Privacy Policy
Last updated: July 6, 2026
This Privacy Policy explains how NobleRise Digital Marketing (“NobleRise,” “we,” “us,” “our”) collects, uses, discloses, retains, and protects personal information, and the rights you have. It applies to our marketing website, our subscription platform and dashboards (the “Service”), and our connected integrations. We act as a business / data controller for our own account holders and website visitors, and as a service provider / data processor for the client and end-customer data our account holders manage through the Service.
Company details: NobleRise Digital Marketing [insert registered legal entity, e.g. “NobleRise Digital Marketing LLC”], [business mailing address, City, State ZIP]. Privacy contact: privacy@noblerise.com. We are based in the United States (Montana).
1. Information we collect
We collect the following categories of personal information:
- Identifiers & account data: name, email, hashed password, role, job title, phone, extension, work email.
- Employer / HR data (only if you use those features): compensation, time-off, availability, payroll and accounting entries you input.
- Clients you manage: business name, website, category, location, contacts, monthly fee, and the marketing data generated for them (audits, rankings, ROI).
- Leads & contacts: contact details captured through your website forms, call/chat tools, and the AI agents.
- Commercial / usage data: subscription and plan status, feature usage, and support requests.
- First-party website analytics: anonymous visit, click, phone-tap, and sale/conversion events on sites where you install our tag — using random first-party IDs. We do not operate cross-site tracking or third-party identity graphs.
- Payment data: processed by Stripe; we store a customer ID and subscription status and never store full card numbers.
- Connected-account data: tokens and data you authorize us to access from third parties (e.g. Google — see Section 4), stored encrypted at rest.
- Device & log data: IP address, browser type, and security/audit logs, used to operate and secure the Service.
Sources: directly from you; automatically from your use of the Service; from your website visitors (via the tag you install); and from third-party services you connect (e.g. Google, Stripe).
2. How we use information & our legal bases
We use personal information to: provide and operate the Service and the tools you request; process billing, payroll and accounting you enter; find, capture, and follow up on leads on your behalf; generate audits, content, and reports; send transactional and service messages; provide support; secure and improve the Service; and comply with legal obligations.
Where the EU/UK GDPR applies, our legal bases are: performance of a contract (to deliver the Service), legitimate interests (to secure, improve, and operate the Service), consent (where required, e.g. certain communications — withdrawable at any time), and legal obligation.
We do not sell personal information, we do not “share” it for cross-context behavioral advertising, and we do not use client, lead, or connected-account data to train third-party AI models beyond carrying out your specific request.
3. Google user data & Limited Use
When you connect a Google account, we access only the data needed for the feature you enable, using Google OAuth. Depending on the features you turn on, this may include:
- Google Analytics (GA4) — read-only traffic metrics, to show your website performance and ROI.
- Google Search Console — read-only search clicks, impressions, and query/position data, to report and improve your search visibility.
- Google Ads — campaign, spend, and performance data (and, where you authorize it, ad-management actions), to analyze, report, and optimize your advertising.
- Google Business Profile — profile, review, and post data, to manage your local presence (where enabled).
How we handle it: Google data is used only to provide these user-facing features to you; it is stored encrypted at rest and access is restricted to your organization under role-based controls; it is not used for advertising; it is not sold or transferred to third parties except sub-processors that help deliver the feature (Section 5), to comply with law, or as part of a business transfer with notice; and it is deleted or de-identified when you disconnect the integration or close your account, subject to legal retention. You can revoke our access at any time in your Google Account permissions or by contacting us.
NobleRise's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not use Google user data for serving ads, we do not sell it, we do not transfer it except as needed to provide or improve user-facing features, to comply with applicable law, or as part of a merger/acquisition (with notice), and we do not allow humans to read it except with your consent, for security/abuse/legal reasons, or where the data has been aggregated and anonymized.
4. Automated processing & AI
5. How we share information & sub-processors
We disclose personal information only to service providers/processors that help us run the Service, each under a contract limiting their use of the data:
- Stripe — payments & billing.
- Anthropic and Perplexity — AI generation and live research.
- Google — Analytics, Search Console, Ads, Business Profile, Places (per Section 3).
- Resend — transactional & campaign email; Twilio / Vapi — SMS/voice (if enabled); CallRail — call tracking (if enabled).
- Railway (or our then-current hosting/infrastructure provider) — application & database hosting.
We may also disclose information to comply with law or valid legal process, to enforce our terms, to protect rights and safety, or in connection with a merger, acquisition, or asset sale (with notice as required). We maintain a current sub-processor list and sign a Data Processing Agreement (DPA) with each provider. We do not sell or share personal information for cross-context behavioral advertising.
6. Data retention
7. How we protect information
- Encryption in transit (HTTPS enforced via HSTS) and encryption at rest for sensitive stored secrets and OAuth tokens (AES-256-GCM).
- Passwords hashed with bcrypt; optional two-factor authentication (TOTP).
- Role-based, least-privilege access control; every page and API is access-checked; multi-tenant isolation between organizations.
- Login brute-force throttling, input validation, SSRF protection, security headers/CSP, and an audit log of sensitive actions.
- API keys stored as hashes, rate-limited and revocable; webhooks are signed.
8. Your privacy rights
Everyone. You may request to access, correct, delete, or export your personal information, and to object to or restrict certain processing. Account holders can also edit or delete clients and employees directly in the platform, and admins can fulfil export/erasure requests in the Data & Privacy console.
EU / UK (GDPR). You have the rights of access, rectification, erasure, restriction, data portability, objection, and to withdraw consent, and to lodge a complaint with your supervisory authority.
California (CCPA/CPRA). You have the right to know/access, delete, and correct your personal information; to opt out of the “sale” or “sharing” of personal information and to limit the use of sensitive personal information; and to non-discrimination for exercising your rights. We do not sell or share personal information, and we do not use sensitive personal information for purposes requiring a limitation right. You may use an authorized agent to submit requests.
Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other US state laws. Residents of states with comprehensive privacy laws have rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale, and certain profiling. Montana residents (Montana Consumer Data Privacy Act) and residents of other states also have these rights. If we deny a request, you may appeal by replying to our decision; we will respond to appeals within the time your law requires.
How to exercise your rights. Email privacy@noblerise.com (or use the in-app Data & Privacy console). We will verify your identity, respond within the timeframe your law requires (generally 45 days, extendable where permitted), and will not discriminate against you for exercising your rights.
9. Do Not Sell or Share / Limit Use of Sensitive Information
10. International data transfers
11. Cookies & tracking
12. Children
13. Third-party links
14. Data breach notification
15. Changes to this policy
16. Contact us
This policy describes the Service's actual technical and operational practices and is written to align with the Google API Services User Data Policy (Limited Use), CAN-SPAM, the TCPA, the CCPA/CPRA, and other US state privacy laws and the GDPR. It is provided for convenience and is not legal advice. Insert your registered legal entity name and address in the bracketed fields, and have a qualified attorney review and adapt it to your business and jurisdiction before you rely on it.