Privacy Policy

Nooj ("the Service") is developed and operated by Arbitek L.L.C-FZ ("we", "us"), a free-zone company in the United Arab Emirates, which acts as the data controller for account data and as a data processor for the workspace data you enter. This policy explains what data we handle, why, and how we protect it.

To provide, maintain, secure, and support the Service, and to send service messages such as the optional weekly to-do email. We do not sell your data or use it for advertising.

Where data-protection law (such as the EU/UK GDPR, the UAE PDPL, or India's DPDP Act) applies, we rely on: performance of our contract with you (to provide the Service); our legitimate interests (to secure and improve it); your consent (for optional notifications); and compliance with legal obligations.

We share data only with the service providers that operate the Service for us, and only as needed to run it:

• Supabase - database, authentication, and storage.
• Hosting provider (for example Vercel) - to serve the app.
• Email provider - to deliver the optional digest email, if you enable it.

These providers process data under their own agreements and only on our instructions. We may also disclose data where required by law.

Data is encrypted in transit (HTTPS). Each workspace is isolated at the database level with row-level security, so one organisation cannot read another's data. Access is restricted to what is needed to operate the Service, and we apply security headers and standard hardening. No system is perfectly secure, but we take reasonable measures to protect your data.

If a breach affects your personal data, we will act promptly to contain it and will notify affected users and, where required, the relevant authority within the timeframes the law requires.

We keep your data while your account is active. When you delete your account, or ask us to, we remove your workspace data, except where we must retain limited records to meet legal obligations.

Our providers may process data in regions outside your own. Where required, such transfers are covered by appropriate safeguards (for example standard contractual clauses).

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability. You can export your data in Settings at any time. To exercise other rights, contact us (below); we aim to respond within 30 days. If you believe we have not handled your data properly, you may lodge a complaint with your local data-protection authority.

We use only essential cookies to keep you signed in. We do not use tracking or advertising cookies.

Nooj is a business tool and is not intended for anyone under 16. We do not knowingly collect data from children.

We may update this policy. We will revise the date above when we do, and for material changes we will provide a clearer notice.

For privacy questions or to exercise your rights, contact Arbitek L.L.C-FZ through your account manager or the support contact provided with your workspace.