Privacy Policy of Noema

1. Controller

The data controller for noema.tools and all associated products is Lightweb.it, VAT number IT 02611230349, based in Italy. For any privacy-related inquiry, contact us via the form available at noema.tools/about.

2. Scope

This Privacy Policy applies to the noema.tools website and to the following products: Noema (desktop app), Pragma (desktop app, open source), Morphē (web app and npm package), and the Noema Chrome Extension.

The λεξις (Lexis) formal language is distributed as an open-access academic paper via Zenodo. It is not a software application and does not collect any personal data.

Each product has its own dedicated legal page. This document covers data processed at the site level and provides an overview of the data practices common to all products.

3. Data We Collect

We collect only the data strictly necessary to operate the site and respond to user requests. No data is collected through product downloads or application usage, unless explicitly described below.

4. Local-First Architecture

All noema.tools desktop products (Noema, Pragma) follow a strict local-first model. Application data — including sessions, AI outputs, and any user-generated content — is stored exclusively on the user's device (SQLite database). No usage data, telemetry, or application-level information is transmitted to Lightweb.it servers.

No account creation is required to use any free product.

API keys entered by the user (for Anthropic, OpenAI, or Google AI services) remain on the user's device and are never transmitted to or stored by Lightweb.it. AI calls are made directly from the user's device to the respective AI provider.

5. Third-Party AI Providers

Noema and Morphē allow users to connect to third-party AI APIs using their own credentials. When a user configures and uses such an integration, data is transmitted directly from the user's device to the chosen provider. Lightweb.it has no visibility into these calls.

The following providers may be involved depending on user configuration:

— Anthropic (Claude API): subject to Anthropic's Privacy Policy at anthropic.com/privacy

— OpenAI (GPT-4o / ChatGPT API): subject to OpenAI's Privacy Policy at openai.com/privacy

— Google (Gemini API): subject to Google's Privacy Policy at policies.google.com/privacy

Users are responsible for reviewing and complying with the privacy policies of any AI provider they choose to use.

6. Noema Chrome Extension

The Noema Chrome Extension extracts text content from web pages (using Readability.js) upon user action and sends it to the Noema desktop application running locally on port 11420. No data is transmitted to remote servers. The extension communicates exclusively with the local application.

The extension requests the following browser permissions: access to the active tab (to extract page content), and access to localhost (to communicate with the Noema desktop app). No browsing history or page content is stored by the extension itself.

7. Morphē — Proxy Plan

Morphē offers an optional paid proxy plan that enables managed AI access and shareable read-only diagram links. When using the proxy plan, snapshot data (diagram content) may be temporarily processed by Lightweb.it infrastructure to generate shareable links. No persistent user profiling is performed.

Payment processing is handled by a third-party provider. Lightweb.it does not store full payment card details. The specific payment processor and its privacy policy will be disclosed at the point of purchase.

8. Cookies

noema.tools does not use tracking cookies or advertising cookies. The site may use technical cookies strictly necessary for navigation.

If third-party assets (such as fonts or CDN-hosted libraries) are loaded, they may set their own cookies or log requests according to their own privacy policies. We aim to minimize third-party asset loading. No third-party analytics platform (e.g., Google Analytics) is currently active on this site.

9. Legal Basis and GDPR Rights

Lightweb.it is established in Italy and processes personal data in compliance with the EU General Data Protection Regulation (GDPR – Regulation 2016/679).

Data collected via the contact form is processed on the basis of your consent (Article 6(1)(a) GDPR) and our legitimate interest in responding to inquiries (Article 6(1)(f) GDPR).

As a data subject under GDPR, you have the following rights: access to your data (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and the right to object (Art. 21).

To exercise any of these rights, contact us via the form at noema.tools/about. We will respond within 30 days. If you believe your rights have been violated, you may lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali — garante.it).

10. Data Retention

Contact form submissions are retained for as long as necessary to manage the relevant inquiry and for a reasonable period thereafter, not exceeding 24 months. You may request deletion at any time.

Server access logs are retained for a maximum of 90 days and then permanently deleted.

Application data stored locally by desktop products is under the full control of the user and is deleted by uninstalling the application or removing the local database file.

11. Minors

noema.tools products are professional tools intended for users 18 years of age or older. We do not knowingly collect personal data from minors. If you believe a minor has submitted data through our contact form, please notify us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. When we do, the 'Last Updated' date at the top of this page will be revised. Material changes will be announced on the noema.tools changelog page.

Continued use of the site or products after any update constitutes acceptance of the revised policy.