Privacy Policy
At FL Professional Services ("noli," "we," "us," or "our"), your privacy is foundational — not optional. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have over it. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), all applicable provincial privacy legislation, and Québec's Act respecting the protection of personal information in the private sector (Law 25 / Loi 25, RLRQ, c P-39.1).
Contents
1 Who We Are & Accountability
FL Professional Services is a company incorporated under the laws of Canada. We are the "organization" responsible for personal information under our control, as defined by PIPEDA.
We have designated a Privacy Officer who is accountable for our compliance with this policy and PIPEDA. To contact our Privacy Officer:
- Email: privacy@meetnoli.com
- Subject line: "PIPEDA Privacy Inquiry"
- Response time: We will acknowledge your request within 5 business days and respond in full within 30 calendar days.
2 What Information We Collect
We limit collection to what is necessary to provide the noli service. We do not collect information indiscriminately.
| Category | Examples | Required? |
|---|---|---|
| Account & identity | Email address, display name, age range (used for age-gating only) | Required |
| Emotional check-in data | Selected emotion tile, intensity, optional short note, timestamp | Core feature |
| Journal entries | Free-text written by you, associated timestamps | Optional |
| noli conversation history | Messages you send and receive in the Compass tab | Optional |
| Usage & interaction data | Streak counts, lesson progress, features used, session duration | Core feature |
| Device information | Device OS version, app version (for crash diagnostics only) | Automatic |
| Location (coarse) | City-level location, used only if you enable the weather feature | Optional & explicit |
| Connected app data | Health & fitness: on-device labels from Apple Health / HealthKit (activity, recovery, nutrition — never raw values); Oura, WHOOP, Withings, Polar, Garmin (recovery, HRV, activity, sleep); Strava (activity). Nutrition: Cronometer, Fitbit, FatSecret food logs and nutritional data. Journaling: Notion pages, Day One entries, Obsidian notes (local). Music: Spotify recently played. Each integration requires explicit authorization. | Optional & explicit |
📍 We do not collect: precise GPS coordinates (stored beyond the session), government-issued ID, financial information, Social Insurance Numbers, or any sensitive personal information not listed above. Health and activity data from connected apps (see table above) is collected only with your explicit, in-app authorization.
3 Why We Collect It
Consistent with PIPEDA Principle 2 (Identifying Purposes), we identify the purposes for collecting personal information before or at the time of collection:
- To provide the noli service — authenticate your account, store your check-ins and journals, enable noli conversations, track your constellation and streaks.
- To improve noli's responses — conversation summaries are stored so noli can remember context across sessions. We do not use your conversations to train AI models without your explicit written consent.
- To personalize your experience — time-of-day aware prompts, mood-aware suggestions, streak milestones.
- To ensure app stability — device and version data to diagnose crashes and bugs.
- To comply with legal obligations — age verification, abuse prevention, law enforcement requests under valid legal process.
We do not use your personal information for advertising, profiling for sale to third parties, or any purpose not listed above.
4 Consent
We obtain your meaningful consent before collecting personal information. Consent is obtained:
- At onboarding — you must agree to this Privacy Policy and our Terms of Service before creating an account.
- In-app for sensitive features — location access for weather requires a separate, explicit permission grant via your device's OS prompt.
- For third-party app integrations — connecting Apple Health / HealthKit, Oura, Strava, or Spotify requires a separate, explicit authorization step within the app. You may revoke any integration at any time under Settings → Integrations, and noli will immediately stop accessing that data source.
- Opt-in only for optional data uses — if we ever wish to use your data for a new purpose (e.g., research), we will ask for fresh explicit consent.
Withdrawing consent
You may withdraw consent at any time by deleting your account (Settings → Account → Delete Account) or by emailing privacy@meetnoli.com. Withdrawal of consent may affect your ability to use some or all of the noli service. We will advise you of the implications before processing your withdrawal request.
5 How We Use Your Information
We use personal information only for the purposes identified at the time of collection. Specifically:
- Check-in data and journal entries are used solely to render your personal history, constellation, and insights — they are not shared with any third party.
- Conversation history with noli is passed to Anthropic's Claude API (see §7) in real time to generate responses. We pass only the minimum context required. We do not retain conversation data with Anthropic beyond the API call.
- Aggregate, anonymised, non-identifiable statistics may be used internally to improve the app (e.g., "most commonly selected emotions"). These statistics cannot be used to identify you.
