NovaSupplier
Join now
Back to home·Hub·Terms of Service

NovaSupplier

Privacy Policy

Effective date: April 15, 2026

Data Controller: NovaSupplier, Unipessoal Limitada, NIF 518714969

Address: Largo dos Bombeiros Voluntarios de Ovar, n 10, Sala 204, 3880-133 Ovar, Portugal

Contact: contact@novasupplier.com

1. Introduction

NovaSupplier, Unipessoal Limitada is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the NovaSupplier platform at www.novasupplier.com.

This policy is compliant with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Portuguese data protection law. We act as the Data Controller for personal data processed through our platform.

2. Data We Collect

2.1 Account and Registration Data

  • Full name
  • Email address
  • Company name and role (Brand or Supplier)
  • Country and address
  • Phone number (optional)
  • Password (stored in encrypted form; we never store plain-text passwords)

2.2 Business Profile Data

For Brands: brand positioning, target market, manufacturing experience, sell channels.

For Suppliers: legal info (registered company name, tax id, address), manufacturing capabilities, product categories, minimum order quantities, certifications, production lead times, profile photos, and product images.

2.3 Project and Transaction Data

  • Sourcing project details including product description, materials, volumes, and budget
  • Quote data including pricing, lead times, and conditions
  • Order data including quantities, values, delivery addresses, and timelines
  • Messages exchanged between Brands and Suppliers through the platform messaging system

2.4 Payment and Identity Verification Data

For payment processing and identity verification, we use Stripe, Inc. When Suppliers connect a payment account, Stripe collects government-issued identity documents, bank account or IBAN details, and tax identification numbers.

This data is processed directly by Stripe and is required by law under the EU Payment Services Directive (PSD2) and anti-money laundering regulations. NovaSupplier does not store copies of identity documents on our servers.

2.5 Usage and Technical Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on the platform
  • Referral source

3. Legal Basis for Processing

  • Contract performance (Article 6(1)(b)): Processing necessary to provide the platform services you have requested, including account management, project creation, quoting, ordering, and payments.
  • Legal obligation (Article 6(1)(c)): Processing required to comply with applicable laws, including identity verification under PSD2 and anti-money laundering regulations.
  • Legitimate interests (Article 6(1)(f)): Processing for fraud prevention, platform security, and improving our services.
  • Consent (Article 6(1)(a)): Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

4. How We Use Your Data

  • Create and manage your account
  • Provide and improve platform features
  • Match brands with suitable manufacturers
  • Process quotes, orders, and payments
  • Send transactional emails (notifications, confirmations, alerts)
  • Prevent fraud and ensure platform security
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce our Terms of Service
  • Conduct anonymised analytics to understand platform usage

5. How We Share Your Data

We do not sell your personal data.

5.1 Between Platform Users

When a Brand creates a sourcing project, relevant details are shared with matched Suppliers. When a Supplier submits a quote, their profile and quote details are shared with the relevant Brand. Users are aware of and consent to this sharing as part of using the platform.

5.2 Service Providers

  • Stripe, Inc.: payment processing and identity verification
  • Vercel: platform hosting and infrastructure
  • Resend: transactional email delivery
  • Supabase / Railway: database hosting (EU region)

All service providers are bound by data processing agreements and may only process your data for specified purposes.

5.3 Legal Requirements

We may disclose your data to law enforcement or regulatory authorities when required by applicable law or court order.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of our business, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

6. Data Retention

  • Account data: retained for the duration of your account and for 3 years after account closure
  • Transaction and order data: retained for 10 years to comply with Portuguese and EU tax obligations
  • Project and messaging data: retained for 5 years after the last activity
  • Technical and usage logs: retained for 12 months
  • Identity verification data processed by Stripe: governed by Stripe's retention policies

7. International Data Transfers

Your data may be transferred outside the European Economic Area. When this occurs, we ensure appropriate safeguards are in place, including adequacy decisions by the European Commission and Standard Contractual Clauses. Stripe operates in the United States under the EU-US Data Privacy Framework.

8. Your Rights Under the GDPR

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): Request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing (Article 18): Request that we limit how we process your data.
  • Right to data portability (Article 20): Request your data in a structured, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interests.

To exercise any of these rights, contact us at contact@novasupplier.com. We will respond within 30 days. If you are not satisfied, you may lodge a complaint with the CNPD at www.cnpd.pt.

9. Cookies

We use essential cookies required for the platform to function (authentication sessions, security tokens) and analytics cookies. You can manage cookie preferences through your browser settings.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit, encrypted password storage, access controls, and regular security reviews.

In the event of a personal data breach posing a risk to your rights, we will notify the CNPD within 72 hours and affected users without undue delay, as required by Article 33 of the GDPR.

11. Children's Privacy

NovaSupplier is a B2B platform intended for businesses and professionals. We do not knowingly collect personal data from individuals under 18. If we become aware of such data, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the platform.

13. Contact

NovaSupplier, Unipessoal Limitada
Largo dos Bombeiros Voluntarios de Ovar, n 10, Sala 204, 3880-133 Ovar, Portugal
Email: support@novasupplier.com
Website: www.novasupplier.com

Portuguese Data Protection Authority (CNPD): Rua de Sao Bento, 148-3, 1200-821 Lisboa www.cnpd.pt

Last updated: April 15, 2026

Hub·About·Guides·Suppliers·Blog·Privacy·Terms·support@novasupplier.com