NowNow

    Privacy policy for NowNow

    Effective date: 2025-09-28. This page explains what personal data we collect, why we collect it and how we use and protect it.

    Quick summary

    NowNow is a SaaS product (an AI assistant for South African business owners). We collect the minimum personal data necessary to provide the service (account details, subscription & billing info, usage data). We share limited data with service providers (payment processor, auth provider, hosting, analytics). We take reasonable technical and organisational measures to protect your data.

    AI responses

    AI-generated content may be imperfect and must NEVER be taken as a source of truth. NowNow provides the assistant “as is” from the model builder and does not guarantee accuracy. You must review outputs before relying on them for legal, financial, safety-critical or any material matters. AI is prone to inaccuracies and will always have errors, by using NowNow you agree to take full responsbility for verifying results before any material actions in the real world.

    Data we collect

    • Account data: name, email, profile fields you provide.
    • Authentication: provider IDs and tokens (Kinde or similar) used for login.
    • Billing & payments: PayFast tokens, transaction ids, invoice history. We do not store sensitive card data (PayFast is the processor). You may optionally provide bank details for partner payouts — these are stored as free-form data for manual payouts (consider encrypting them in future).
    • Usage & content: messages you send to the assistant, uploaded files, logs, timestamps and usage metrics (to enforce quotas and for analytics).
    • Device & cookies: IP, device, browser, cookies and similar technologies for sessions, analytics, and product improvements.

    Google account & Gmail data

    If you connect your Google account to use NowNow’s Email Summary feature, we access a limited, read-only set of Google profile and Gmail metadata only to generate inbox summaries and UI previews. We do not request write permissions.

    Data accessed

    • Google profile: basic identity fields (email address, profile id) used to link the account.
    • Gmail metadata & snippets (read-only): sender (from), recipients (to), subject, date/time, labels, and the small snippet text returned by Gmail’s API. No full message bodies or attachments are accessed or stored.
    • OAuth tokens: access tokens (temporary) and an encrypted refresh token so we can periodically sync recent metadata for summaries.

    OAuth scopes we request

    We request only the minimum read-only scopes required. Examples:

    openid, profile, email, https://www.googleapis.com/auth/gmail.readonly

    How we use Google data

    We use the Gmail metadata and snippets only to:

    • Generate inbox summaries, highlights, and action items for your connected account.
    • Power UI features such as recent message lists, previews, and search/filtering of synced metadata.
    • Send only the minimal metadata/snippet fields (subject, from/to, date, snippet) to our AI summarization provider when producing summaries. We explicitly do not send or store full message bodies or attachments with external providers.

    Data sharing & processors

    We do not sell Google user data. Minimal metadata is shared only with:

    • Our AI/model provider (as a processor) to generate summaries — they receive only the message metadata/snippets needed for the task.
    • Hosting, database, and analytics providers necessary to run the app; these processors are contractually required to protect data and not use it for other purposes.

    Storage & protection

    • All network traffic to Google and clients is encrypted (HTTPS).
    • Refresh tokens are stored encrypted at rest in our database.
    • Access to production systems is restricted, logged and monitored.
    • We minimize stored data — only a bounded, recent subset of metadata/snippets is kept (see retention below).

    Retention & deletion

    • Initial sync: on connect we may do a bounded initial sync (for example, up to 7 days of recent messages) to generate immediate summaries.
    • Ongoing sync: we periodically sync recent metadata (client default: last 48 hours) and retain only the bounded set needed for summaries and UI.
    • Disconnect / revoke: when you disconnect or revoke access we delete synced message metadata and generated summaries for that account from our DB.
    • Analytics: aggregated or anonymized metrics may be retained longer for product improvement and do not contain raw message metadata or message text.

    How to revoke access or request deletion

    • Revoke via Google: Google Account → Security → Third-party apps with account access → Remove NowNow.
    • Disconnect in-app: NowNow → Sidebar → Tools → Email Summary → Disconnect (this deletes synced messages & summaries for that account).
    • Request deletion: email support@nownow.tech with your account email and we will delete synced Gmail data and confirm when done.

    Questions or urgent deletion requests? Contact support@nownow.tech.

    How we use your data

    We use data to provide, operate and improve the service (authenticate you, manage subscriptions, provide the assistant, run analytics, handle support, and for fraud prevention). For partners we also store referral attribution and simple payout details so we can calculate commissions which we pay manually.

    Third parties & processors

    We share data with third-party processors to operate the service, including (examples): Kinde (authentication), PayFast (payments), our database host (Postgres), hosting provider (Vercel), and analytics providers. We only share what's necessary to operate the service.

    Legal bases & POPIA

    If you are in South Africa we comply with POPIA principles — we process personal information only for lawful purposes, maintain reasonable security, and retain data no longer than needed.

    Retention

    We keep data while your account is active and for a limited time afterwards to meet legal, taxation and operational needs. Financial records related to payments are typically kept for multiple years (for compliance & accounting). If you need specific retention periods set, tell us and we will update the policy.

    Security

    We apply reasonable technical and organisational measures (encrypted transport, secure cloud infrastructure, access controls). Note: any bank details stored in the partner payout section are currently stored as free-form fields — you should treat them as sensitive and we recommend encrypting them at rest and limiting access.

    Your rights

    • Request access to your data.
    • Request correction or deletion of personal data (subject to legal recordkeeping obligations).
    • Object to processing or request portability where applicable.

    To exercise these rights contact: support@nownow.tech.

    Children

    Our service is aimed at business users and is not directed at children. We do not knowingly collect data from children.

    International transfers

    Data may be processed in countries outside yours (our hosts and processors may operate internationally). Where required by law we put appropriate safeguards in place.

    Changes

    We may update this policy from time to time. We will post the new effective date here and notify users when changes are material.

    Contact

    Questions, requests, or privacy concerns: support@nownow.tech.

    Note: By signing up to NowNow, you agree to our terms of service and privacy policies .

    Read our Terms of Serviceback home