How we handle your account, tracking, billing, and support data inside the Noctra platform.
Last update: March 6, 2026
This Policy describes how Noctra collects, uses, and protects information when you access the platform, create an account, integrate marketing services, and use tracking resources.
We do not sell personal data. We process data only to deliver the contracted service, maintain operational security, and comply with legal obligations.
Account data: name, email, password hash, and email verification status.
Usage and tracking data: IP, user agent, visited URLs, click/pageview/sale events, campaign parameters (such as UTM and gclid), device data, and event timestamps.
Billing data: plan, subscription status, customer/subscription identifiers in payment providers, and payment attempt records.
Integration data: identifiers and channel settings such as Telegram and OneSignal, including registered devices for notifications.
We use data to authenticate users, enable features according to plan, consolidate performance metrics, send alerts, provide support, and prevent abuse/fraud.
We also use technical information for platform stability, event auditing, and continuous improvement of the experience.
We may share data with providers necessary for operation, such as hosting services, transactional email, payment processing, and notifications.
This sharing occurs only to the extent necessary to deliver the service and with compatible security controls.
When you connect your Google account, we process the data necessary to authenticate the integration and operate two features, as you enable them: (a) sending conversion events and adjustments to your Google Ads account; and (b) campaign intelligence, which reads and stores data from your Google Ads account — campaign performance and cost, click identifiers (gclid), and search terms — to cross with your tracking revenue and generate optimization metrics (ROAS, CPA, profit, impression share loss, and search term waste/opportunity).
This data is used only to provide these features to you as the account owner. When you use Deep Analysis with AI, stored Google Ads integration data may be sent to our AI provider (processor), which processes it solely to generate the analysis you requested and does not use it to train models. We do not sell this data or use it for our own advertising profiling.
The use and transfer of information obtained from Google APIs follows the Google API Services User Data Policy, including Limited Use requirements.
We retain data for the period necessary for account operation, legal compliance, and protection against misuse of the platform.
We adopt technical and organizational measures to reduce the risk of unauthorized access, loss, or unauthorized data changes.
Under Brazil's General Data Protection Law (Law No. 13,709/2018), you may request confirmation of processing, access, correction, anonymization, portability, deletion, information on sharing, and consent withdrawal, when applicable.
In the Privacy and data section of your account you can export a copy of your data and request account deletion. We also accept requests by email to the officer listed below, with a response time of up to 15 days.
We process your account data based on: contract performance (registration, plan, essential support); legal obligation (tax/payment records); legitimate interest (security, fraud prevention, technical improvement, with balancing measures); and consent when required (e.g., optional referral cookies on the Noctra site).
To exercise your rights or ask privacy questions, contact our officer: support@noctra.org.
General support channel: support@noctra.org.
We use processors to operate the platform, including, as applicable: Stripe (payments), Resend (transactional email), OpenAI (AI support and tools), Google (login and Google Ads), Telegram and OneSignal (notifications), Cloudflare (security and storage). Some providers may process data outside Brazil, with contractual and technical safeguards compatible with LGPD.
Account and subscription data: while the account is active and as long as needed after closure for legal obligations.
Operational logs (email, errors, payment events): automatic purge per internal policy (generally 90 to 365 days, depending on record type).
Google Ads campaign intelligence data (metrics, click attribution, and search terms): retained while the feature is enabled in account settings and while the Google Ads integration remains connected; syncing stops when you disable the feature or disconnect the account. Previously synced records may remain stored until account deletion or a request under applicable data protection law.