- We will never sell, rent, trade, or disclose your personal information to third parties for marketing or advertising purposes.
6 Data Storage, Residency & Security
Where your data lives
All personal information is stored on servers located in Canada (ca-central-1 region) via Supabase, our database and authentication provider. This includes your account data, check-ins, journals, and any health or activity data synced from connected apps.
🍁 Canadian data residency for stored data. Your stored personal information — including integration labels from connected apps — resides in Canada (Supabase, ca-central-1). The limited exception is the noli AI companion: conversation messages and on-device–derived context labels are transmitted to Anthropic's Claude API servers in the United States in real time to generate responses (see §7). Raw Apple Health values (steps, heart rate, HRV, sleep) are processed on-device only and are never transmitted to our servers or to Anthropic.
Security safeguards
We implement the following technical and organizational safeguards, consistent with PIPEDA Principle 7:
- Encryption at rest: AES-256 encryption for all stored data via Supabase.
- Encryption in transit: TLS 1.3 for all data transmitted between your device and our servers.
- Row-Level Security (RLS): Database policies ensure no user can access another user's data, even if they possess a valid session token.
- Authentication: JWT-based sessions with automatic expiry and secure refresh token rotation.
- SOC 2 Type II: Our infrastructure provider (Supabase) holds SOC 2 Type II certification, the enterprise standard for security, availability, and confidentiality controls.
- Access controls: Internal access to production data is limited to authorized personnel only, with audit logs maintained.
- Vulnerability management: Dependencies are reviewed and updated regularly. Security disclosures can be made to privacy@meetnoli.com.
Data breach notification
In the event of a breach of security safeguards involving personal information that poses a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required under PIPEDA's breach notification requirements (Breach of Security Safeguards Regulations, SOR/2018-64).
7 Third-Party Services
We use a limited set of third-party services, each selected for their privacy posture and security certifications:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase | Database, authentication, storage | All app data (stored, not processed for third-party purposes) | Canada (ca-central-1) |
| Anthropic (Claude) | noli AI responses (Compass tab) | Conversation messages (ephemeral — not retained by Anthropic per API data policy) | USA (API call only) |
| Open-Meteo | Weather data (optional feature) | Coarse location coordinates (no personal identifier) | EU (no PII transferred) |
| Apple / Google | App distribution, push notifications | Device token for push (anonymised) | Per App Store policies |
| Expo | App framework & OTA updates | App version, device OS (no personal data) | USA |
| Apple Health / HealthKit | On-device health context for mood correlation features | Raw HealthKit values are processed on-device only. Only non-numeric labels (e.g. "activity: low," "recovery: strong") are stored in Canada and used as AI context. Raw values are never transmitted. | On-device only; derived labels stored in Canada (Supabase) |
| Oura | Readiness & HRV context | Readiness score, HRV, sleep data (with your authorization) — read only, stored in Canada | Oura API (Finland / USA); synced data stored in Canada |
| Strava | Activity context | Activity summaries (with your authorization) — read only, stored in Canada | Strava API (USA); synced data stored in Canada |
| Spotify | Listening context (mood correlation) | Recently played tracks & genres (with your authorization) — read only, stored in Canada | Spotify API (Sweden / USA); synced data stored in Canada |
| WHOOP | Recovery, strain & sleep context | Recovery score, strain, HRV, sleep data (with your authorization) — read only, stored in Canada | WHOOP API (USA); synced data stored in Canada |
| Withings | Body composition & sleep context | Weight, sleep data, activity (with your authorization) — read only, stored in Canada | Withings API (France / EU); synced data stored in Canada |
| Polar | Activity & recovery context | Activity, heart rate, training load, recovery data (with your authorization) — read only, stored in Canada | Polar AccessLink API (Finland / EU); synced data stored in Canada |
| Garmin | Activity & health metrics context | Activity, sleep, HRV, health metrics (with your authorization) — read only, stored in Canada | Garmin Health API (USA); synced data stored in Canada |
| Cronometer | Nutrition & dietary context | Food log entries, macros, micronutrients (with your authorization) — read only, stored in Canada | Cronometer API (Canada); synced data stored in Canada |
| Fitbit | Activity, sleep & nutrition context | Steps, sleep, activity, food log data (with your authorization) — read only, stored in Canada | Fitbit / Google API (USA); synced data stored in Canada |
| FatSecret | Food diary & nutrition context | Food diary entries, nutritional data (with your authorization) — read only, stored in Canada | FatSecret API (Australia / USA); synced data stored in Canada |
| Notion | Journal & notes context | Selected page content you authorize (with your authorization) — read only, stored in Canada | Notion API (USA); synced data stored in Canada |
| Day One | Journal entries context | Journal entries via Apple Shortcuts (with your authorization) — read only, stored in Canada | On-device via Apple Shortcuts; synced data stored in Canada |
| Obsidian | Local notes context (power user) | Note content via Local REST API plugin — local network only, never cloud-routed | Local device only; synced data stored in Canada |
⚠️ Anthropic Claude API note: When you send a message to noli, that message — along with on-device–derived context labels from any connected apps — is transmitted to Anthropic's Claude API to generate a response. Per Anthropic's API data usage policy, API inputs and outputs are not used to train Anthropic's models. We do not include your email address, name, or account identifiers in API calls. Raw Apple Health values (steps, heart rate, HRV, sleep) are never sent to Anthropic. Only non-numeric qualitative labels derived on your device are included in AI prompts.
