NovatusBeta

Privacy Policy

Last updated: May 2026

What we collect

  • Account information — email address and display name when you register.
  • OAuth identifiers — if you sign in via Google, GitHub, or Discord, we store only the provider name and the provider-issued account ID. We do not receive your OAuth password.
  • Purchase records — game ID, amount, currency, and payment provider reference (Stripe payment intent ID). We do not store card numbers or billing addresses — those are held by Stripe.
  • Developer information — Stripe Connect account ID and payout preferences if you publish games.
  • Usage data — server logs (IP address, request path, timestamp) retained for up to 30 days for security and debugging.

How we use it

  • Providing and operating your account and library.
  • Processing purchases and disbursing developer payouts.
  • Sending transactional emails (purchase receipts, submission updates, game release notifications). We do not send marketing email without explicit opt-in.
  • Detecting and preventing fraud and abuse.

Third-party services

We share data with the following processors to operate the service:

  • Stripe — payment processing and developer payouts. Subject to Stripe's Privacy Policy.
  • Cloudflare — file storage (R2) and CDN delivery of game assets.
  • Neon — hosted Postgres database.
  • Vercel — application hosting and serverless functions.
  • Resend — transactional email delivery.

We do not sell your data to third parties or use it for advertising.

Cookies and storage

We use a single session cookie to keep you signed in. No third-party tracking or advertising cookies are set. Age-gate acknowledgements are stored in a session cookie and cleared when you close the browser.

Data retention

Account data is retained for as long as your account is active. Purchase records are retained for seven years for financial compliance. Server logs are purged after 30 days. You may request deletion of your account and associated personal data by emailing privacy@novat.us; we will complete deletion within 30 days except where retention is required by law.

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data (most fields are editable in Account Settings).
  • Request deletion of your account and personal data.
  • Object to or restrict certain processing.
  • Data portability (export of your purchase history is available from your library).

To exercise any of these rights, email privacy@novat.us.

Security

Passwords are hashed with bcrypt. All data is transmitted over HTTPS. Access to production systems is restricted to authorised personnel. Despite these measures, no system is completely secure — please use a strong, unique password and enable OAuth sign-in if possible.

Changes to this policy

We will post updates to this page with a revised date. Continued use of Novatus after changes constitutes acceptance. For material changes we will notify registered users by email.

Contact

Questions or requests: privacy@novat.us