Privacy policy for NowNow
If you do not agree with these policies, do not use the Service. Continued use constitutes acceptance.
Effective date: 2025-09-28. This page explains what personal data we collect, why we collect it and how we use and protect it.
Quick summary
NowNow is a SaaS product (an AI assistant for South African business owners). We collect the minimum personal data necessary to provide the service (account details, subscription & billing info, usage data). We share limited data with service providers (payment processor, auth provider, hosting, analytics). We take reasonable technical and organisational measures to protect your data.
AI responses — Read this carefully
The assistant uses machine learning models which may produce incorrect, incomplete, or misleading information ("hallucinations"). AI-generated content is provided as-isand is not guaranteed to be accurate, complete or up to date. Nothing produced by the assistant should be taken as fact. You must not rely on AI outputs for legal, tax, medical, safety-critical, regulatory, employment, or other material decisions without independent verification. By using NowNow you acknowledge and accept that you are solely responsible for verifying AI outputs before taking any material action based on them.
To the maximum extent permitted by law, NowNow disclaims all warranties (express or implied) regarding the accuracy or fitness for purpose of AI outputs and excludes liability for losses resulting from reliance on such outputs, except as required by applicable law.
Data we collect
- Account data: name, email, profile fields you provide.
- Authentication: provider IDs and tokens (Kinde or similar) used for login.
- Billing & payments: PayFast tokens, transaction ids, invoice history. We do not store sensitive card data (PayFast is the processor). You may optionally provide bank details for partner payouts — these are stored as free-form data for manual payouts (consider encrypting them in future).
- Usage & content: messages you send to the assistant, uploaded files, logs, timestamps and usage metrics (to enforce quotas and for analytics).
- Device & cookies: IP, device, browser, cookies and similar technologies for sessions, analytics, and product improvements.
Google account & Gmail data
If you connect your Google account to use NowNow’s Email Summary feature, we access a limited, read-only set of Google profile and Gmail metadata only to generate inbox summaries and UI previews. We do not request write permissions.
Data accessed
- Google profile: basic identity fields (email address, profile id) used to link the account.
- Gmail metadata & snippets (read-only): sender (from), recipients (to), subject, date/time, labels, and the small snippet text returned by Gmail’s API. No full message bodies or attachments are accessed or stored.
- OAuth tokens: access tokens (temporary) and an encrypted refresh token so we can periodically sync recent metadata for summaries.
OAuth scopes we request
We request only the minimum read-only scopes required. Examples:
openid, profile, email, https://www.googleapis.com/auth/gmail.readonly
How we use Google data
We use the Gmail metadata and snippets only to:
- Generate inbox summaries, highlights, and action items for your connected account.
- Power UI features such as recent message lists, previews, and search/filtering of synced metadata.
- Send only the minimal metadata/snippet fields (subject, from/to, date, snippet) to our AI summarization provider when producing summaries. We explicitly do not send or store full message bodies or attachments with external providers.
Data sharing & processors
We do not sell Google user data. Minimal metadata is shared only with:
- Our AI/model provider (as a processor) to generate summaries — they receive only the message metadata/snippets needed for the task.
- Hosting, database, and analytics providers necessary to run the app; these processors are contractually required to protect data and not use it for other purposes.
Storage & protection
- All network traffic to Google and clients is encrypted (HTTPS).
- Refresh tokens are stored encrypted at rest in our database.
- Access to production systems is restricted, logged and monitored.
- We minimize stored data — only a bounded, recent subset of metadata/snippets is kept (see retention below).
Retention & deletion
- Initial sync: on connect we may do a bounded initial sync (for example, up to 7 days of recent messages) to generate immediate summaries.
- Ongoing sync: we periodically sync recent metadata (client default: last 48 hours) and retain only the bounded set needed for summaries and UI.
- Disconnect / revoke: when you disconnect or revoke access we delete synced message metadata and generated summaries for that account from our DB.
- Analytics: aggregated or anonymized metrics may be retained longer for product improvement and do not contain raw message metadata or message text.
How to revoke access or request deletion
- Revoke via Google: Google Account → Security → Third-party apps with account access → Remove NowNow.
- Disconnect in-app: NowNow → Sidebar → Tools → Email Summary → Disconnect (this deletes synced messages & summaries for that account).
- Request deletion: email support@nownow.tech with your account email and we will delete synced Gmail data and confirm when done.
Questions or urgent deletion requests? Contact support@nownow.tech.
How we use your data
We use data to provide, operate and improve the service (authenticate you, manage subscriptions, provide the assistant, run analytics, handle support, and for fraud prevention). For partners we also store referral attribution and simple payout details so we can calculate commissions which we pay manually.
Third parties & processors
We share data with third-party processors to operate the service, including (examples): Kinde (authentication), PayFast (payments), our database host (Postgres), hosting provider (Vercel), and analytics providers. We only share what's necessary to operate the service.
Legal bases & POPIA
If you are in South Africa we comply with POPIA principles — we process personal information only for lawful purposes, maintain reasonable security, and retain data no longer than needed.
Retention
We keep data while your account is active and for a limited time afterwards to meet legal, taxation and operational needs. Financial records related to payments are typically kept for multiple years (for compliance & accounting). If you need specific retention periods set, tell us and we will update the policy.
Security
We apply reasonable technical and organisational measures (encrypted transport, secure cloud infrastructure, access controls). Note: any bank details stored in the partner payout section are currently stored as free-form fields — you should treat them as sensitive and we recommend encrypting them at rest and limiting access.
Your rights
- Request access to your data.
- Request correction or deletion of personal data (subject to legal recordkeeping obligations).
- Object to processing or request portability where applicable.
To exercise these rights contact: support@nownow.tech.
Children
Our service is aimed at business users and is not directed at children. We do not knowingly collect data from children.
International transfers
Data may be processed in countries outside yours (our hosts and processors may operate internationally). Where required by law we put appropriate safeguards in place.
Changes
We may update this policy from time to time. We will post the new effective date here and notify users when changes are material.
POPIA & Data Protection Contact
NowNow processes personal information in line with South Africa's POPIA. If you wish to exercise your POPIA rights (access, correction, deletion, objection, portability) or have privacy concerns, contact us at:
- Email: support@nownow.tech
Contact
Questions, requests, or privacy concerns: support@nownow.tech.
Note: By signing up to NowNow, you agree to our terms of service and privacy policies .