← Back to Home

Privacy Policy

🌐 العربية

Last updated: May 11, 2026

This policy applies to the Nova Android app and web dashboard

Overview

Nova by Steven Solutions ("Nova", "we", "us", or "our") provides real-time GPS location tracking services for families and businesses through the Nova Android application and web dashboard at nova.steven-solutions.com.

This Privacy Policy explains what information we collect, why we collect it, how we use it, who can see it, and your rights regarding your data. By using Nova, you agree to the practices described in this policy.

Data We Collect

We collect the following categories of information:

Account Information

  • Full name and email address — provided via Google Sign-In or Microsoft Sign-In
  • Profile picture from your Google or Microsoft account
  • Account ID from your identity provider, used to authenticate your session

Location Data

  • Precise GPS coordinates (latitude and longitude) — collected continuously in the background while the app is active on member devices
  • Location timestamps, movement speed, and GPS accuracy
  • Full movement history stored for a period determined by your subscription plan
  • Location data is collected only from users in the member role. Owners and viewers do not have their location collected unless they are also a member in a separate group

Device Information

  • Battery level and charging state — collected alongside location and displayed to group owners
  • GPS on/off status
  • Firebase Cloud Messaging (FCM) token — used to deliver push notifications
  • App version and device operating system version

Speed Violation Records (Business and Enterprise plans)

  • GPS coordinates, recorded speed, posted road speed limit, and timestamp for each detected road speed violation
  • These records are stored separately from general location history and are used to generate the speed violation history view

Attendance Records (Business and Enterprise plans)

  • Sign-in and sign-out timestamps for each work session
  • GPS coordinates at the moment of sign-in and sign-out
  • Duration of each attendance session

Usage and Alert Data

  • Alert events such as geofence zone crossings, speed limit breaches, low battery notifications, and crash detections
  • Subscription and billing status managed through Google Play Billing

How We Use Your Data

  • Provide the service — display real-time member locations on the group owner's map and web dashboard
  • Location history — store movement history so owners can review past routes and locations
  • Alerts and notifications — send push notifications when geofence zones are entered or exited, speed thresholds are exceeded, battery is low, or other alert conditions are met
  • Road speed monitoring — detect when a member's speed exceeds the posted road speed limit and record the violation for the owner's review
  • Attendance tracking — log daily sign-in and sign-out times and locations for Business and Enterprise accounts
  • Authentication — verify your identity via Google or Microsoft Sign-In on login
  • Billing — manage your subscription plan and payment status via Google Play
  • Service improvements — diagnose technical issues and improve app performance using anonymised usage statistics

We do not use your location data for advertising purposes and we do not sell your data to third parties.

We process personal data under the following legal bases (as required by GDPR, Egypt's PDPL, Saudi Arabia's PDPL, and similar laws):

  • Consent — members explicitly consent to location tracking when they accept a group invitation and grant location permission on their device. This is the primary legal basis for collecting GPS data. Consent can be withdrawn at any time by revoking location permission in Android Settings or asking the group owner to remove you from the group
  • Contract performance — processing is necessary to deliver the service you have subscribed to. For owners and paying subscribers, we process account and billing data to fulfil the contract
  • Legitimate interests — group owners have a legitimate interest in monitoring the safety and location of family members or employees, balanced proportionately against members' privacy rights. Members are aware they are being tracked as a condition of joining a group
  • Legal obligation — we may process or retain data where required to comply with applicable law or a lawful request from a competent authority

Data Sharing

We share data only as necessary to operate the service:

Within your group

  • Group owner — can see your real-time location, name, battery level, charging state, speed, GPS status, and full location history within your plan's retention window
  • Viewers (read-only co-watchers) — the group owner may grant one or more viewer accounts access to the same real-time location data and history that the owner can see. Viewers have read-only access and cannot modify any settings. Members are not individually notified when a viewer is added or removed. If you are a member and want to know who has viewer access to your data, contact your group owner

Third-party service providers

  • Google Maps Platform — used to render the interactive map. GPS coordinates are sent to Google Maps APIs when placing markers and rendering routes, subject to Google's Privacy Policy
  • Firebase (Google) — used for push notification delivery. FCM device tokens are processed by Google Firebase, subject to Google's Privacy Policy
  • Google Identity / Google Sign-In — used for authentication when signing in with a Google account
  • Microsoft Identity Platform (MSAL) — used for authentication when signing in with a Microsoft account, subject to Microsoft's Privacy Statement
  • HERE Routing API — used server-side to look up the posted road speed limit for a GPS coordinate when road speed monitoring is active. Only the GPS coordinate is sent; no personal identifiers are included. Subject to HERE's Privacy Policy
  • Nominatim (OpenStreetMap) — used server-side to convert GPS coordinates into human-readable addresses (reverse geocoding) for the web dashboard. Only the GPS coordinate is sent. Subject to the OpenStreetMap Foundation Privacy Policy
  • Google Play Billing — subscription and payment processing is handled by Google Play. We do not receive or store payment card details
  • Bunny Fonts (bunny.net) — used to serve web fonts on this website. Bunny Fonts is a GDPR-compliant font CDN that does not log or share personal data
  • Our servers — all location data, account information, and alert records are stored exclusively on our secure servers hosted at api.steven-solutions.com, running on AWS eu-north-1 (Stockholm, Sweden) within the European Union. Your data does not leave the EEA on our infrastructure

