noBGP.com (the"Site") is owned and operated by noBGP. noBGP is the data controller and processes your personal data in accordance with applicable privacy laws.For all privacy-related inquiries, contact us at privacy@noBGP.com
This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our Site and Services. This policy applies to all users of noBGP services and is supplemental to our Terms of Service.
We comply with:
General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 for users in the European Union
UK GDPR as enshrined in the Data Protection Act 2018 for users in the United Kingdom
California Consumer Privacy Act(CCPA) and California Privacy Rights Act (CPRA) for California residents
By using our Site and Services,you consent to the data practices described in this Privacy Policy. You may withdraw your consent at any time by contacting privacy@noBGP.com. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.
We collect only the personal data necessary to provide and improve our Services. We will notify you before collecting any data beyond what is described below.
When you visit our Site, we automatically collect:
IP address and general location information (city/region level)
Device and browser information(operating system, browser type, device identifiers)
Usage data (pages viewed, links clicked, time spent on Site)
Cookies and similar tracking technologies (see Section 8)
You may provide the following data when using our Services:
Account information (name, email address, phone number)
Communications (when you subscribe to our newsletter or submit contact forms)
Payment information (processed by third-party payment processors; we do not store full payment card details)
When you use our LLM integration feature to manage noBGP-enabled devices, we collect:
User prompts and commands directed to your noBGP-enabled devices
Device response data and execution logs
Command execution metadata(timestamps, success/failure status)
Device access credentials and authentication tokens, authentication credentials are not stored
When you use LLM services (such as OpenAI ChatGPT or Anthropic Claude) with noBGP, your prompts are transmitted through the LLM provider you select. These providers act as independent data controllers for the prompts they receive. We recommend reviewing their privacy policies:
OpenAI Privacy Policy: https://openai.com/privacy
Anthropic Privacy Policy: https://www.anthropic.com/privacy
We only receive and temporarily store the portions of your LLM conversations that involve commands to your noBGP-enabled devices. We do not have access to your full LLM conversation history.
We use your personal data only for the purposes specified in this Privacy Policy and as disclosed when we collect the data.
We use automatically collected data to:
Analyze Site usage patterns and generate aggregate statistics
Improve Site functionality and user experience
Detect and prevent security threats and fraudulent activity
Optimize Site performance and technical infrastructure
We use data you provide to:
Create and manage your account
Respond to your inquiries and provide customer support
Send service-related communications (with your consent for marketing communications)
Process payments and maintain transaction records
We use LLM integration data to:
Facilitate real-time communication between LLM services and your noBGP-enabled devices
Execute commands on your devices as directed by your prompts
Troubleshoot technical issues and debug service failures
Generate anonymized usage metrics and insights to improve features (after removing all personally identifiable information)
Under GDPR, we process your personal data based on the following legal grounds:
Consent: You have explicitly agreed to our processing of your data for specific purposes (e.g., marketing communications, LLM integration services)
Contract Performance: Processing is necessary to provide the Services you requested and fulfill our contractual obligations
Legal Obligation: Processing is required to comply with applicable laws and regulations
Legitimate Interests:Processing is necessary for our legitimate business interests, specifically to maintain Site security, prevent fraud, analyze service performance for operational improvements, and develop new features based on usage patterns.These interests do not override your fundamental rights and freedoms.
We do not sell your personal data. We share your data only in the following limited circumstances:
We disclose your data to noBGP employees and contractors who require access to perform their job functions and provide Services to you. All personnel are bound by confidentiality obligations.
We share data with third-party service providers who perform services on our behalf:
Cloud hosting and infrastructure providers
Payment processors (who act as independent data controllers)
Analytics and performance monitoring services
Customer support and communication platforms
These service providers act as data processors and are contractually obligated to protect your data and use it only for specified purposes.
We disclose your data when required by law or to:
Comply with legal obligations,court orders, or valid legal processes
Enforce our Terms of Service and protect our legal rights
Prevent fraud, security threats,or illegal activity
Protect the safety and rights of noBGP, our users, or the public
If noBGP is involved in a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your data.
Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. When we transfer data from the EU or UK to other countries, we use Standard Contractual Clauses (SCCs) approved by the European Commission and implement additional safeguards to ensure adequate protection of your data.
We retain your personal data for the following periods unless a longer retention period is required by law:
Account data: Retained while your account is active and for 24 months after account closure or last activity
Transaction records: Retained for 7 years to comply with financial and tax regulations
LLM integration data: Stored for7 days maximum for troubleshooting purposes, then permanently deleted
Anonymized analytics data:Retained indefinitely after removal of all personally identifiable information
Marketing communications:Retained until you unsubscribe or request deletion
We will notify you if we need to retain your data longer than these periods for legal compliance or dispute resolution.