Cross-border data transfers
Some service providers operate outside Canada. Where personal information is transferred outside Canada, we ensure comparable protections apply:
- Anthropic (USA): Conversation messages and on-device–derived context labels are transmitted to Anthropic's Claude API to process your request and generate a response. Under our API agreement, Anthropic does not retain or train on these messages. Raw Apple Health values are never included.
- Expo (USA): Limited technical metadata (app version, device OS) is processed for app delivery. No personal information is transferred.
- Fitbit / Google (USA), Garmin (USA), WHOOP (USA), Notion (USA), FatSecret (Australia / USA): When you authorize these integrations, noli reads data from their APIs and stores it in Canada. noli does not write your personal information back to these services.
- Withings (France / EU), Polar (Finland / EU): Same as above — data is read and stored in Canada.
- Oura (Finland / EU), Strava (USA), Spotify (Sweden / USA), Cronometer (Canada): Data is read and stored in Canada.
- Obsidian: Local network only — data is not transmitted to Obsidian's servers. It travels directly from your device to noli's servers.
For Québec residents: where personal information is communicated outside Québec, we take steps to ensure it receives comparable protection consistent with Loi 25 requirements. You may request information about these protections by contacting our Privacy Officer. You may withdraw consent for any integration involving cross-border transfer at any time under Settings → Integrations.
Apple Health & health data
If you connect Apple Health, noli reads a limited set of HealthKit categories on your device only — steps, heart rate, heart rate variability (HRV), resting heart rate, sleep analysis, and (optionally) dietary energy and macronutrients if you enable the nutrition scope.
What leaves your device. noli does not transmit your raw HealthKit values to our servers, to Anthropic, or to any other third party. Your device converts those values into general, non-numeric labels (for example, "activity: low today," "sleep: short," or "recovery: typical"). Only those labels are sent to our servers and included as AI context.
What we never do with HealthKit data:
- Sell or share HealthKit data, or labels derived from it, for advertising or marketing.
- Use HealthKit data or derived labels to train, fine-tune, or improve any AI or machine-learning model.
- Disclose HealthKit data to data brokers or use it for any purpose unrelated to the feature you connected it for.
- Write to Apple Health.
Your control. Revoke noli's access at any time in iOS Settings → Privacy & Security → Health → noli, or by disconnecting inside the app. When you disconnect, derived labels are deleted from our servers within 30 days. Raw HealthKit values are never stored on our servers.
📱 Raw numbers never leave your device. Your phone converts your step count, heart rate, HRV, and sleep data into qualitative labels like "recovery: strong" or "activity: low." Only those labels travel to noli's servers. Raw numbers are never seen by noli's servers or by Anthropic.
HIPAA. noli is a wellness and self-reflection tool. It is not a covered entity or business associate under HIPAA, and information shared with noli is not Protected Health Information under HIPAA.
LLM Extract — user-initiated sharing
noli includes an optional "Teach noli faster" feature that allows you to generate a summary prompt from your noli data, copy it to your clipboard, and paste it into a third-party AI assistant of your choice (such as ChatGPT, Claude, Gemini, or Grok) to generate insights that you can then paste back into noli. This feature involves user-initiated, explicit data sharing governed by the following:
- The export prompt is generated by you and copied to your clipboard. noli does not transmit your data directly to any LLM provider.
