Privacy Policy of NoemaApp
Last updated: April 2026 - Version: 1.0
Privacy Policy Noema Desktop Application Version 1.0 — April 2026 This policy applies to the Noema desktop application only, not to the noema.tools website.
1. Data Controller
The data controller for Noema is: Paolo Tanzi — Partita IVA IT 02611230349 Contact: privacy@lightweb.it
2. What Data We Collect
Noema is a local-first application. All content you create — sessions, atoms, navigation history — is stored exclusively on your device. We do not have access to it. The only data transmitted to our servers is strictly limited to license verification:
2.1 License Key
Your license key is sent to our license server (lightweb.it) for validation. It is stored on our server associated with your purchase.
2.2 Machine ID
A unique device identifier (Machine ID) is generated by the application using a system-level identifier. It is stable across reinstallations and does not contain personally identifiable information on its own. The Machine ID is transmitted encrypted via HTTPS to our license server at each validation. We store the last 5 Machine IDs associated with your license to detect anomalous sharing patterns. No automatic blocking occurs — anomalies are reviewed manually.
2.3 IP Address
When your application connects to our license server for validation, your IP address is visible to our server as part of standard HTTP communication. We do not log or store IP addresses beyond the scope of normal server operation logs, which are retained for a maximum of 30 days.
2.4 Validation Timestamp
The date and time of each license validation is recorded server-side. This is used to determine validation intervals (every 30 days) and to manage trial periods (14 days from first activation).
2.5 Email Address
Your email address is collected at the time of purchase. It is used solely to deliver your license key, send license-related communications (such as renewal reminders or policy updates), and associate your license with your account. We do not use your email for marketing purposes. You will not be added to any mailing list without explicit consent. Newsletter subscription, if available on noema.tools, is a separate and independent opt-in.
3. What Data We Do Not Collect
We do not collect, transmit, or store: — Any content you create in Noema (sessions, atoms, queries, AI responses) — Your AI provider API keys — Usage statistics or behavioral analytics — Device information beyond the Machine ID described above — Any data from AI model responses
4. Third-Party AI Providers
Noema allows you to connect to third-party AI model providers using your own API keys or credentials. These connections are initiated by you, made directly from your device to the provider servers, and are entirely outside our control.
4.1 Nature of the connection
When you send a query to an AI provider through Noema, the following data leaves your device and goes directly to that provider: your query text, any context you include, and your API key. Noema does not intercept, store, or log this data.
4.2 International data transfers
AI providers such as Anthropic (USA), OpenAI (USA), and Google (USA) are located outside the European Economic Area. When you use your own API key to connect to these services, you are initiating a direct data transfer to a non-EEA country. This transfer is made under your control, on your initiative, pursuant to Article 49(1)(b) GDPR. We are not the data controller for these transfers. You are acting directly as the data subject initiating the transfer. We recommend reviewing the privacy policies of any AI provider you use: — Anthropic: anthropic.com/privacy — OpenAI: openai.com/privacy — Google: policies.google.com/privacy
4.3 AI output disclaimer
AI model responses may contain errors, inaccuracies, or outdated information. Noema is not responsible for the content of responses generated by third-party AI models. You are responsible for verifying any information before acting on it.
5. Payment Processing
Purchases are processed by Stripe (Stripe, Inc. / Stripe Payments Europe, Ltd.). When you purchase a license, your payment data is transmitted directly to Stripe — we do not receive or store your credit card details. Stripe receives your payment information and may receive your email address and billing details as part of the transaction. Stripe's processing is governed by their own privacy policy, available at stripe.com/privacy. We receive from Stripe only confirmation of payment and the email address associated with the transaction, which we use solely for license delivery as described in section 2.5.
6. Legal Basis for Processing (GDPR)
The processing of license key, Machine ID, and validation timestamps is based on Article 6(1)(b) GDPR — processing necessary for the performance of a contract (the license agreement between you and Noema). IP address processing during server communication is based on Article 6(1)(f) GDPR — legitimate interest in operating a secure and functional license server.
7. Data Retention
License key and Machine ID history: retained for the duration of your license plus 12 months after expiry, then deleted. Email address: retained for the duration of your license plus 12 months after expiry, then deleted. Validation timestamps: retained for the duration of your license. Server access logs (including IP): maximum 30 days, then automatically purged.
8. Your Rights (GDPR)
As a data subject under GDPR, you have the right to: — Access the personal data we hold about you — Rectification of inaccurate data — Erasure of your data (subject to contractual obligations) — Restriction of processing — Data portability — Object to processing To exercise any of these rights, contact: privacy@lightweb.it We will respond within 30 days.
9. Data Security
All data transmitted between the Noema application and our license server is encrypted via HTTPS/TLS. Machine IDs are transmitted in encrypted form. Our license server is hosted on lightweb.it infrastructure maintained by the data controller.
10. License Verification Frequency
Validation occurs: at first launch after installation, then silently every 30 days in the background. If validation fails due to network issues, a 7-day grace period applies. Validation does not interrupt your work — it runs silently and you will not notice it under normal conditions.
11. Changes to This Policy
We may update this Privacy Policy when the application changes. The current version is always available at noema.tools/legal/privacy and within the application. Continued use after changes constitutes acceptance.
12. Contact
For any privacy-related questions or requests: Paolo Tanzi — privacy@lightweb.it Partita IVA IT 02611230349 Noema Privacy Policy v1.0