We implement technical and organizational security measures to protect your data, including:
Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
Access Controls: Role-based access controls and multi-factor authentication for internal systems
Monitoring: Continuous security monitoring and intrusion detection systems
Pseudonymization: Personal identifiers are pseudonymized in analytics and logging systems where feasible
Regular Audits: Periodic security assessments and vulnerability testing
Staff Training: Regular security and privacy training for all personnel with data access
While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your data transmitted over the Internet.
Your privacy rights vary based on your location. We honor all applicable rights regardless of jurisdiction.
If you are located in the EU or UK, you have the following rights:
Right to Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
Right to Restrict Processing:Request temporary suspension of data processing
Right to Data Portability:Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent:Withdraw consent at any time where processing is based on consent
If you are a California resident, you have the following rights:
Right to Know: Request disclosure of personal information we collect, use, disclose, or sell
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt out of the sale or sharing of personal information (note: we do not sell personal information)
Right to Limit Sensitive Data:Limit use of sensitive personal information to necessary purposes
Right to Non-Discrimination:Exercise your rights without discriminatory treatment
Categories of personal information collected (last 12 months):
Identifiers: Name, email, IP address, device identifiers
Commercial Information: Purchase history, payment information
Internet Activity: Browsing history, Site interactions, clicked links
Geolocation Data: General location (city/region level)
User-Generated Content: Device commands, prompts sent through LLM integration
Inferences: User preferences derived from usage patterns
Sensitive personal information collected:
Account credentials (username,email, passwords - encrypted)
Precise geolocation (only if you enable location services)
Financial account information(for payment processing)
Device access credentials and authentication tokens (encrypted)
Sale/Sharing: We do not sell personal information for monetary consideration. We have not sold personal information in the past 12 months and do not share personal information for cross-context behavioral advertising.
To exercise any of your privacyrights:
Email: privacy@noBGP.com
Online Form:www.nobgp.com/contact
We will verify your identity using information in our records before processing your request. We respond within 30 days (GDPR) or 45 days (CCPA), extendable by an additional 30-45 days for complex requests. You will receive confirmation of your request and regular updates on its status.
California residents may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization signed by you or a valid power of attorney. We may require you to verify your identity directly with us before processing the request.
We use cookies and similar tracking technologies to collect data about your Site usage and preferences. A cookie is a small text file stored on your device by your browser.
Essential Cookies: Required for Site functionality (account authentication, security features). These cookies do not require consent.
Functional Cookies: Remember your preferences and settings for future visits. Requires opt-in consent under GDPR.
Analytical Cookies: Collect aggregated data about Site usage to improve functionality and user experience.Requires opt-in consent under GDPR.
Third-Party Cookies: Set by external services (analytics providers, performance monitoring tools) to track usage and improve services. Requires opt-in consent under GDPR.
You can manage cookie preferences through our cookie consent banner when you first visit the Site or through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Note that disabling cookies may limit Site functionality and degrade your user experience. Disabling essential cookies may prevent you from using certain features of the Site. Your consent choices are stored using a Consent Management Platform(MCP) that records when and how you gave or withdrew consent.
You can update or withdraw your cookie preferences at any time by clicking‘Update Cookie Consent’ on https://www.nobgp.com/legal/privacy
Under EU and UK law, we obtain your explicit opt-in consent before placing non-essential cookies on your device.
Our Services are not directed to children. We do not knowingly market to or solicit data from minors. We do not knowingly collect personal data from children under 13 years of age (United States - COPPA) or under 16 years of age (EU/UK - GDPR). If we learn we have collected data from a child below these age thresholds, we will delete the data immediately. If you believe a child has provided us with personal data, contact us at privacy@noBGP.com
We recognize and respond to Global Privacy Control (GPC) signals from California residents. When we detect a GPC signal from your browser, we treat it as a request to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
We do not currently respond to"Do Not Track" (DNT) browser signals because there is no accepted industry standard for DNT compliance.
You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting privacy@noBGP.com. You will continue to receive transactional and service-related communications necessary for your use of the Services.
Our Site may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We recommend reviewing the privacy policies of any third-party sites you visit.
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.We will update the "Effective Date" at the top of this policy and notify you of material changes by email or prominent notice on our Site at least 30 days before the changes take effect. Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.
If you have concerns about how we handle your personal data, please contact us at privacy@noBGP.com so we can address your concerns. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:
EU/EEA: Contact your national Data Protection Authority
UK: Information Commissioner's Office (ICO) - www.ico.org.uk
California Privacy Protection Agency (CPPA) – cppa.ca.gov
California: California Attorney General's Office - www.oag.ca.gov
For all privacy-related questions, requests, or concerns:
Email: privacy@noBGP.com
Contact Form:www.nobgp.com/contact
Data Controller: noBGP