- When you paste your data into a third-party LLM, that interaction is governed exclusively by that provider's privacy policy and terms of service — not noli's.
- Any response you paste back into noli is stored in your personal memory store in Canada (Supabase).
- This feature is entirely optional and requires your affirmative action to use.
We do not use Google Analytics, Facebook Pixel, advertising SDKs, or any behavioural tracking libraries.
8 Data Retention
Consistent with PIPEDA Principle 5 (Limiting Use, Disclosure, and Retention):
- Active accounts: Data is retained for as long as your account is active or as needed to provide the service.
- After account deletion: Personal data is deleted from our production systems within 30 days of account deletion, except where retention is required by law.
- Backups: Encrypted database backups may retain your data for up to 90 days post-deletion for disaster recovery purposes, after which they are permanently purged.
- Legal holds: We may retain data longer if required to comply with a legal obligation, court order, or to resolve a dispute.
- Anonymised data: Aggregate statistical data that cannot be used to identify you may be retained indefinitely for product improvement purposes.
- Apple Health–derived labels: Retained for up to 30 days from the most recent sync, or deleted within 30 days of you disconnecting Apple Health, whichever is sooner. Raw HealthKit values are never stored on our servers.
9 Your Rights Under PIPEDA
As a Canadian resident, you have the following rights under PIPEDA (and additional rights under applicable provincial legislation):
- Right of access (§4.9): You may request a copy of the personal information we hold about you and an explanation of how it is used.
- Right to correction (§4.9.5): If you believe your personal information is inaccurate or incomplete, you may request a correction.
- Right to withdraw consent (§4.3.8): You may withdraw consent to the collection, use, or disclosure of your personal information, subject to legal and contractual restrictions.
- Right to deletion: You may request deletion of your personal information. We will process all deletion requests within 30 days.
- Right to know about disclosures: You may request a list of organizations to which we have disclosed your personal information.
- Right to complain: You may file a complaint with the Office of the Privacy Commissioner of Canada.
How to exercise your rights
Most rights can be exercised directly in the app: Settings → Account → Privacy & Data. For requests not available in-app, email privacy@meetnoli.com with the subject "PIPEDA Rights Request." We will acknowledge within 5 business days and fulfil within 30 calendar days.
Additional rights for Québec residents (Loi 25)
If you are a Québec resident, you have additional rights under Québec's Act respecting the protection of personal information in the private sector (Loi 25, RLRQ, c P-39.1):
- Right to portability: You may request that your personal information be communicated to you or to another organization in a structured, commonly used technological format.
- Right to de-indexation / discontinuation: You may request that we cease disseminating your personal information or de-index any link attached to your name where it causes you harm.
- Automated decision-making: Where a decision affecting you is based exclusively on automated processing, you have the right to be informed and to request that a person review the decision.
- Privacy impact assessments: We conduct privacy impact assessments for projects involving personal information, as required by Loi 25.
To exercise your Loi 25 rights, email privacy@meetnoli.com with the subject "Loi 25 — Rights Request." We will respond within 30 calendar days. You may also file a complaint with the Commission d'accès à l'information du Québec (CAI).
10 Children's Privacy
noli is intended for users aged 13 and over. Users under 13 are not permitted to create accounts. Users between 13 and 17 are considered minors and, where required by applicable law, parental or guardian consent may be required.
We do not knowingly collect personal information from children under 13. If we discover that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe we have collected personal information from a child under 13, please contact us at privacy@meetnoli.com.
11 Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an in-app notification to all active users.
- Where changes require new consent, prompt you to review and re-consent before continuing to use the service.
Continued use of noli after the effective date of a revised Privacy Policy constitutes acceptance of the changes, provided no new consent is required. Where new consent is required, you may choose not to consent, in which case your ability to use affected features may be limited.
12 Contact & Complaints
For any privacy questions, requests, or complaints, contact our Privacy Officer:
- Email: privacy@meetnoli.com
- Postal: FL Professional Services, Privacy Officer, Toronto, Ontario, Canada
If you are not satisfied with our response, you have the right to file a complaint with:
- Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, QC K1A 1H3
www.priv.gc.ca · 1-800-282-1376