We do not share your personal data with advertisers, data brokers, or any other third parties beyond those listed above.

International Data Transfers

Your data stays in the EU on our infrastructure. All Nova servers and databases are located in AWS eu-north-1 (Stockholm, Sweden), within the European Economic Area. We do not replicate or transfer your data to servers outside the EEA.

However, some of our third-party service providers are headquartered outside the EEA and may process certain data (such as GPS coordinates for map rendering, push notification tokens, or sign-in credentials) on servers outside the EU. These providers operate under appropriate safeguards:

  • Google (Maps, Firebase, Sign-In) and Microsoft (Sign-In) are certified under the EU–US Data Privacy Framework and operate under EU Standard Contractual Clauses (SCCs), providing GDPR-equivalent protections for any data processed in the United States
  • HERE Technologies operates under SCCs for any data processed outside the EEA
  • Bunny Fonts is a European CDN that processes no personal data

For users in Egypt: Egypt's Personal Data Protection Law (PDPL, Law 151/2020) restricts cross-border data transfers. Your primary data is stored within the EU, which provides a level of protection comparable to Egypt's PDPL requirements. Third-party processors operate under SCCs as described above.

For users in Saudi Arabia: Saudi Arabia's Personal Data Protection Law (PDPL, effective 2023) requires appropriate safeguards for international transfers. Our third-party processors (Google, Microsoft) are DPF-certified and operate under SCCs. If you require a Data Processing Agreement specific to Saudi regulations, contact us at info@steven-solutions.com.

For users in the UAE and other Gulf states: Data is stored in the EU and third-party processors operate under internationally recognised transfer mechanisms (SCCs / DPF). No additional transfer restrictions apply under current UAE federal data protection law.

Data Retention

  • Location history — retained according to your subscription plan: Free: last 24 hours; Family / Family+ / Premium: 7–30 days; Business: 90 days; Enterprise: as configured for your account
  • Road speed violation records — retained for the same period as your plan's location history
  • Attendance records — retained for 90 days
  • Alert logs — the last 50 alerts per account are retained; older alerts are removed automatically
  • Account data — retained for as long as your account is active
  • On account deletion — all associated personal data including location history, violation records, attendance records, and alert logs is permanently and irreversibly deleted. Deletion is processed immediately. Enterprise accounts must contact us to request deletion

Security

We take the security of your data seriously:

  • All data is transmitted over HTTPS/TLS encrypted connections
  • Authentication tokens on Android devices are stored using Android's EncryptedSharedPreferences
  • Access to location data is strictly limited to the owner of the group the member belongs to, and any viewers the owner has explicitly authorised
  • JWT session tokens use per-platform versioning — signing out on web does not invalidate the mobile session, and vice versa
  • Our servers are hosted on AWS eu-north-1 (Stockholm, Sweden) — within the EU — with access controls, firewall rules, and monitoring in place

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at info@steven-solutions.com.

Children's Privacy

Nova is intended for users aged 13 and older. Nova may be used by parents or guardians to monitor the location of their minor children as part of a family group. In such cases, the parent or legal guardian is responsible for any necessary consent on behalf of the child.

We do not knowingly collect personal information directly from children under 13 without verifiable parental consent. If you believe a child under 13 has an account without parental consent, contact us and we will delete the account promptly.

Your Rights

Depending on your location (including rights under GDPR, UK GDPR, CCPA, and similar laws), you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Deletion — delete your account and all associated data through the app settings, or by contacting us. Deletion is blocked while an active paid subscription exists
  • Correction — request that we correct inaccurate data we hold about you
  • Opt-out of location tracking — members can stop sharing their location at any time by revoking the app's location permission in Android Settings, or by asking the group owner to remove them from the group
  • Know who can see your data — if you are a member, ask your group owner for a list of viewers who have read access to your location. You may contact us if the owner is unresponsive
  • Data portability — request an export of your location history
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at info@steven-solutions.com. We will respond within 30 days.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via the app or email.

Continued use of Nova after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: