collected information to:

• Provide and operate the Service, including all ERP functions.
• Authenticate users and enforce access controls.
• Synchronize data with connected third-party platforms (e.g., QuickBooks Online, Shopify, marketplace integrations) as configured by authorized administrators.
• Generate reports and analytics for business decision-making.
• Monitor system health, security, and performance.
• Send operational notifications (e.g., alerts, order updates).

3. Third-Party Integrations

The Service integrates with third-party platforms to enable business workflows. When you connect a third-party service:

• We exchange only the data necessary for the integration to function (e.g., customer names, invoice amounts, product information).
• OAuth tokens and API credentials for connected services are stored securely and used only for authorized operations.
• Each third-party service has its own privacy policy governing its handling of your data.

Connected integrations may include QuickBooks Online (Intuit), Shopify, and marketplace platforms. You may disconnect any integration at any time through the Service's settings.

4. Data Storage and Security

• All data is stored on servers managed by the Company.
• Data is transmitted using TLS/HTTPS encryption.
• Access to the Service requires authentication via our identity provider.
• API keys and OAuth tokens are stored using industry-standard security practices.
• Database backups are performed regularly and retained according to our backup policy.

5. Data Sharing

We do not sell, rent, or trade your information to third parties. We share data only:

• With third-party platforms you have explicitly connected through the Service.
• When required by law, regulation, or legal process.
• To protect the rights, safety, or property of the Company, its users, or the public.

6. Data Retention

Business data is retained for as long as your account is active and as required for legal, regulatory, or operational purposes. Access logs and audit trails are retained in accordance with applicable compliance requirements.

7. Your Rights

You may:

• Request access to the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your account and associated personal data, subject to legal retention requirements.
• Disconnect any third-party integration at any time.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

9. Contact

Questions or concerns about this Privacy Policy may be directed to the system administrator.